# Flog Txt Version 1 # Analyzer Version: 4.3.0 # Analyzer Build Date: Sep 20 2021 05:59:55 # Log Creation Date: 27.09.2021 19:15:12.862 Process: id = "1" image_name = "dadjtxjf.exe" filename = "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe" page_root = "0x3fef2000" os_pid = "0xe08" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x45c" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fel=\"C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\tmpb141g1rs\" /s" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 117 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 118 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 119 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 120 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 121 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 122 start_va = 0xa0000 end_va = 0xa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000a0000" filename = "" Region: id = 123 start_va = 0x270000 end_va = 0x291fff monitored = 1 entry_point = 0x271bac region_type = mapped_file name = "dadjtxjf.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe") Region: id = 124 start_va = 0x310000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 125 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 126 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 127 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 128 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 129 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 130 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 131 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 132 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 133 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 272 start_va = 0x150000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 273 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 274 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 275 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 276 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 277 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 278 start_va = 0x774c0000 end_va = 0x775defff monitored = 0 entry_point = 0x774d5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 279 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 280 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 0 entry_point = 0x775fa2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 281 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 282 start_va = 0x410000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 283 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 284 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 285 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 286 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 287 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 288 start_va = 0xb0000 end_va = 0x116fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 289 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 290 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 291 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 292 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 293 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 294 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 295 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 296 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 297 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 298 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 299 start_va = 0x755b0000 end_va = 0x761f9fff monitored = 0 entry_point = 0x75631601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 300 start_va = 0x76850000 end_va = 0x768a6fff monitored = 0 entry_point = 0x76869ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 304 start_va = 0x5b0000 end_va = 0x737fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 305 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 306 start_va = 0x763d0000 end_va = 0x7652bfff monitored = 0 entry_point = 0x7641ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 307 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 308 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 309 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 310 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 311 start_va = 0x7b0000 end_va = 0x930fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 312 start_va = 0x940000 end_va = 0x1d3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 313 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 314 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 315 start_va = 0x1d0000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 316 start_va = 0x1d40000 end_va = 0x1e1efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d40000" filename = "" Region: id = 317 start_va = 0x1e20000 end_va = 0x20eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 318 start_va = 0x120000 end_va = 0x120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 319 start_va = 0x470000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 320 start_va = 0x4b0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 321 start_va = 0x22c0000 end_va = 0x23bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 322 start_va = 0x73f80000 end_va = 0x74074fff monitored = 0 entry_point = 0x73f90d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 323 start_va = 0x76ad0000 end_va = 0x76b5efff monitored = 0 entry_point = 0x76ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 324 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 325 start_va = 0x130000 end_va = 0x131fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 326 start_va = 0x744d0000 end_va = 0x7466dfff monitored = 0 entry_point = 0x744fe6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 327 start_va = 0x140000 end_va = 0x140fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 328 start_va = 0x210000 end_va = 0x211fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000210000" filename = "" Region: id = 329 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 330 start_va = 0x76530000 end_va = 0x765b2fff monitored = 0 entry_point = 0x765323d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 331 start_va = 0x220000 end_va = 0x220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 332 start_va = 0x74490000 end_va = 0x744b0fff monitored = 0 entry_point = 0x7449145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 333 start_va = 0x77130000 end_va = 0x77174fff monitored = 0 entry_point = 0x771311e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 334 start_va = 0x230000 end_va = 0x233fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 335 start_va = 0x240000 end_va = 0x256fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000007.db") Region: id = 336 start_va = 0x260000 end_va = 0x260fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 337 start_va = 0x230000 end_va = 0x233fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 338 start_va = 0x2a0000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000e.