# Flog Txt Version 1 # Analyzer Version: 2024.2.1 # Analyzer Build Date: Mar 23 2024 12:02:19 # Log Creation Date: 29.03.2024 05:50:27.975 Process: id = "1" image_name = "asd.exe" filename = "c:\\users\\keecfmwgj\\desktop\\asd.exe" page_root = "0x40e30000" os_pid = "0xe48" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x7dc" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\asd.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f74e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 111 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 112 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 113 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 114 start_va = 0x80000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 115 start_va = 0x77290000 end_va = 0x77438fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 116 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 117 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 118 start_va = 0x13f410000 end_va = 0x1400a3fff monitored = 1 entry_point = 0x13fa1184a region_type = mapped_file name = "asd.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\asd.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\asd.exe") Region: id = 119 start_va = 0x7feff5b0000 end_va = 0x7feff5b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 120 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 121 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 122 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 261 start_va = 0x180000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 262 start_va = 0x77170000 end_va = 0x7728efff monitored = 0 entry_point = 0x77185340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 263 start_va = 0x7fefd400000 end_va = 0x7fefd46bfff monitored = 0 entry_point = 0x7fefd402780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 264 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 265 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 266 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 267 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 268 start_va = 0x180000 end_va = 0x1e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 269 start_va = 0x260000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 270 start_va = 0x77070000 end_va = 0x77169fff monitored = 0 entry_point = 0x7708a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 271 start_va = 0x7feff0d0000 end_va = 0x7feff136fff monitored = 0 entry_point = 0x7feff0db03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 272 start_va = 0x7fefecf0000 end_va = 0x7fefecfdfff monitored = 0 entry_point = 0x7fefecf1080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 273 start_va = 0x7fefd5b0000 end_va = 0x7fefd678fff monitored = 0 entry_point = 0x7fefd62a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 274 start_va = 0x7fefd800000 end_va = 0x7fefd89efff monitored = 0 entry_point = 0x7fefd8025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 275 start_va = 0x7fefec10000 end_va = 0x7fefeceafff monitored = 0 entry_point = 0x7fefec30760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 276 start_va = 0x7fefe8e0000 end_va = 0x7fefe8fefff monitored = 0 entry_point = 0x7fefe8e60e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 277 start_va = 0x7fefef20000 end_va = 0x7feff04cfff monitored = 0 entry_point = 0x7fefef6ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 278 start_va = 0x360000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 279 start_va = 0x430000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 280 start_va = 0x50000 end_va = 0x78fff monitored = 0 entry_point = 0x51010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 281 start_va = 0x530000 end_va = 0x6b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 282 start_va = 0x50000 end_va = 0x78fff monitored = 0 entry_point = 0x51010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 283 start_va = 0x7fefed00000 end_va = 0x7fefed2dfff monitored = 0 entry_point = 0x7fefed01010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 284 start_va = 0x7fefed30000 end_va = 0x7fefee38fff monitored = 0 entry_point = 0x7fefed31064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 285 start_va = 0x6c0000 end_va = 0x840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 286 start_va = 0x850000 end_va = 0x1c4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 287 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 288 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 289 start_va = 0x1c50000 end_va = 0x23d5fff monitored = 1 entry_point = 0x225184a region_type = mapped_file name = "asd.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\asd.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\asd.exe") Region: id = 290 start_va = 0x1c50000 end_va = 0x1e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 291 start_va = 0x1c50000 end_va = 0x1d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 292 start_va = 0x1e20000 end_va = 0x1e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e20000" filename = "" Region: id = 293 start_va = 0x77440000 end_va = 0x77441fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000077440000" filename = "" Region: id = 294 start_va = 0x77450000 end_va = 0x77451fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000077450000" filename = "" Region: id = 295 start_va = 0x7fefa810000 end_va = 0x7fefa812fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Thread: id = 1 os_tid = 0xe4c [0046.503] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a0) returned 0x278da0 [0046.586] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x7, ProcessInformation=0x17f430, ProcessInformationLength=0x8, ReturnLength=0x0 | out: ProcessInformation=0x17f430, ReturnLength=0x0) returned 0x0 [0047.589] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x17f430, ProcessInformationLength=0x8, ReturnLength=0x17f430 | out: ProcessInformation=0x17f430, ReturnLength=0x17f430) returned 0xc0000353 [0047.590] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x17f430, ProcessInformationLength=0x8, ReturnLength=0x1 | out: ProcessInformation=0x17f430, ReturnLength=0x1) returned 0xc0000005 [0047.591] NtQueryInformationProcess (in: ProcessHandle=0x0, ProcessInformationClass=0x1e, ProcessInformation=0x17f430, ProcessInformationLength=0x8, ReturnLength=0x1 | out: ProcessInformation=0x17f430, ReturnLength=0x1) returned 0xc0000005 [0047.591] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x17f430, ProcessInformationLength=0x0, ReturnLength=0x1 | out: ProcessInformation=0x17f430, ReturnLength=0x1) returned 0xc0000005 [0047.592] NtSetInformationThread (ThreadHandle=0xfffffffffffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0047.592] NtQuerySystemInformation (in: SystemInformationClass=0x23, SystemInformation=0x17fe40, Length=0x2, ResultLength=0x0 | out: SystemInformation=0x17fe40, ResultLength=0x0) returned 0x0 [0047.592] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x17f508, Length=0x0, ResultLength=0x17f478 | out: SystemInformation=0x17f508, ResultLength=0x17f478*=0xc6e8) returned 0xc0000004 [0047.593] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18dd0) returned 0x278f50 [0047.593] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x278f50, Length=0x18dd0, ResultLength=0x0 | out: SystemInformation=0x278f50, ResultLength=0x0) returned 0x0 [0047.725] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278f50 | out: hHeap=0x260000) returned 1 [0047.760] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x7, ProcessInformation=0x17f7f0, ProcessInformationLength=0x8, ReturnLength=0x0 | out: ProcessInformation=0x17f7f0, ReturnLength=0x0) returned 0x0 [0047.761] NtSetInformationThread (ThreadHandle=0xfffffffffffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0047.762] NtOpenFile (in: FileHandle=0x17f650, DesiredAccess=0x80100080, ObjectAttributes=0x17f6f0*(Length=0x30, RootDirectory=0x0, ObjectName="\\??\\C:\\Users\\kEecfMwgj\\Desktop\\asd.exe", Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x17fb20, ShareAccess=0x3, OpenOptions=0x60 | out: FileHandle=0x17f650*=0x44, IoStatusBlock=0x17fb20*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0047.763] NtCreateSection (in: SectionHandle=0x17f678, DesiredAccess=0x4, ObjectAttributes=0x17f6f0*(Length=0x30, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), MaximumSize=0x0, SectionPageProtection=0x2, AllocationAttributes=0x8000000, FileHandle=0x44 | out: SectionHandle=0x17f678*=0x48) returned 0x0 [0047.764] NtMapViewOfSection (in: SectionHandle=0x48, ProcessHandle=0xffffffffffffffff, BaseAddress=0x17f568*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x17f640*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x2 | out: BaseAddress=0x17f568*=0x1c50000, SectionOffset=0x0, ViewSize=0x17f640*=0x786000) returned 0x0 [0047.872] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x1c50000) returned 0x0 [0048.000] NtClose (Handle=0x48) returned 0x0 [0048.001] NtClose (Handle=0x44) returned 0x0 [0048.001] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17f7a8*=0x13f4b4000, NumberOfBytesToProtect=0x17f798, NewAccessProtection=0x40, OldAccessProtection=0x17f55c | out: BaseAddress=0x17f7a8*=0x13f4b4000, NumberOfBytesToProtect=0x17f798, OldAccessProtection=0x17f55c*=0x20) returned 0x0 [0048.017] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17f7a8*=0x13f431000, NumberOfBytesToProtect=0x17f798, NewAccessProtection=0x4, OldAccessProtection=0x17f55c | out: BaseAddress=0x17f7a8*=0x13f431000, NumberOfBytesToProtect=0x17f798, OldAccessProtection=0x17f55c*=0x2) returned 0x0 [0048.018] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17f7a8*=0x13f411000, NumberOfBytesToProtect=0x17f798, NewAccessProtection=0x40, OldAccessProtection=0x17f55c | out: BaseAddress=0x17f7a8*=0x13f411000, NumberOfBytesToProtect=0x17f798, OldAccessProtection=0x17f55c*=0x20) returned 0x0 [0048.019] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17f7a8*=0x13f4b1000, NumberOfBytesToProtect=0x17f798, NewAccessProtection=0x4, OldAccessProtection=0x17f55c | out: BaseAddress=0x17f7a8*=0x13f4b1000, NumberOfBytesToProtect=0x17f798, OldAccessProtection=0x17f55c*=0x2) returned 0x0 [0048.020] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17f7a8*=0x13f4b3000, NumberOfBytesToProtect=0x17f798, NewAccessProtection=0x4, OldAccessProtection=0x17f55c | out: BaseAddress=0x17f7a8*=0x13f4b3000, NumberOfBytesToProtect=0x17f798, OldAccessProtection=0x17f55c*=0x2) returned 0x0 [0048.021] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17f7a8*=0x13f4e8000, NumberOfBytesToProtect=0x17f798, NewAccessProtection=0x4, OldAccessProtection=0x17f55c | out: BaseAddress=0x17f7a8*=0x13f4e8000, NumberOfBytesToProtect=0x17f798, OldAccessProtection=0x17f55c*=0x80) returned 0x0 [0048.021] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x3e6c) returned 0x278f50 [0048.702] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278f50 | out: hHeap=0x260000) returned 1 [0048.738] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.756] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.762] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.767] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.773] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.788] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.801] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.830] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.834] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.919] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.925] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.929] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.933] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.938] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.942] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.968] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0048.973] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0049.021] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0049.028] GetModuleHandleA (lpModuleName="NTDLL") returned 0x77290000 [0049.037] CloseHandle (hObject=0xdeadc0de) returned 0 [0049.038] RtlUnwindEx (TargetFrame=0x17f370, TargetIp=0x13ff1942c, ExceptionRecord=0x17f130, ReturnValue=0xffffffff80000004, ContextRecord=0x17e640, HistoryTable=0x17eb10) [0049.039] RtlUnwindEx (TargetFrame=0x17f370, TargetIp=0x13ff19475, ExceptionRecord=0x17f130, ReturnValue=0xffffffff80000004, ContextRecord=0x17e640, HistoryTable=0x17eb10) [0049.039] RtlUnwindEx (TargetFrame=0x17f370, TargetIp=0x13ff19553, ExceptionRecord=0x17f130, ReturnValue=0xffffffff80000004, ContextRecord=0x17e640, HistoryTable=0x17eb10) [0049.040] NtQuerySystemInformation (in: SystemInformationClass=0x4c, SystemInformation=0x17f5a8, Length=0x10, ResultLength=0x17f4dc | out: SystemInformation=0x17f5a8, ResultLength=0x17f4dc*=0x26269600000018) returned 0xc0000023 [0049.040] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x277430 [0049.041] NtQuerySystemInformation (in: SystemInformationClass=0x4c, SystemInformation=0x277430, Length=0x18, ResultLength=0x0 | out: SystemInformation=0x277430, ResultLength=0x0) returned 0x0 [0049.042] NtQuerySystemInformation (in: SystemInformationClass=0x4c, SystemInformation=0x17f5a8, Length=0x10, ResultLength=0x17f4c8 | out: SystemInformation=0x17f5a8, ResultLength=0x17f4c8*=0x20010) returned 0xc0000023 [0049.042] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20010) returned 0x278f50 [0049.043] NtQuerySystemInformation (in: SystemInformationClass=0x4c, SystemInformation=0x278f50, Length=0x20010, ResultLength=0x0 | out: SystemInformation=0x278f50, ResultLength=0x0) returned 0x0 [0049.051] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278f50 | out: hHeap=0x260000) returned 1 [0049.051] NtQuerySystemInformation (in: SystemInformationClass=0x4c, SystemInformation=0x17f5a8, Length=0x10, ResultLength=0x17f4c8 | out: SystemInformation=0x17f5a8, ResultLength=0x17f4c8*=0x20010) returned 0xc0000023 [0049.051] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20010) returned 0x278f50 [0049.052] NtQuerySystemInformation (in: SystemInformationClass=0x4c, SystemInformation=0x278f50, Length=0x20010, ResultLength=0x0 | out: SystemInformation=0x278f50, ResultLength=0x0) returned 0x0 [0049.059] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278f50 | out: hHeap=0x260000) returned 1 [0049.059] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x277430 | out: hHeap=0x260000) returned 1 [0049.060] NtQuerySystemInformation (in: SystemInformationClass=0x4c, SystemInformation=0x17f5a8, Length=0x10, ResultLength=0x17f4dc | out: SystemInformation=0x17f5a8, ResultLength=0x17f4dc*=0x26269600000014) returned 0xc0000023 [0049.060] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x277430 [0049.061] NtQuerySystemInformation (in: SystemInformationClass=0x4c, SystemInformation=0x277430, Length=0x14, ResultLength=0x0 | out: SystemInformation=0x277430, ResultLength=0x0) returned 0x0 [0049.061] NtQuerySystemInformation (in: SystemInformationClass=0x4c, SystemInformation=0x17f5a8, Length=0x10, ResultLength=0x17f4c8 | out: SystemInformation=0x17f5a8, ResultLength=0x17f4c8*=0x615) returned 0xc0000023 [0049.062] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x615) returned 0x278f50 [0049.063] NtQuerySystemInformation (in: SystemInformationClass=0x4c, SystemInformation=0x278f50, Length=0x615, ResultLength=0x0 | out: SystemInformation=0x278f50, ResultLength=0x0) returned 0x0 [0049.064] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278f50 | out: hHeap=0x260000) returned 1 [0049.064] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x277430 | out: hHeap=0x260000) returned 1 [0049.066] GetModuleHandleA (lpModuleName="sbiedll.dll") returned 0x0 [0049.067] NtQueryVirtualMemory (in: ProcessHandle=0xffffffffffffffff, Address=0x278da0, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x17f898, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x17f898*(BaseAddress=0x278000, AllocationBase=0x260000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3b000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0), ResultLength=0x0) returned 0x0 [0049.068] NtQueryVirtualMemory (in: ProcessHandle=0xffffffffffffffff, Address=0x1400a4000, VirtualMemoryInformationClass=0x0, VirtualMemoryInformation=0x17f898, Length=0x30, ResultLength=0x0 | out: VirtualMemoryInformation=0x17f898*(BaseAddress=0x1400a4000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0x7fdbd35c000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0), ResultLength=0x0) returned 0x0 [0049.146] NtQuerySystemInformation (in: SystemInformationClass=0x0, SystemInformation=0x17fdb0, Length=0x40, ResultLength=0x0 | out: SystemInformation=0x17fdb0, ResultLength=0x0) returned 0x0 [0049.146] NtQueryInformationProcess (in: ProcessHandle=0xffffffffffffffff, ProcessInformationClass=0x0, ProcessInformation=0x17fb40, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x17fb40, ReturnLength=0x0) returned 0x0 [0049.146] NtQueryInformationThread (in: ThreadHandle=0xfffffffffffffffe, ThreadInformationClass=0x0, ThreadInformation=0x17fb70, ThreadInformationLength=0x30, ReturnLength=0x0 | out: ThreadInformation=0x17fb70, ReturnLength=0x0) returned 0x0 [0049.146] NtSetInformationThread (ThreadHandle=0xfffffffffffffffe, ThreadInformationClass=0x4, ThreadInformation=0x17f4f0, ThreadInformationLength=0x8) returned 0x0 [0049.146] NtDelayExecution (Alertable=0, Interval=0x17f750*=0) returned 0x0 [0049.147] NtSetInformationThread (ThreadHandle=0xfffffffffffffffe, ThreadInformationClass=0x4, ThreadInformation=0x17f4f0, ThreadInformationLength=0x8) returned 0xc000000d [0049.148] NtDelayExecution (Alertable=0, Interval=0x17f750*=0) returned 0x0 [0049.150] NtSetInformationThread (ThreadHandle=0xfffffffffffffffe, ThreadInformationClass=0x4, ThreadInformation=0x17f4f0, ThreadInformationLength=0x8) returned 0xc000000d [0049.150] NtDelayExecution (Alertable=0, Interval=0x17f750*=0) returned 0x0 [0049.152] NtSetInformationThread (ThreadHandle=0xfffffffffffffffe, ThreadInformationClass=0x4, ThreadInformation=0x17f4f0, ThreadInformationLength=0x8) returned 0xc000000d [0049.152] NtDelayExecution (Alertable=0, Interval=0x17f750*=0) returned 0x0 [0049.154] NtSetInformationThread (ThreadHandle=0xfffffffffffffffe, ThreadInformationClass=0x4, ThreadInformation=0x17fb88, ThreadInformationLength=0x8) returned 0xc000000d [0049.159] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x17eeb0 | out: lpSystemTimeAsFileTime=0x17eeb0*(dwLowDateTime=0x1cd63d70, dwHighDateTime=0x1da819d)) [0049.160] GetCurrentProcessId () returned 0xe48 [0049.160] GetCurrentThreadId () returned 0xe4c [0049.160] GetTickCount () returned 0x11e5601 [0049.160] QueryPerformanceCounter (in: lpPerformanceCount=0x17eeb8 | out: lpPerformanceCount=0x17eeb8*=1889713548599) returned 1 [0049.160] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x1e20000 [0049.161] HeapSetInformation (HeapHandle=0x1e20000, HeapInformationClass=0x0, HeapInformation=0x17ee70, HeapInformationLength=0x4) returned 1 [0049.164] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x2c8) returned 0x1e24ba0 [0049.164] GetCurrentThreadId () returned 0xe4c [0049.164] GetCommandLineA () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\asd.exe\" " [0049.164] GetEnvironmentStringsW () returned 0x278f50* [0049.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1434, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1434 [0049.165] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x59a) returned 0x1e24e70 [0049.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1434, lpMultiByteStr=0x1e24e70, cbMultiByte=1434, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1434 [0049.165] FreeEnvironmentStringsW (penv=0x278f50) returned 1 [0049.165] GetStartupInfoA (in: lpStartupInfo=0x17ede0 | out: lpStartupInfo=0x17ede0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\asd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffffffffffff, hStdOutput=0xffffffffffffffff, hStdError=0xffffffffffffffff)) [0049.165] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0xb00) returned 0x1e25420 [0049.165] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0049.165] GetFileType (hFile=0x3) returned 0x2 [0049.166] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0049.166] GetFileType (hFile=0x7) returned 0x2 [0049.166] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0049.166] GetFileType (hFile=0xb) returned 0x2 [0049.167] SetHandleCount (uNumber=0x20) returned 0x20 [0049.167] GetLastError () returned 0x7e [0049.167] SetLastError (dwErrCode=0x7e) [0049.167] GetLastError () returned 0x7e [0049.167] SetLastError (dwErrCode=0x7e) [0049.167] GetLastError () returned 0x7e [0049.167] SetLastError (dwErrCode=0x7e) [0049.167] GetACP () returned 0x4e4 [0049.167] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x220) returned 0x1c5c4e0 [0049.167] GetLastError () returned 0x7e [0049.167] SetLastError (dwErrCode=0x7e) [0049.167] IsValidCodePage (CodePage=0x4e4) returned 1 [0049.167] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x17ed70 | out: lpCPInfo=0x17ed70) returned 1 [0049.167] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x17e810 | out: lpCPInfo=0x17e810) returned 1 [0049.167] GetLastError () returned 0x7e [0049.167] SetLastError (dwErrCode=0x7e) [0049.168] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x17e710 | out: lpCharType=0x17e710) returned 1 [0049.168] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ°_'", cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0049.168] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ°_'", cbMultiByte=256, lpWideCharStr=0x17e510, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȠ\x17") returned 256 [0049.168] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȠ\x17", cchSrc=256, lpCharType=0x17eb30 | out: lpCharType=0x17eb30) returned 1 [0049.168] GetLastError () returned 0x7e [0049.168] SetLastError (dwErrCode=0x7e) [0049.168] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0049.168] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ°_'", cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0049.168] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ°_'", cbMultiByte=256, lpWideCharStr=0x17e4f0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0049.168] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0049.168] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x17e2e0, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0049.168] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x17e930, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0049.168] GetLastError () returned 0x7e [0049.169] SetLastError (dwErrCode=0x7e) [0049.