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000e.db") Region: id = 339 start_va = 0x2d0000 end_va = 0x2d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 340 start_va = 0x20f0000 end_va = 0x2155fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 341 start_va = 0x2e0000 end_va = 0x2edfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 342 start_va = 0x75470000 end_va = 0x755a5fff monitored = 0 entry_point = 0x75471b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 343 start_va = 0x765c0000 end_va = 0x766b4fff monitored = 0 entry_point = 0x765c1865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 344 start_va = 0x76e50000 end_va = 0x7704afff monitored = 0 entry_point = 0x76e522d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 345 start_va = 0x768b0000 end_va = 0x769d0fff monitored = 0 entry_point = 0x768b158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 346 start_va = 0x766c0000 end_va = 0x766cbfff monitored = 0 entry_point = 0x766c238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 347 start_va = 0x2f0000 end_va = 0x2f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 348 start_va = 0x2170000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 349 start_va = 0x2420000 end_va = 0x245ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 350 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 351 start_va = 0x2520000 end_va = 0x255ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002520000" filename = "" Region: id = 352 start_va = 0x2630000 end_va = 0x272ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002630000" filename = "" Region: id = 353 start_va = 0x76240000 end_va = 0x76266fff monitored = 0 entry_point = 0x762458b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 354 start_va = 0x76cb0000 end_va = 0x76e4cfff monitored = 0 entry_point = 0x76cb17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 355 start_va = 0x773c0000 end_va = 0x773d1fff monitored = 0 entry_point = 0x773c1441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 356 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 357 start_va = 0x300000 end_va = 0x30cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui") Region: id = 387 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 388 start_va = 0x460000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 389 start_va = 0x2280000 end_va = 0x22bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 390 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 391 start_va = 0x29c0000 end_va = 0x2abffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029c0000" filename = "" Region: id = 392 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 446 start_va = 0x23c0000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 447 start_va = 0x27a0000 end_va = 0x289ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027a0000" filename = "" Region: id = 448 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 522 start_va = 0x2340000 end_va = 0x237ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 523 start_va = 0x27a0000 end_va = 0x289ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027a0000" filename = "" Region: id = 524 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 600 start_va = 0x740000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 601 start_va = 0x27a0000 end_va = 0x289ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027a0000" filename = "" Region: id = 602 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 657 start_va = 0x740000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 658 start_va = 0x22c0000 end_va = 0x23bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 659 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 730 start_va = 0x740000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 731 start_va = 0x2860000 end_va = 0x295ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 732 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 800 start_va = 0x23a0000 end_va = 0x23dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 801 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 802 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 896 start_va = 0x760000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 897 start_va = 0x2280000 end_va = 0x237ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 898 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 945 start_va = 0x740000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 946 start_va = 0x2780000 end_va = 0x287ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 947 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1039 start_va = 0x23e0000 end_va = 0x241ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 1040 start_va = 0x2760000 end_va = 0x285ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 1041 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1072 start_va = 0x760000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1073 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1074 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1132 start_va = 0x2340000 end_va = 0x237ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 1133 start_va = 0x2880000 end_va = 0x297ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 1134 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1245 start_va = 0x2490000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 1246 start_va = 0x27c0000 end_va = 0x28bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 1247 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1302 start_va = 0x760000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1303 start_va = 0x2820000 end_va = 0x291ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002820000" filename = "" Region: id = 1304 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1382 start_va = 0x2380000 end_va = 0x23bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 1383 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 1384 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1474 start_va = 0x740000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1475 start_va = 0x2280000 end_va = 0x237ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1476 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1517 start_va = 0x23e0000 end_va = 0x241ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 1518 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 1519 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Thread: id = 1 os_tid = 0xe0c [0040.676] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x40fe28 | out: lpSystemTimeAsFileTime=0x40fe28*(dwLowDateTime=0x11784bb0, dwHighDateTime=0x1d7b3d4)) [0040.676] GetCurrentThreadId () returned 0xe0c [0040.676] GetCurrentProcessId () returned 0xe08 [0040.676] QueryPerformanceCounter (in: lpPerformanceCount=0x40fe20 | out: lpPerformanceCount=0x40fe20*=1282513693220) returned 1 [0040.678] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0040.679] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73430000 [0040.686] GetProcAddress (hModule=0x73430000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0040.686] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0040.686] GetLastError () returned 0x7e [0040.686] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x772b0000 [0040.687] GetProcAddress (hModule=0x772b0000, lpProcName="FlsAlloc") returned 0x772c4ee3 [0040.687] GetProcAddress (hModule=0x772b0000, lpProcName="FlsSetValue") returned 0x772c41c0 [0040.688] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73430000 [0040.689] GetProcAddress (hModule=0x73430000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0040.689] GetProcessHeap () returned 0x4b0000 [0040.689] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0040.689] GetLastError () returned 0x7e [0040.689] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x772b0000 [0040.689] GetProcAddress (hModule=0x772b0000, lpProcName="FlsAlloc") returned 0x772c4ee3 [0040.689] GetLastError () returned 0x7e [0040.689] GetProcAddress (hModule=0x772b0000, lpProcName="FlsGetValue") returned 0x772c1252 [0040.689] GetProcAddress (hModule=0x772b0000, lpProcName="FlsSetValue") returned 0x772c41c0 [0040.690] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x364) returned 0x4c5118 [0040.690] SetLastError (dwErrCode=0x7e) [0040.690] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0xe00) returned 0x4c5488 [0040.692] GetStartupInfoW (in: lpStartupInfo=0x40fd60 | out: lpStartupInfo=0x40fd60*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x272780, hStdOutput=0x8b0252be, hStdError=0xfffffffe)) [0040.692] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0040.692] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0040.692] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0040.692] GetCommandLineA () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fel=\"C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\tmpb141g1rs\" /s" [0040.692] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fel=\"C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\tmpb141g1rs\" /s" [0040.692] GetACP () returned 0x4e4 [0040.692] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x220) returned 0x4c4dc0 [0040.692] IsValidCodePage (CodePage=0x4e4) returned 1 [0040.692] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x40fd80 | out: lpCPInfo=0x40fd80) returned 1 [0040.692] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x40f648 | out: lpCPInfo=0x40f648) returned 1 [0040.692] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40fc5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0040.692] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40fc5c, cbMultiByte=256, lpWideCharStr=0x40f3e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0040.692] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpCharType=0x40f65c | out: lpCharType=0x40f65c) returned 1 [0040.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40fc5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0040.693] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40fc5c, cbMultiByte=256, lpWideCharStr=0x40f398, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0040.693] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0040.693] GetLastError () returned 0x7e [0040.693] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0040.694] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0040.694] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x40f188, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0040.694] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x40fb5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ>\x10j\x8b\x98ý@", lpUsedDefaultChar=0x0) returned 256 [0040.694] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40fc5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0040.694] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x40fc5c, cbMultiByte=256, lpWideCharStr=0x40f3b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0040.694] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0040.694] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x40f1a8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0040.694] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x40fa5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ>\x10j\x8b\x98ý@", lpUsedDefaultChar=0x0) returned 256 [0040.694] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x80) returned 0x4c4fe8 [0040.694] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0040.694] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x19e) returned 0x4c6a90 [0040.694] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0040.694] GetLastError () returned 0x0 [0040.694] SetLastError (dwErrCode=0x0) [0040.694] GetEnvironmentStringsW () returned 0x4c6c38* [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0xb0e) returned 0x4c7750 [0040.695] FreeEnvironmentStringsW (penv=0x4c6c38) returned 1 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x98) returned 0x4c6c38 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3e) returned 0x4c6cd8 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x56) returned 0x4c6d20 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x6e) returned 0x4c6d80 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x78) returned 0x4c12c0 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x62) returned 0x4c6df8 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x30) returned 0x4c6e68 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x48) returned 0x4c6ea0 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x28) returned 0x4c5070 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1a) returned 0x4c6a50 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x34) returned 0x4c6ef0 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x5c) returned 0x4c6f30 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x32) returned 0x4c6f98 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x2e) returned 0x4c6fd8 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1c) returned 0x4c8280 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x12a) returned 0x4c8a68 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x7c) returned 0x4c8ba0 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x36) returned 0x4c8c28 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3a) returned 0x4c8c68 [0040.695] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x90) returned 0x4c8cb0 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x24) returned 0x4c8d48 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x30) returned 0x4c8d78 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x36) returned 0x4c8db0 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x48) returned 0x4c8df0 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x52) returned 0x4c8e40 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3c) returned 0x4c8ea0 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0xd6) returned 0x4c8ee8 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x2e) returned 0x4c7010 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x1e) returned 0x4c82a8 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x2c) returned 0x4c7048 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x54) returned 0x4c7080 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x52) returned 0x4c70e0 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x2c) returned 0x4c7140 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x26) returned 0x4c7178 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x3e) returned 0x4c8fe0 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x24) returned 0x4c71a8 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x30) returned 0x4c71d8 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x8c) returned 0x4c7210 [0040.696] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c7750 | out: hHeap=0x4b0000) returned 1 [0040.696] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x800) returned 0x4c72a8 [0040.697] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0040.697] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0040.697] GetStartupInfoW (in: lpStartupInfo=0x40fdc4 | out: lpStartupInfo=0x40fdc4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0040.697] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fel=\"C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\tmpb141g1rs\" /s" [0040.697] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fel=\"C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\tmpb141g1rs\" /s", pNumArgs=0x40fdb0 | out: pNumArgs=0x40fdb0) returned 0x4c7ef8*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0040.698] CoInitializeEx (pvReserved=0x0, dwCoInit=0x6) returned 0x0 [0041.244] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x8, Size=0x38) returned 0x4ce188 [0041.244] CreateFileW (lpFileName="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\tmpb141g1rs" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\tmpb141g1rs"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x40fc04, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0041.245] GetFileType (hFile=0xb0) returned 0x1 [0041.246] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x4000) returned 0x4ce680 [0041.247] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x1000) returned 0x4d2688 [0041.247] ReadFile (in: hFile=0xb0, lpBuffer=0x4d2688, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x40fc40, lpOverlapped=0x0 | out: lpBuffer=0x4d2688*, lpNumberOfBytesRead=0x40fc40*=0x28c, lpOverlapped=0x0) returned 1 [0041.247] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0041.248] GetLastError () returned 0x0 [0041.248] SetLastError (dwErrCode=0x0) [0041.248] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0045.485] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0045.486] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0045.486] GetLastError () returned 0x0 [0045.486] SetLastError (dwErrCode=0x0) [0045.486] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0045.561] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0045.561] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0045.562] GetLastError () returned 0x0 [0045.562] SetLastError (dwErrCode=0x0) [0045.562] GetLastError () returned 0x0 [0045.562] SetLastError (dwErrCode=0x0) [0045.562] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"0\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"0\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0045.661] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0045.662] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0045.662] GetLastError () returned 0x0 [0045.662] SetLastError (dwErrCode=0x0) [0045.662] GetLastError () returned 0x0 [0045.662] SetLastError (dwErrCode=0x0) [0045.662] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"0\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"0\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0046.038] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0046.038] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0046.038] GetLastError () returned 0x0 [0046.038] SetLastError (dwErrCode=0x0) [0046.038] GetLastError () returned 0x0 [0046.039] SetLastError (dwErrCode=0x0) [0046.039] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"1\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"1\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0046.971] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0046.972] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0046.973] GetLastError () returned 0x0 [0046.973] SetLastError (dwErrCode=0x0) [0046.973] GetLastError () returned 0x0 [0046.973] SetLastError (dwErrCode=0x0) [0046.973] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"1\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"1\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0047.076] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0047.076] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0047.076] GetLastError () returned 0x0 [0047.076] SetLastError (dwErrCode=0x0) [0047.076] GetLastError () returned 0x0 [0047.077] SetLastError (dwErrCode=0x0) [0047.077] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"Install\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"Install\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0047.938] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0047.939] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0047.939] GetLastError () returned 0x0 [0047.939] SetLastError (dwErrCode=0x0) [0047.939] GetLastError () returned 0x0 [0047.939] SetLastError (dwErrCode=0x0) [0047.939] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"Install\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"Install\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0049.248] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0049.248] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0049.248] GetLastError () returned 0x0 [0049.248] SetLastError (dwErrCode=0x0) [0049.248] GetLastError () returned 0x0 [0049.248] SetLastError (dwErrCode=0x0) [0049.248] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"DefaultInstall\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"DefaultInstall\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0049.299] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0049.299] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0049.299] GetLastError () returned 0x0 [0049.299] SetLastError (dwErrCode=0x0) [0049.299] GetLastError () returned 0x0 [0049.299] SetLastError (dwErrCode=0x0) [0049.299] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"DefaultInstall\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"DefaultInstall\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0049.371] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0049.372] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0049.372] GetLastError () returned 0x0 [0049.372] SetLastError (dwErrCode=0x0) [0049.372] GetLastError () returned 0x0 [0049.372] SetLastError (dwErrCode=0x0) [0049.372] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"127.0.0.1\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"127.0.0.1\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0050.148] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0050.149] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0050.149] GetLastError () returned 0x0 [0050.149] SetLastError (dwErrCode=0x0) [0050.149] GetLastError () returned 0x0 [0050.149] SetLastError (dwErrCode=0x0) [0050.149] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"127.0.0.1\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"127.0.0.1\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0050.211] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0050.211] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0050.212] GetLastError () returned 0x0 [0050.212] SetLastError (dwErrCode=0x0) [0050.212] GetLastError () returned 0x0 [0050.212] SetLastError (dwErrCode=0x0) [0050.212] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"explorer.exe\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"explorer.exe\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0050.311] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0050.312] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0050.312] GetLastError () returned 0x0 [0050.312] SetLastError (dwErrCode=0x0) [0050.312] GetLastError () returned 0x0 [0050.312] SetLastError (dwErrCode=0x0) [0050.312] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"explorer.exe\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"explorer.exe\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0050.527] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0050.528] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0050.528] GetLastError () returned 0x0 [0050.528] SetLastError (dwErrCode=0x0) [0050.528] GetLastError () returned 0x0 [0050.528] SetLastError (dwErrCode=0x0) [0050.528] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"iexplore.exe\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"iexplore.exe\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0050.618] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0050.618] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0050.618] GetLastError () returned 0x0 [0050.619] SetLastError (dwErrCode=0x0) [0050.619] GetLastError () returned 0x0 [0050.619] SetLastError (dwErrCode=0x0) [0050.619] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"iexplore.exe\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"iexplore.exe\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0050.831] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0050.832] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0050.833] GetLastError () returned 0x0 [0050.833] SetLastError (dwErrCode=0x0) [0050.833] GetLastError () returned 0x0 [0050.833] SetLastError (dwErrCode=0x0) [0050.833] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"%Temp%\\IXP000.TMP\\\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"%Temp%\\IXP000.TMP\\\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0051.039] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0051.040] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x6000) returned 0x4d3690 [0051.040] GetLastError () returned 0x0 [0051.040] SetLastError (dwErrCode=0x0) [0051.040] GetLastError () returned 0x0 [0051.040] SetLastError (dwErrCode=0x0) [0051.041] ShellExecuteExW (in: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"%Temp%\\IXP000.TMP\\\"", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x40fcdc*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="open", lpFile="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", lpParameters="/dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"%Temp%\\IXP000.TMP\\\"", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0051.136] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d3690 | out: hHeap=0x4b0000) returned 1 [0051.137] ReadFile (in: hFile=0xb0, lpBuffer=0x4d2688, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x40fc40, lpOverlapped=0x0 | out: lpBuffer=0x4d2688*, lpNumberOfBytesRead=0x40fc40*=0x0, lpOverlapped=0x0) returned 1 [0051.137] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4d2688 | out: hHeap=0x4b0000) returned 1 [0051.138] CloseHandle (hObject=0xb0) returned 1 [0051.138] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ce680 | out: hHeap=0x4b0000) returned 1 [0051.138] CoUninitialize () [0051.146] LocalFree (hMem=0x4c7ef8) returned 0x0 [0051.146] GetModuleHandleW (lpModuleName=0x0) returned 0x270000 [0051.147] GetModuleHandleW (lpModuleName=0x0) returned 0x270000 [0051.147] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c4fe8 | out: hHeap=0x4b0000) returned 1 [0051.147] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4ce188 | out: hHeap=0x4b0000) returned 1 [0051.147] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c72a8 | out: hHeap=0x4b0000) returned 1 [0051.147] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-2", hFile=0x0, dwFlags=0x800) returned 0x0 [0051.147] GetLastError () returned 0x7e [0051.147] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x40fdbc | out: phModule=0x40fdbc) returned 0 [0051.148] ExitProcess (uExitCode=0x0) [0051.149] HeapFree (in: hHeap=0x4b0000, dwFlags=0x0, lpMem=0x4c5118 | out: hHeap=0x4b0000) returned 1 Thread: id = 2 os_tid = 0xe18 Thread: id = 3 os_tid = 0xe1c Thread: id = 4 os_tid = 0xe20 Thread: id = 6 os_tid = 0xe2c Thread: id = 7 os_tid = 0xe30 Thread: id = 9 os_tid = 0xe3c Thread: id = 11 os_tid = 0xe48 Thread: id = 13 os_tid = 0xe54 Thread: id = 15 os_tid = 0xe60 Thread: id = 17 os_tid = 0xe6c Thread: id = 19 os_tid = 0xe7c Thread: id = 21 os_tid = 0xe88 Thread: id = 23 os_tid = 0xe94 Thread: id = 25 os_tid = 0xea0 Thread: id = 27 os_tid = 0xeac Thread: id = 29 os_tid = 0xeb8 Thread: id = 31 os_tid = 0xec4 Thread: id = 33 os_tid = 0xed0 Thread: id = 35 os_tid = 0xedc Thread: id = 37 os_tid = 0xee8 Thread: id = 39 os_tid = 0xef4 Process: id = "2" image_name = "dadjtxjf.exe" filename = "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe" page_root = "0x3f4da000" os_pid = "0xe24" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xe08" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e957" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 358 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 359 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 360 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 361 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 362 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 363 start_va = 0x80000 end_va = 0xbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 364 start_va = 0x150000 end_va = 0x24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 365 start_va = 0x270000 end_va = 0x291fff monitored = 1 entry_point = 0x271bac region_type = mapped_file name = "dadjtxjf.