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0049.169] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cbMultiByte=256, lpWideCharStr=0x17e4f0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0049.169] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0049.169] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchSrc=256, lpDestStr=0x17e2e0, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0049.169] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x17ea30, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0049.169] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x13f4eba00, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\asd.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\asd.exe")) returned 0x22 [0049.169] GetLastError () returned 0x0 [0049.169] SetLastError (dwErrCode=0x0) [0049.169] GetLastError () returned 0x0 [0049.169] SetLastError (dwErrCode=0x0) [0049.169] GetLastError () returned 0x0 [0049.169] SetLastError (dwErrCode=0x0) [0049.169] GetLastError () returned 0x0 [0049.169] SetLastError (dwErrCode=0x0) [0049.169] GetLastError () returned 0x0 [0049.169] SetLastError (dwErrCode=0x0) [0049.169] GetLastError () returned 0x0 [0049.169] SetLastError (dwErrCode=0x0) [0049.169] GetLastError () returned 0x0 [0049.169] SetLastError (dwErrCode=0x0) [0049.170] GetLastError () returned 0x0 [0049.170] SetLastError (dwErrCode=0x0) [0049.170] GetLastError () returned 0x0 [0049.170] SetLastError (dwErrCode=0x0) [0049.170] GetLastError () returned 0x0 [0049.170] SetLastError (dwErrCode=0x0) [0049.170] GetLastError () returned 0x0 [0049.170] SetLastError (dwErrCode=0x0) [0049.170] GetLastError () returned 0x0 [0049.170] SetLastError (dwErrCode=0x0) [0049.170] GetLastError () returned 0x0 [0049.170] SetLastError (dwErrCode=0x0) [0049.170] GetLastError () returned 0x0 [0049.170] SetLastError (dwErrCode=0x0) [0049.170] GetLastError () returned 0x0 [0049.170] SetLastError (dwErrCode=0x0) [0049.170] GetLastError () returned 0x0 [0049.170] SetLastError (dwErrCode=0x0) [0049.170] GetLastError () returned 0x0 [0049.170] SetLastError (dwErrCode=0x0) [0049.170] GetLastError () returned 0x0 [0049.170] SetLastError (dwErrCode=0x0) [0049.170] GetLastError () returned 0x0 [0049.170] SetLastError (dwErrCode=0x0) [0049.171] GetLastError () returned 0x0 [0049.171] SetLastError (dwErrCode=0x0) [0049.171] GetLastError () returned 0x0 [0049.171] SetLastError (dwErrCode=0x0) [0049.171] GetLastError () returned 0x0 [0049.171] SetLastError (dwErrCode=0x0) [0049.171] GetLastError () returned 0x0 [0049.171] SetLastError (dwErrCode=0x0) [0049.171] GetLastError () returned 0x0 [0049.171] SetLastError (dwErrCode=0x0) [0049.171] GetLastError () returned 0x0 [0049.171] SetLastError (dwErrCode=0x0) [0049.171] GetLastError () returned 0x0 [0049.171] SetLastError (dwErrCode=0x0) [0049.171] GetLastError () returned 0x0 [0049.171] SetLastError (dwErrCode=0x0) [0049.171] GetLastError () returned 0x0 [0049.171] SetLastError (dwErrCode=0x0) [0049.171] GetLastError () returned 0x0 [0049.171] SetLastError (dwErrCode=0x0) [0049.171] GetLastError () returned 0x0 [0049.171] SetLastError (dwErrCode=0x0) [0049.171] GetLastError () returned 0x0 [0049.172] SetLastError (dwErrCode=0x0) [0049.172] GetLastError () returned 0x0 [0049.172] SetLastError (dwErrCode=0x0) [0049.172] GetLastError () returned 0x0 [0049.172] SetLastError (dwErrCode=0x0) [0049.172] GetLastError () returned 0x0 [0049.172] SetLastError (dwErrCode=0x0) [0049.172] GetLastError () returned 0x0 [0049.172] SetLastError (dwErrCode=0x0) [0049.172] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x33) returned 0x1e25f30 [0049.172] GetLastError () returned 0x0 [0049.172] SetLastError (dwErrCode=0x0) [0049.172] GetLastError () returned 0x0 [0049.172] SetLastError (dwErrCode=0x0) [0049.172] GetLastError () returned 0x0 [0049.172] SetLastError (dwErrCode=0x0) [0049.172] GetLastError () returned 0x0 [0049.172] SetLastError (dwErrCode=0x0) [0049.172] GetLastError () returned 0x0 [0049.172] SetLastError (dwErrCode=0x0) [0049.172] GetLastError () returned 0x0 [0049.172] SetLastError (dwErrCode=0x0) [0049.172] GetLastError () returned 0x0 [0049.173] SetLastError (dwErrCode=0x0) [0049.173] GetLastError () returned 0x0 [0049.173] SetLastError (dwErrCode=0x0) [0049.173] GetLastError () returned 0x0 [0049.173] SetLastError (dwErrCode=0x0) [0049.173] GetLastError () returned 0x0 [0049.173] SetLastError (dwErrCode=0x0) [0049.173] GetLastError () returned 0x0 [0049.173] SetLastError (dwErrCode=0x0) [0049.173] GetLastError () returned 0x0 [0049.173] SetLastError (dwErrCode=0x0) [0049.173] GetLastError () returned 0x0 [0049.173] SetLastError (dwErrCode=0x0) [0049.173] GetLastError () returned 0x0 [0049.173] SetLastError (dwErrCode=0x0) [0049.173] GetLastError () returned 0x0 [0049.173] SetLastError (dwErrCode=0x0) [0049.173] GetLastError () returned 0x0 [0049.173] SetLastError (dwErrCode=0x0) [0049.173] GetLastError () returned 0x0 [0049.173] SetLastError (dwErrCode=0x0) [0049.173] GetLastError () returned 0x0 [0049.173] SetLastError (dwErrCode=0x0) [0049.173] GetLastError () returned 0x0 [0049.174] SetLastError (dwErrCode=0x0) [0049.174] GetLastError () returned 0x0 [0049.174] SetLastError (dwErrCode=0x0) [0049.174] GetLastError () returned 0x0 [0049.174] SetLastError (dwErrCode=0x0) [0049.174] GetLastError () returned 0x0 [0049.174] SetLastError (dwErrCode=0x0) [0049.174] GetLastError () returned 0x0 [0049.174] SetLastError (dwErrCode=0x0) [0049.174] GetLastError () returned 0x0 [0049.174] SetLastError (dwErrCode=0x0) [0049.174] GetLastError () returned 0x0 [0049.174] SetLastError (dwErrCode=0x0) [0049.174] GetLastError () returned 0x0 [0049.174] SetLastError (dwErrCode=0x0) [0049.174] GetLastError () returned 0x0 [0049.174] SetLastError (dwErrCode=0x0) [0049.174] GetLastError () returned 0x0 [0049.174] SetLastError (dwErrCode=0x0) [0049.174] GetLastError () returned 0x0 [0049.174] SetLastError (dwErrCode=0x0) [0049.174] GetLastError () returned 0x0 [0049.175] SetLastError (dwErrCode=0x0) [0049.175] GetLastError () returned 0x0 [0049.175] SetLastError (dwErrCode=0x0) [0049.175] GetLastError () returned 0x0 [0049.175] SetLastError (dwErrCode=0x0) [0049.175] GetLastError () returned 0x0 [0049.175] SetLastError (dwErrCode=0x0) [0049.175] GetLastError () returned 0x0 [0049.175] SetLastError (dwErrCode=0x0) [0049.175] GetLastError () returned 0x0 [0049.175] SetLastError (dwErrCode=0x0) [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x128) returned 0x1c5c710 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x1f) returned 0x1e25f70 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x2b) returned 0x1c5c840 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x31) returned 0x1c5c880 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x3c) returned 0x1c5c8c0 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x31) returned 0x1c5c910 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x18) returned 0x1e25fa0 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x24) returned 0x1c5c950 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x14) returned 0x1c5c980 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0xd) returned 0x1c5c9a0 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x1a) returned 0x1c5c9c0 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x2e) returned 0x1c5c9f0 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x19) returned 0x1c5ca30 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x17) returned 0x1c5ca60 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0xe) returned 0x1c5ca80 [0049.175] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0xce) returned 0x1c5caa0 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x3e) returned 0x1c5cb80 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x1d) returned 0x1c5cbd0 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x49) returned 0x1c5cc00 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x12) returned 0x1c5cc60 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x18) returned 0x1c5cc80 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x1b) returned 0x1c5cca0 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x1e) returned 0x1c5ccd0 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x29) returned 0x1c5cd00 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x1e) returned 0x1c5cd40 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x6b) returned 0x1c5cd70 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x17) returned 0x1c5cdf0 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0xf) returned 0x1c5ce10 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x16) returned 0x1c5ce30 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x2a) returned 0x1c5ce50 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x29) returned 0x1c5ce90 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x16) returned 0x1c5ced0 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x13) returned 0x1c5cef0 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x1f) returned 0x1c5cf10 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x12) returned 0x1c5cf40 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x18) returned 0x1c5cf60 [0049.176] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x46) returned 0x1c5cf80 [0049.188] HeapFree (in: hHeap=0x1e20000, dwFlags=0x0, lpMem=0x1e24e70 | out: hHeap=0x1e20000) returned 1 [0049.191] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x100) returned 0x1e24e70 [0049.192] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x8, Size=0x1000) returned 0x1e25fd0 [0049.193] RtlSizeHeap (HeapHandle=0x1e20000, Flags=0x0, MemoryPointer=0x1e24e70) returned 0x100 [0049.194] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x98) returned 0x1e24f80 [0049.195] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x50) returned 0x1e25020 [0049.196] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x208) returned 0x1e25080 [0049.196] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x38) returned 0x1e25290 [0049.197] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x44 [0049.220] Thread32First (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.221] GetCurrentProcessId () returned 0xe48 [0049.221] GetCurrentThreadId () returned 0xe4c [0049.221] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.222] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.223] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.223] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.224] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.225] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.225] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.226] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.226] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.227] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.228] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.228] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.229] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.229] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.230] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.230] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.231] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.231] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.232] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.232] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.233] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.233] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.234] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.235] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.235] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.236] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.236] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.237] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.237] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.238] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.238] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.239] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.239] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.240] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.240] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.241] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.242] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.242] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.243] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.243] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.244] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.245] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.246] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.246] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.247] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.247] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.248] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.248] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.249] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.250] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.250] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.251] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.251] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.252] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.253] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.253] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.254] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.254] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.255] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.255] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.256] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.256] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.257] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.258] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.258] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.259] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.259] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.260] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.260] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.261] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.261] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.262] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.262] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.263] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.264] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.264] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.265] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.267] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.267] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.268] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.268] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.269] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.269] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.270] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.270] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.271] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.272] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.272] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.273] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.273] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.274] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.274] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.275] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.275] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.276] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.276] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.277] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.278] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.278] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.279] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.280] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.281] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.282] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.282] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.283] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.283] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.284] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.285] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.285] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.286] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.286] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.287] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.288] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.288] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.289] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.289] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.290] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.290] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.291] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.291] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.292] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.292] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.293] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.294] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.294] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.295] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.295] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.296] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.296] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.297] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.298] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.298] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.299] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.299] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.300] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.300] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.301] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.302] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.302] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.303] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.303] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.304] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.304] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.305] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.305] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.306] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.306] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.307] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.308] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.308] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.309] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.309] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.310] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.311] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.311] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.312] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.312] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.313] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.314] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.314] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.315] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.315] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.316] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.317] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.318] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.318] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.319] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.320] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.320] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.321] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.321] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.322] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.322] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.323] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.323] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.324] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.325] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.325] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.326] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.326] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.327] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.327] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.329] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.330] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.330] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.331] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.331] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.332] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.332] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.333] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.333] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.334] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.334] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.335] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.335] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.336] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.336] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.337] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.337] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.338] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.338] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.339] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.339] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.340] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.341] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.341] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.342] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.342] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.343] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.344] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.344] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.345] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.345] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.346] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.346] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.347] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.347] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.348] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.348] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.349] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.349] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.350] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.350] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.351] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.351] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.352] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.352] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.353] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.353] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.354] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.355] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.356] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.357] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.357] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.358] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.358] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.359] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.359] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.360] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.360] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.361] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.361] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.362] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.362] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.363] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.363] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.364] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.364] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.365] Thread32Next (hSnapshot=0x44, lpte=0x17ed40) returned 1 [0049.525] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x18) returned 0x1e252d0 [0049.526] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0xa) returned 0x1e252f0 [0049.529] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x18) returned 0x1e25310 [0049.529] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x17) returned 0x1e27010 [0049.532] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x20) returned 0x1e25330 [0049.532] GetSystemInfo (in: lpSystemInfo=0x17ec40 | out: lpSystemInfo=0x17ec40*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x6a06)) [0049.532] VirtualAlloc (lpAddress=0x772e1810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.533] VirtualAlloc (lpAddress=0x772e2810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.533] VirtualAlloc (lpAddress=0x772e3810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.533] VirtualAlloc (lpAddress=0x772e4810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.533] VirtualAlloc (lpAddress=0x772e5810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.533] VirtualAlloc (lpAddress=0x772e6810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.533] VirtualAlloc (lpAddress=0x772e7810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.534] VirtualAlloc (lpAddress=0x772e8810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.534] VirtualAlloc (lpAddress=0x772e9810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.534] VirtualAlloc (lpAddress=0x772ea810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.534] VirtualAlloc (lpAddress=0x772eb810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.534] VirtualAlloc (lpAddress=0x772ec810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.534] VirtualAlloc (lpAddress=0x772ed810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.534] VirtualAlloc (lpAddress=0x772ee810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.534] VirtualAlloc (lpAddress=0x772ef810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.535] VirtualAlloc (lpAddress=0x772f0810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.535] VirtualAlloc (lpAddress=0x772f1810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.535] VirtualAlloc (lpAddress=0x772f2810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.535] VirtualAlloc (lpAddress=0x772f3810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.535] VirtualAlloc (lpAddress=0x772f4810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.535] VirtualAlloc (lpAddress=0x772f5810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.535] VirtualAlloc (lpAddress=0x772f6810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.535] VirtualAlloc (lpAddress=0x772f7810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.536] VirtualAlloc (lpAddress=0x772f8810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.536] VirtualAlloc (lpAddress=0x772f9810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.536] VirtualAlloc (lpAddress=0x772fa810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.536] VirtualAlloc (lpAddress=0x772fb810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.536] VirtualAlloc (lpAddress=0x772fc810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.536] VirtualAlloc (lpAddress=0x772fd810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.536] VirtualAlloc (lpAddress=0x772fe810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.536] VirtualAlloc (lpAddress=0x772ff810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.537] VirtualAlloc (lpAddress=0x77300810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.537] VirtualAlloc (lpAddress=0x77301810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.537] VirtualAlloc (lpAddress=0x77302810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.537] VirtualAlloc (lpAddress=0x77303810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.537] VirtualAlloc (lpAddress=0x77304810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.537] VirtualAlloc (lpAddress=0x77305810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.537] VirtualAlloc (lpAddress=0x77306810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.537] VirtualAlloc (lpAddress=0x77307810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.538] VirtualAlloc (lpAddress=0x77308810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.538] VirtualAlloc (lpAddress=0x77309810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.538] VirtualAlloc (lpAddress=0x7730a810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.538] VirtualAlloc (lpAddress=0x7730b810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.538] VirtualAlloc (lpAddress=0x7730c810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.538] VirtualAlloc (lpAddress=0x7730d810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.538] VirtualAlloc (lpAddress=0x7730e810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.538] VirtualAlloc (lpAddress=0x7730f810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.539] VirtualAlloc (lpAddress=0x77310810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.539] VirtualAlloc (lpAddress=0x77311810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.539] VirtualAlloc (lpAddress=0x77312810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.539] VirtualAlloc (lpAddress=0x77313810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.539] VirtualAlloc (lpAddress=0x77314810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.539] VirtualAlloc (lpAddress=0x77315810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.539] VirtualAlloc (lpAddress=0x77316810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.539] VirtualAlloc (lpAddress=0x77317810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.540] VirtualAlloc (lpAddress=0x77318810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.540] VirtualAlloc (lpAddress=0x77319810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.540] VirtualAlloc (lpAddress=0x7731a810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.540] VirtualAlloc (lpAddress=0x7731b810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.540] VirtualAlloc (lpAddress=0x7731c810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.540] VirtualAlloc (lpAddress=0x7731d810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.541] VirtualAlloc (lpAddress=0x7731e810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.541] VirtualAlloc (lpAddress=0x7731f810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.541] VirtualAlloc (lpAddress=0x77320810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.541] VirtualAlloc (lpAddress=0x77321810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.541] VirtualAlloc (lpAddress=0x77322810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.541] VirtualAlloc (lpAddress=0x77323810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.541] VirtualAlloc (lpAddress=0x77324810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.541] VirtualAlloc (lpAddress=0x77325810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.542] VirtualAlloc (lpAddress=0x77326810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.542] VirtualAlloc (lpAddress=0x77327810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.542] VirtualAlloc (lpAddress=0x77328810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.542] VirtualAlloc (lpAddress=0x77329810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.542] VirtualAlloc (lpAddress=0x7732a810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.542] VirtualAlloc (lpAddress=0x7732b810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.542] VirtualAlloc (lpAddress=0x7732c810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.542] VirtualAlloc (lpAddress=0x7732d810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.543] VirtualAlloc (lpAddress=0x7732e810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.543] VirtualAlloc (lpAddress=0x7732f810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.543] VirtualAlloc (lpAddress=0x77330810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.543] VirtualAlloc (lpAddress=0x77331810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.543] VirtualAlloc (lpAddress=0x77332810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.543] VirtualAlloc (lpAddress=0x77333810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.543] VirtualAlloc (lpAddress=0x77334810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.543] VirtualAlloc (lpAddress=0x77335810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.544] VirtualAlloc (lpAddress=0x77336810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.544] VirtualAlloc (lpAddress=0x77337810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.544] VirtualAlloc (lpAddress=0x77338810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.544] VirtualAlloc (lpAddress=0x77339810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.544] VirtualAlloc (lpAddress=0x7733a810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.544] VirtualAlloc (lpAddress=0x7733b810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.544] VirtualAlloc (lpAddress=0x7733c810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.545] VirtualAlloc (lpAddress=0x7733d810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.545] VirtualAlloc (lpAddress=0x7733e810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.545] VirtualAlloc (lpAddress=0x7733f810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.545] VirtualAlloc (lpAddress=0x77340810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.545] VirtualAlloc (lpAddress=0x77341810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.545] VirtualAlloc (lpAddress=0x77342810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.545] VirtualAlloc (lpAddress=0x77343810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.545] VirtualAlloc (lpAddress=0x77344810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.546] VirtualAlloc (lpAddress=0x77345810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.546] VirtualAlloc (lpAddress=0x77346810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.546] VirtualAlloc (lpAddress=0x77347810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.546] VirtualAlloc (lpAddress=0x77348810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.546] VirtualAlloc (lpAddress=0x77349810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.546] VirtualAlloc (lpAddress=0x7734a810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.546] VirtualAlloc (lpAddress=0x7734b810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.547] VirtualAlloc (lpAddress=0x7734c810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.547] VirtualAlloc (lpAddress=0x7734d810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.547] VirtualAlloc (lpAddress=0x7734e810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.547] VirtualAlloc (lpAddress=0x7734f810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.547] VirtualAlloc (lpAddress=0x77350810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.547] VirtualAlloc (lpAddress=0x77351810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.547] VirtualAlloc (lpAddress=0x77352810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.547] VirtualAlloc (lpAddress=0x77353810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.548] VirtualAlloc (lpAddress=0x77354810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.548] VirtualAlloc (lpAddress=0x77355810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.548] VirtualAlloc (lpAddress=0x77356810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.548] VirtualAlloc (lpAddress=0x77357810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.548] VirtualAlloc (lpAddress=0x77358810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.548] VirtualAlloc (lpAddress=0x77359810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.548] VirtualAlloc (lpAddress=0x7735a810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.548] VirtualAlloc (lpAddress=0x7735b810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.549] VirtualAlloc (lpAddress=0x7735c810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.549] VirtualAlloc (lpAddress=0x7735d810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.549] VirtualAlloc (lpAddress=0x7735e810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.549] VirtualAlloc (lpAddress=0x7735f810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.549] VirtualAlloc (lpAddress=0x77360810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.549] VirtualAlloc (lpAddress=0x77361810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.549] VirtualAlloc (lpAddress=0x77362810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.549] VirtualAlloc (lpAddress=0x77363810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.550] VirtualAlloc (lpAddress=0x77364810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.550] VirtualAlloc (lpAddress=0x77365810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.550] VirtualAlloc (lpAddress=0x77366810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.550] VirtualAlloc (lpAddress=0x77367810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.550] VirtualAlloc (lpAddress=0x77368810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.550] VirtualAlloc (lpAddress=0x77369810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.550] VirtualAlloc (lpAddress=0x7736a810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.550] VirtualAlloc (lpAddress=0x7736b810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.551] VirtualAlloc (lpAddress=0x7736c810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.551] VirtualAlloc (lpAddress=0x7736d810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.551] VirtualAlloc (lpAddress=0x7736e810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.551] VirtualAlloc (lpAddress=0x7736f810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.551] VirtualAlloc (lpAddress=0x77370810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.551] VirtualAlloc (lpAddress=0x77371810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.551] VirtualAlloc (lpAddress=0x77372810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.551] VirtualAlloc (lpAddress=0x77373810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.552] VirtualAlloc (lpAddress=0x77374810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.552] VirtualAlloc (lpAddress=0x77375810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.552] VirtualAlloc (lpAddress=0x77376810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.552] VirtualAlloc (lpAddress=0x77377810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.552] VirtualAlloc (lpAddress=0x77378810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.552] VirtualAlloc (lpAddress=0x77379810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.552] VirtualAlloc (lpAddress=0x7737a810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.552] VirtualAlloc (lpAddress=0x7737b810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.553] VirtualAlloc (lpAddress=0x7737c810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.553] VirtualAlloc (lpAddress=0x7737d810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.553] VirtualAlloc (lpAddress=0x7737e810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.553] VirtualAlloc (lpAddress=0x7737f810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.553] VirtualAlloc (lpAddress=0x77380810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.553] VirtualAlloc (lpAddress=0x77381810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.553] VirtualAlloc (lpAddress=0x77382810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.554] VirtualAlloc (lpAddress=0x77383810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.554] VirtualAlloc (lpAddress=0x77384810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.554] VirtualAlloc (lpAddress=0x77385810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.554] VirtualAlloc (lpAddress=0x77386810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.554] VirtualAlloc (lpAddress=0x77387810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.554] VirtualAlloc (lpAddress=0x77388810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.554] VirtualAlloc (lpAddress=0x77389810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.554] VirtualAlloc (lpAddress=0x7738a810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.555] VirtualAlloc (lpAddress=0x7738b810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.555] VirtualAlloc (lpAddress=0x7738c810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.555] VirtualAlloc (lpAddress=0x7738d810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.555] VirtualAlloc (lpAddress=0x7738e810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.555] VirtualAlloc (lpAddress=0x7738f810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.555] VirtualAlloc (lpAddress=0x77390810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.555] VirtualAlloc (lpAddress=0x77391810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.555] VirtualAlloc (lpAddress=0x77392810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.556] VirtualAlloc (lpAddress=0x77393810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.556] VirtualAlloc (lpAddress=0x77394810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.556] VirtualAlloc (lpAddress=0x77395810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.556] VirtualAlloc (lpAddress=0x77396810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.556] VirtualAlloc (lpAddress=0x77397810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.556] VirtualAlloc (lpAddress=0x77398810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.556] VirtualAlloc (lpAddress=0x77399810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.556] VirtualAlloc (lpAddress=0x7739a810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.557] VirtualAlloc (lpAddress=0x7739b810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.557] VirtualAlloc (lpAddress=0x7739c810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.557] VirtualAlloc (lpAddress=0x7739d810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.557] VirtualAlloc (lpAddress=0x7739e810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.557] VirtualAlloc (lpAddress=0x7739f810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.557] VirtualAlloc (lpAddress=0x773a0810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.557] VirtualAlloc (lpAddress=0x773a1810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.557] VirtualAlloc (lpAddress=0x773a2810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.558] VirtualAlloc (lpAddress=0x773a3810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.558] VirtualAlloc (lpAddress=0x773a4810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.558] VirtualAlloc (lpAddress=0x773a5810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.558] VirtualAlloc (lpAddress=0x773a6810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.558] VirtualAlloc (lpAddress=0x773a7810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.558] VirtualAlloc (lpAddress=0x773a8810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.558] VirtualAlloc (lpAddress=0x773a9810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.559] VirtualAlloc (lpAddress=0x773aa810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.559] VirtualAlloc (lpAddress=0x773ab810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.559] VirtualAlloc (lpAddress=0x773ac810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.559] VirtualAlloc (lpAddress=0x773ad810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.559] VirtualAlloc (lpAddress=0x773ae810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.559] VirtualAlloc (lpAddress=0x773af810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.559] VirtualAlloc (lpAddress=0x773b0810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.559] VirtualAlloc (lpAddress=0x773b1810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.560] VirtualAlloc (lpAddress=0x773b2810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.560] VirtualAlloc (lpAddress=0x773b3810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.560] VirtualAlloc (lpAddress=0x773b4810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.560] VirtualAlloc (lpAddress=0x773b5810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.560] VirtualAlloc (lpAddress=0x773b6810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.560] VirtualAlloc (lpAddress=0x773b7810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.560] VirtualAlloc (lpAddress=0x773b8810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.560] VirtualAlloc (lpAddress=0x773b9810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.561] VirtualAlloc (lpAddress=0x773ba810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.561] VirtualAlloc (lpAddress=0x773bb810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.561] VirtualAlloc (lpAddress=0x773bc810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.561] VirtualAlloc (lpAddress=0x773bd810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.561] VirtualAlloc (lpAddress=0x773be810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.561] VirtualAlloc (lpAddress=0x773bf810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.562] VirtualAlloc (lpAddress=0x773c0810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.562] VirtualAlloc (lpAddress=0x773c1810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.563] VirtualAlloc (lpAddress=0x773c2810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.563] VirtualAlloc (lpAddress=0x773c3810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.563] VirtualAlloc (lpAddress=0x773c4810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.563] VirtualAlloc (lpAddress=0x773c5810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.563] VirtualAlloc (lpAddress=0x773c6810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.563] VirtualAlloc (lpAddress=0x773c7810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.563] VirtualAlloc (lpAddress=0x773c8810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.563] VirtualAlloc (lpAddress=0x773c9810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.564] VirtualAlloc (lpAddress=0x773ca810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.564] VirtualAlloc (lpAddress=0x773cb810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.564] VirtualAlloc (lpAddress=0x773cc810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.564] VirtualAlloc (lpAddress=0x773cd810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.564] VirtualAlloc (lpAddress=0x773ce810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.564] VirtualAlloc (lpAddress=0x773cf810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.564] VirtualAlloc (lpAddress=0x773d0810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.564] VirtualAlloc (lpAddress=0x773d1810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.565] VirtualAlloc (lpAddress=0x773d2810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.565] VirtualAlloc (lpAddress=0x773d3810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.565] VirtualAlloc (lpAddress=0x773d4810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.565] VirtualAlloc (lpAddress=0x773d5810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.565] VirtualAlloc (lpAddress=0x773d6810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.565] VirtualAlloc (lpAddress=0x773d7810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.565] VirtualAlloc (lpAddress=0x773d8810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.565] VirtualAlloc (lpAddress=0x773d9810, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0049.572] WriteProcessMemory (in: hProcess=0xffffffffffffffff, lpBaseAddress=0x77440015, lpBuffer=0x17ecb8*, nSize=0x6, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x17ecb8*, lpNumberOfBytesWritten=0x0) returned 1 [0049.573] WriteProcessMemory (in: hProcess=0xffffffffffffffff, lpBaseAddress=0x772e1810, lpBuffer=0x17ecb8*, nSize=0x5, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x17ecb8*, lpNumberOfBytesWritten=0x0) returned 1 [0049.574] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17eb90*=0x772e1000, NumberOfBytesToProtect=0x17ebd8, NewAccessProtection=0x20, OldAccessProtection=0x17ebc8 | out: BaseAddress=0x17eb90*=0x772e1000, NumberOfBytesToProtect=0x17ebd8, OldAccessProtection=0x17ebc8*=0x40) returned 0x0 [0049.574] VirtualProtect (in: lpAddress=0x77440000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x17ecb0 | out: lpflOldProtect=0x17ecb0*=0x40) returned 1 [0049.574] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17ebc8*=0x77440000, NumberOfBytesToProtect=0x17ebd0, NewAccessProtection=0x20, OldAccessProtection=0x17ecb0 | out: BaseAddress=0x17ebc8*=0x77440000, NumberOfBytesToProtect=0x17ebd0, OldAccessProtection=0x17ecb0*=0x40) returned 0x0 [0049.576] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x8) returned 0x1e25360 [0049.577] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x18) returned 0x1e27030 [0049.577] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x13) returned 0x1e27050 [0049.580] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x20) returned 0x1e25380 [0049.591] WriteProcessMemory (in: hProcess=0xffffffffffffffff, lpBaseAddress=0x7745000d, lpBuffer=0x17ecb8*, nSize=0x5, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x17ecb8*, lpNumberOfBytesWritten=0x0) returned 1 [0049.591] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17eb90*=0x7745000d, NumberOfBytesToProtect=0x17ebd8, NewAccessProtection=0x40, OldAccessProtection=0x17ebc8 | out: BaseAddress=0x17eb90*=0x77450000, NumberOfBytesToProtect=0x17ebd8, OldAccessProtection=0x17ebc8*=0x40) returned 0x0 [0049.592] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17eb90*=0x77450000, NumberOfBytesToProtect=0x17ebd8, NewAccessProtection=0x40, OldAccessProtection=0x17ebc8 | out: BaseAddress=0x17eb90*=0x77450000, NumberOfBytesToProtect=0x17ebd8, OldAccessProtection=0x17ebc8*=0x40) returned 0x0 [0049.592] WriteProcessMemory (in: hProcess=0xffffffffffffffff, lpBaseAddress=0x7745001f, lpBuffer=0x17ecb8*, nSize=0x6, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x17ecb8*, lpNumberOfBytesWritten=0x0) returned 1 [0049.592] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17eb90*=0x7745001f, NumberOfBytesToProtect=0x17ebd8, NewAccessProtection=0x40, OldAccessProtection=0x17ebc8 | out: BaseAddress=0x17eb90*=0x77450000, NumberOfBytesToProtect=0x17ebd8, OldAccessProtection=0x17ebc8*=0x40) returned 0x0 [0049.595] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17eb90*=0x77450000, NumberOfBytesToProtect=0x17ebd8, NewAccessProtection=0x40, OldAccessProtection=0x17ebc8 | out: BaseAddress=0x17eb90*=0x77450000, NumberOfBytesToProtect=0x17ebd8, OldAccessProtection=0x17ebc8*=0x40) returned 0x0 [0049.595] WriteProcessMemory (in: hProcess=0xffffffffffffffff, lpBaseAddress=0x77387ec0, lpBuffer=0x17ecb8*, nSize=0x5, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x17ecb8*, lpNumberOfBytesWritten=0x0) returned 1 [0049.595] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17eb90*=0x77387ec0, NumberOfBytesToProtect=0x17ebd8, NewAccessProtection=0x40, OldAccessProtection=0x17ebc8 | out: BaseAddress=0x17eb90*=0x77387000, NumberOfBytesToProtect=0x17ebd8, OldAccessProtection=0x17ebc8*=0x20) returned 0x0 [0049.596] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17eb90*=0x77387000, NumberOfBytesToProtect=0x17ebd8, NewAccessProtection=0x20, OldAccessProtection=0x17ebc8 | out: BaseAddress=0x17eb90*=0x77387000, NumberOfBytesToProtect=0x17ebd8, OldAccessProtection=0x17ebc8*=0x40) returned 0x0 [0049.596] VirtualProtect (in: lpAddress=0x77450000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x17ecb0 | out: lpflOldProtect=0x17ecb0*=0x40) returned 1 [0049.596] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17ebc8*=0x77450000, NumberOfBytesToProtect=0x17ebd0, NewAccessProtection=0x20, OldAccessProtection=0x17ecb0 | out: BaseAddress=0x17ebc8*=0x77450000, NumberOfBytesToProtect=0x17ebd0, OldAccessProtection=0x17ecb0*=0x40) returned 0x0 [0049.598] RtlAllocateHeap (HeapHandle=0x1e20000, Flags=0x0, Size=0x10) returned 0x1e27070 [0049.598] HeapFree (in: hHeap=0x1e20000, dwFlags=0x0, lpMem=0x1e25360 | out: hHeap=0x1e20000) returned 1 [0049.600] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17f720*=0x13f4b4000, NumberOfBytesToProtect=0x17f7b8, NewAccessProtection=0x20, OldAccessProtection=0x17f584 | out: BaseAddress=0x17f720*=0x13f4b4000, NumberOfBytesToProtect=0x17f7b8, OldAccessProtection=0x17f584*=0x40) returned 0x0 [0049.616] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17f720*=0x13f431000, NumberOfBytesToProtect=0x17f7b8, NewAccessProtection=0x2, OldAccessProtection=0x17f584 | out: BaseAddress=0x17f720*=0x13f431000, NumberOfBytesToProtect=0x17f7b8, OldAccessProtection=0x17f584*=0x4) returned 0x0 [0049.617] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17f720*=0x13f411000, NumberOfBytesToProtect=0x17f7b8, NewAccessProtection=0x20, OldAccessProtection=0x17f584 | out: BaseAddress=0x17f720*=0x13f411000, NumberOfBytesToProtect=0x17f7b8, OldAccessProtection=0x17f584*=0x40) returned 0x0 [0049.618] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17f720*=0x13f4b1000, NumberOfBytesToProtect=0x17f7b8, NewAccessProtection=0x2, OldAccessProtection=0x17f584 | out: BaseAddress=0x17f720*=0x13f4b1000, NumberOfBytesToProtect=0x17f7b8, OldAccessProtection=0x17f584*=0x4) returned 0x0 [0049.619] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17f720*=0x13f4b3000, NumberOfBytesToProtect=0x17f7b8, NewAccessProtection=0x2, OldAccessProtection=0x17f584 | out: BaseAddress=0x17f720*=0x13f4b3000, NumberOfBytesToProtect=0x17f7b8, OldAccessProtection=0x17f584*=0x4) returned 0x0 [0049.620] NtProtectVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x17f720*=0x13f4e8000, NumberOfBytesToProtect=0x17f7b8, NewAccessProtection=0x4, OldAccessProtection=0x17f584 | out: BaseAddress=0x17f720*=0x13f4e8000, NumberOfBytesToProtect=0x17f7b8, OldAccessProtection=0x17f584*=0x20) returned 0x0 [0049.620] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x17fe60 | out: lpSystemTimeAsFileTime=0x17fe60*(dwLowDateTime=0x1d1b4550, dwHighDateTime=0x1da819d)) [0049.620] GetCurrentThreadId () returned 0xe4c [0049.621] GetCurrentProcessId () returned 0xe48 [0049.621] QueryPerformanceCounter (in: lpPerformanceCount=0x17fe68 | out: lpPerformanceCount=0x17fe68*=1889759599780) returned 1 [0049.621] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x7fefa810000 [0049.629] GetProcAddress (hModule=0x7fefa810000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0049.629] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0049.629] GetLastError () returned 0x7e [0049.629] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x77170000 [0049.629] GetProcAddress (hModule=0x77170000, lpProcName="FlsAlloc") returned 0x77186630 [0049.629] GetProcAddress (hModule=0x77170000, lpProcName="FlsSetValue") returned 0x7718b1c0 [0049.630] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x7fefa810000 [0049.630] GetProcAddress (hModule=0x7fefa810000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0049.630] GetProcessHeap () returned 0x260000 [0049.630] GetLastError () returned 0x7f [0049.631] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x3c8) returned 0x2799d0 [0049.631] SetLastError (dwErrCode=0x7f) [0049.631] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1200) returned 0x279da0 [0049.633] GetStartupInfoW (in: lpStartupInfo=0x17fd40 | out: lpStartupInfo=0x17fd40*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\asd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x64005e134, hStdError=0x1)) [0049.633] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0049.633] GetFileType (hFile=0x3) returned 0x2 [0049.633] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0049.633] GetFileType (hFile=0x7) returned 0x2 [0049.633] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0049.634] GetFileType (hFile=0xb) returned 0x2 [0049.634] GetCommandLineA () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\asd.exe\" " [0049.634] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\asd.exe\" " [0049.634] GetACP () returned 0x4e4 [0049.634] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x228) returned 0x27bfb0 [0049.634] IsValidCodePage (CodePage=0x4e4) returned 1 [0049.634] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x17fae0 | out: lpCPInfo=0x17fae0) returned 1 [0049.634] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x17f380 | out: lpCPInfo=0x17f380) returned 1 [0049.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ ¿'", cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0049.634] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ ¿'", cbMultiByte=256, lpWideCharStr=0x17f0d0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0049.634] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpCharType=0x17f6a0 | out: lpCharType=0x17f6a0) returned 1 [0049.635] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ ¿'", cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0049.635] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ ¿'", cbMultiByte=256, lpWideCharStr=0x17f070, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÐÑÒÓ嗀鲎") returned 256 [0049.635] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0049.635] GetLastError () returned 0x7e [0049.635] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x77170000 [0049.635] GetProcAddress (hModule=0x77170000, lpProcName="LCMapStringEx") returned 0x771bbaf0 [0049.635] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÐÑÒÓ嗀鲎", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0049.636] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÐÑÒÓ嗀鲎", cchSrc=256, lpDestStr=0x17ee60, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0049.636] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x17f4a0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÀ\x8f'", lpUsedDefaultChar=0x0) returned 256 [0049.636] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÀ\x8f'", cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0049.636] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÀ\x8f'", cbMultiByte=256, lpWideCharStr=0x17f070, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÐÑÒÓ嗀鲎") returned 256 [0049.636] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÐÑÒÓ嗀鲎", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0049.636] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÐÑÒÓ嗀鲎", cchSrc=256, lpDestStr=0x17ee60, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0049.636] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x17f5a0, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0049.636] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x100) returned 0x27c1e0 [0049.636] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x17fb60, nSize=0x105 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\asd.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\asd.exe")) returned 0x22 [0049.636] GetProcAddress (hModule=0x77170000, lpProcName="AreFileApisANSI") returned 0x771bc9b0 [0049.636] AreFileApisANSI () returned 1 [0049.636] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\Desktop\\asd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0049.636] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\Desktop\\asd.exe", cchWideChar=-1, lpMultiByteStr=0x13f4afbf0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\kEecfMwgj\\Desktop\\asd.exe", lpUsedDefaultChar=0x0) returned 35 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x33) returned 0x27bc20 [0049.637] RtlInitializeSListHead (in: ListHead=0x13f4afa40 | out: ListHead=0x13f4afa40) [0049.637] GetLastError () returned 0x0 [0049.637] SetLastError (dwErrCode=0x0) [0049.637] GetEnvironmentStringsW () returned 0x27c2f0* [0049.637] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1434, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1434 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x59a) returned 0x27ce30 [0049.637] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1434, lpMultiByteStr=0x27ce30, cbMultiByte=1434, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1434 [0049.637] FreeEnvironmentStringsW (penv=0x27c2f0) returned 1 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x128) returned 0x27c2f0 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1f) returned 0x27c450 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2b) returned 0x27bc60 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x31) returned 0x27bca0 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x3c) returned 0x278fc0 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x31) returned 0x27bce0 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x18) returned 0x2791b0 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x24) returned 0x27c480 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x14) returned 0x279010 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xd) returned 0x275fb0 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1a) returned 0x27c4b0 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2e) returned 0x27bd20 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x19) returned 0x27c4e0 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x17) returned 0x275fd0 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xe) returned 0x27cc20 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xce) returned 0x27cc40 [0049.637] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x3e) returned 0x27cd20 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1d) returned 0x27c510 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x49) returned 0x27cd70 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x12) returned 0x27cdd0 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x18) returned 0x27cdf0 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1b) returned 0x27c540 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1e) returned 0x27c570 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x29) returned 0x27bd60 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1e) returned 0x27c5a0 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x6b) returned 0x27d3e0 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x17) returned 0x27ce10 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xf) returned 0x27d460 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x16) returned 0x27d480 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2a) returned 0x27bda0 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x29) returned 0x27bde0 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x16) returned 0x27d4a0 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x13) returned 0x27d4c0 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1f) returned 0x27c5d0 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x12) returned 0x27d4e0 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x18) returned 0x27d500 [0049.638] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x46) returned 0x27d550 [0049.639] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27ce30 | out: hHeap=0x260000) returned 1 [0049.639] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x1000) returned 0x27e520 [0049.639] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x13f419b44) returned 0x0 [0049.641] GetCurrentProcess () returned 0xffffffffffffffff [0049.641] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x17fc50 | out: TokenHandle=0x17fc50*=0x44) returned 1 [0049.642] GetTokenInformation (in: TokenHandle=0x44, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x17fc44 | out: TokenInformation=0x0, ReturnLength=0x17fc44) returned 0 [0049.642] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x2c) returned 0x27bee0 [0049.642] GetTokenInformation (in: TokenHandle=0x44, TokenInformationClass=0x1, TokenInformation=0x27bee0, TokenInformationLength=0x2c, ReturnLength=0x17fc44 | out: TokenInformation=0x27bee0, ReturnLength=0x17fc44) returned 1 [0049.644] ConvertSidToStringSidA (in: Sid=0x27bef0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), StringSid=0x17fc58 | out: StringSid=0x17fc58*="S-1-5-21-4219442223-4223814209-3835049652-1000") returned 1 [0049.644] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27bf60 [0049.644] LocalFree (hMem=0x27bf20) returned 0x0 [0049.644] CloseHandle (hObject=0x44) returned 1 [0049.644] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27bf20 [0049.644] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27f560 [0049.645] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27bf20 | out: hHeap=0x260000) returned 1 [0049.645] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x30) returned 0x27bf20 [0049.646] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27f560 | out: hHeap=0x260000) returned 1 [0049.646] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27bf60 | out: hHeap=0x260000) returned 1 [0049.647] GlobalFindAtomA (lpString="53895c") returned 0x400040000 [0049.649] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27bf20 | out: hHeap=0x260000) returned 1 [0049.649] GetDesktopWindow () returned 0x10010 [0049.650] GetDC (hWnd=0x10010) returned 0xe01016d [0049.651] raise (_SigNum=11) [0049.651] HeapFree (in: hHeap=0x1e20000, dwFlags=0x0, lpMem=0x1e24ba0 | out: hHeap=0x1e20000) returned 1 [0049.652] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x2799d0 | out: hHeap=0x260000) returned 1