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe") Region: id = 366 start_va = 0x776e0000 end_va = 0x77888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 367 start_va = 0x778c0000 end_va = 0x77a3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 368 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 369 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 370 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 371 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 372 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 373 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 374 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 375 start_va = 0x450000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 376 start_va = 0x75130000 end_va = 0x75137fff monitored = 0 entry_point = 0x751320f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 377 start_va = 0x75140000 end_va = 0x7519bfff monitored = 0 entry_point = 0x7517f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 378 start_va = 0x751a0000 end_va = 0x751defff monitored = 0 entry_point = 0x751ce088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 379 start_va = 0x774c0000 end_va = 0x775defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000774c0000" filename = "" Region: id = 380 start_va = 0x775e0000 end_va = 0x776d9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000775e0000" filename = "" Region: id = 381 start_va = 0x4d0000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 382 start_va = 0x772b0000 end_va = 0x773bffff monitored = 0 entry_point = 0x772c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 383 start_va = 0x773e0000 end_va = 0x77426fff monitored = 0 entry_point = 0x773e74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 384 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 385 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 386 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 393 start_va = 0xc0000 end_va = 0x126fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 394 start_va = 0x766d0000 end_va = 0x767cffff monitored = 0 entry_point = 0x766eb6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 395 start_va = 0x76270000 end_va = 0x762fffff monitored = 0 entry_point = 0x76286343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 396 start_va = 0x77890000 end_va = 0x77899fff monitored = 0 entry_point = 0x778936a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 397 start_va = 0x76300000 end_va = 0x7639cfff monitored = 0 entry_point = 0x76333fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 398 start_va = 0x76b90000 end_va = 0x76c3bfff monitored = 0 entry_point = 0x76b9a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 399 start_va = 0x77180000 end_va = 0x7721ffff monitored = 0 entry_point = 0x771949e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 400 start_va = 0x77490000 end_va = 0x774a8fff monitored = 0 entry_point = 0x77494975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 401 start_va = 0x769e0000 end_va = 0x76acffff monitored = 0 entry_point = 0x769f0569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 402 start_va = 0x75410000 end_va = 0x7546ffff monitored = 0 entry_point = 0x7542a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 403 start_va = 0x75400000 end_va = 0x7540bfff monitored = 0 entry_point = 0x754010e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 404 start_va = 0x755b0000 end_va = 0x761f9fff monitored = 0 entry_point = 0x75631601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 405 start_va = 0x76850000 end_va = 0x768a6fff monitored = 0 entry_point = 0x76869ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 406 start_va = 0x763d0000 end_va = 0x7652bfff monitored = 0 entry_point = 0x7641ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 407 start_va = 0x2a0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 449 start_va = 0x4d0000 end_va = 0x657fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 450 start_va = 0x680000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 451 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 452 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 453 start_va = 0x77430000 end_va = 0x7748ffff monitored = 0 entry_point = 0x7744158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 454 start_va = 0x77050000 end_va = 0x7711bfff monitored = 0 entry_point = 0x7705168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 515 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 516 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 517 start_va = 0x780000 end_va = 0x900fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 518 start_va = 0x910000 end_va = 0x1d0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000910000" filename = "" Region: id = 519 start_va = 0x73430000 end_va = 0x73432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 520 start_va = 0x10000000 end_va = 0x10061fff monitored = 1 entry_point = 0x10001000 region_type = mapped_file name = "b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll" filename = "\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll" (normalized: "c:\\users\\keecfmwgj\\desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") Region: id = 521 start_va = 0x76b60000 end_va = 0x76b89fff monitored = 0 entry_point = 0x76b612fa region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\SysWOW64\\imagehlp.dll" (normalized: "c:\\windows\\syswow64\\imagehlp.dll") Region: id = 576 start_va = 0x741b0000 end_va = 0x741b4fff monitored = 0 entry_point = 0x741b10f6 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll") Region: id = 577 start_va = 0x74400000 end_va = 0x74408fff monitored = 0 entry_point = 0x74401220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 597 start_va = 0x75270000 end_va = 0x752a1fff monitored = 0 entry_point = 0x752737f1 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 598 start_va = 0x75210000 end_va = 0x75260fff monitored = 0 entry_point = 0x7523988c region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 660 start_va = 0x72aa0000 end_va = 0x72b23fff monitored = 0 entry_point = 0x72aa19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 778 start_va = 0x752d0000 end_va = 0x752ebfff monitored = 0 entry_point = 0x752d17db region_type = mapped_file name = "oledlg.dll" filename = "\\Windows\\SysWOW64\\oledlg.dll" (normalized: "c:\\windows\\syswow64\\oledlg.dll") Region: id = 799 start_va = 0x767d0000 end_va = 0x7684afff monitored = 0 entry_point = 0x767d1aee region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 1004 start_va = 0x72910000 end_va = 0x72a9ffff monitored = 0 entry_point = 0x729ad026 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 1244 start_va = 0x76ad0000 end_va = 0x76b5efff monitored = 0 entry_point = 0x76ad3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1390 start_va = 0x1d10000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d10000" filename = "" Region: id = 1391 start_va = 0x2a0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1392 start_va = 0x3c0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 1393 start_va = 0x2f0000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1656 start_va = 0x1d40000 end_va = 0x1d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 1657 start_va = 0x1e60000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 1658 start_va = 0x2050000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1659 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 1689 start_va = 0x74320000 end_va = 0x7439ffff monitored = 0 entry_point = 0x743337c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1690 start_va = 0x1ea0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 1708 start_va = 0x1d80000 end_va = 0x1e5efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d80000" filename = "" Region: id = 1709 start_va = 0x2150000 end_va = 0x241efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1741 start_va = 0x2f0000 end_va = 0x331fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1742 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1761 start_va = 0x2a0000 end_va = 0x2ccfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1762 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1763 start_va = 0x76200000 end_va = 0x76234fff monitored = 0 entry_point = 0x7620145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1764 start_va = 0x774b0000 end_va = 0x774b5fff monitored = 0 entry_point = 0x774b1782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1765 start_va = 0x2420000 end_va = 0x262ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 1847 start_va = 0x2420000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 1848 start_va = 0x25f0000 end_va = 0x262ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Region: id = 1859 start_va = 0x1f20000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 1860 start_va = 0x1f80000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 1861 start_va = 0x26c0000 end_va = 0x27bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 1862 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 1877 start_va = 0x752b0000 end_va = 0x752c0fff monitored = 0 entry_point = 0x752b1300 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 1878 start_va = 0x75200000 end_va = 0x75208fff monitored = 0 entry_point = 0x752015a6 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Region: id = 1879 start_va = 0x751e0000 end_va = 0x751f8fff monitored = 0 entry_point = 0x751e1319 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 1880 start_va = 0x72ca0000 end_va = 0x72caefff monitored = 0 entry_point = 0x72ca12a1 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\SysWOW64\\wkscli.dll" (normalized: "c:\\windows\\syswow64\\wkscli.dll") Region: id = 1881 start_va = 0x72c90000 end_va = 0x72c9efff monitored = 0 entry_point = 0x72c9125e region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\SysWOW64\\samcli.dll" (normalized: "c:\\windows\\syswow64\\samcli.dll") Region: id = 1884 start_va = 0x27c0000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 2280 start_va = 0x728e0000 end_va = 0x72901fff monitored = 0 entry_point = 0x728e53e9 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\SysWOW64\\logoncli.dll" (normalized: "c:\\windows\\syswow64\\logoncli.dll") Region: id = 2281 start_va = 0x728c0000 end_va = 0x728d6fff monitored = 0 entry_point = 0x728c1c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 2282 start_va = 0x744c0000 end_va = 0x744cafff monitored = 0 entry_point = 0x744c1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2283 start_va = 0x2430000 end_va = 0x246ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 2284 start_va = 0x2510000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 2285 start_va = 0x27d0000 end_va = 0x28cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 2286 start_va = 0x2900000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 2287 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2372 start_va = 0x2940000 end_va = 0x326ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 2429 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2430 start_va = 0x130000 end_va = 0x145fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 2431 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2432 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2481 start_va = 0x742a0000 end_va = 0x742b2fff monitored = 0 entry_point = 0x742a1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2482 start_va = 0x3d0000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2509 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2527 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2545 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2563 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2578 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2596 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2614 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2632 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2650 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2668 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2686 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2704 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2722 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2740 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2758 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2776 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2794 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2812 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2831 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2849 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2867 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2868 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2903 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2904 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2922 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2957 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2975 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2991 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3009 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3031 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3049 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3067 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3085 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3100 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3118 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3132 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3150 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3168 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3186 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3204 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3222 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3240 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3258 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3293 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3311 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3329 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3347 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3365 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3383 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3401 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3408 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3426 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3444 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3462 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3480 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3497 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3506 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3524 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3542 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3560 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3578 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3596 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3614 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3632 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3650 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3668 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3700 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3718 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3736 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3754 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3772 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3790 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3808 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3826 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3844 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3862 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3880 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3897 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3915 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3933 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3951 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3965 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3983 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4001 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4014 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4032 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4050 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4059 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4077 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4095 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4113 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4130 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4147 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4172 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4189 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4206 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4222 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4258 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4278 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4296 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4330 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4368 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4401 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4412 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4425 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4443 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4456 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4469 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4482 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4495 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4528 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4558 start_va = 0x70000 end_va = 0x7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4772 start_va = 0x370000 end_va = 0x390fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Thread: id = 5 os_tid = 0xe28 [0045.767] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24fb40 | out: lpSystemTimeAsFileTime=0x24fb40*(dwLowDateTime=0x1210a3b0, dwHighDateTime=0x1d7b3d4)) [0045.767] GetCurrentThreadId () returned 0xe28 [0045.767] GetCurrentProcessId () returned 0xe24 [0045.767] QueryPerformanceCounter (in: lpPerformanceCount=0x24fb38 | out: lpPerformanceCount=0x24fb38*=1283022972786) returned 1 [0045.772] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0045.772] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73430000 [0045.774] GetProcAddress (hModule=0x73430000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0045.774] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0045.774] GetLastError () returned 0x7e [0045.774] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x772b0000 [0045.774] GetProcAddress (hModule=0x772b0000, lpProcName="FlsAlloc") returned 0x772c4ee3 [0045.774] GetProcAddress (hModule=0x772b0000, lpProcName="FlsSetValue") returned 0x772c41c0 [0045.775] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x73430000 [0045.775] GetProcAddress (hModule=0x73430000, lpProcName="InitializeCriticalSectionEx") returned 0x0 [0045.776] GetProcessHeap () returned 0x680000 [0045.776] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0045.776] GetLastError () returned 0x7e [0045.776] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x772b0000 [0045.776] GetProcAddress (hModule=0x772b0000, lpProcName="FlsAlloc") returned 0x772c4ee3 [0045.776] GetLastError () returned 0x7e [0045.776] GetProcAddress (hModule=0x772b0000, lpProcName="FlsGetValue") returned 0x772c1252 [0045.776] GetProcAddress (hModule=0x772b0000, lpProcName="FlsSetValue") returned 0x772c41c0 [0045.776] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x364) returned 0x6950e0 [0045.776] SetLastError (dwErrCode=0x7e) [0045.776] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0xe00) returned 0x695450 [0045.778] GetStartupInfoW (in: lpStartupInfo=0x24fa78 | out: lpStartupInfo=0x24fa78*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x272780, hStdOutput=0xa9ebb298, hStdError=0xfffffffe)) [0045.778] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0045.778] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0045.778] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0045.778] GetCommandLineA () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass" [0045.778] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass" [0045.778] GetACP () returned 0x4e4 [0045.778] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x0, Size=0x220) returned 0x694d88 [0045.778] IsValidCodePage (CodePage=0x4e4) returned 1 [0045.778] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24fa98 | out: lpCPInfo=0x24fa98) returned 1 [0045.778] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x24f360 | out: lpCPInfo=0x24f360) returned 1 [0045.778] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f974, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0045.778] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f974, cbMultiByte=256, lpWideCharStr=0x24f108, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0045.779] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x24f374 | out: lpCharType=0x24f374) returned 1 [0045.779] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f974, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0045.779] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f974, cbMultiByte=256, lpWideCharStr=0x24f0b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā") returned 256 [0045.779] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0045.779] GetLastError () returned 0x7e [0045.779] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0045.779] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0045.779] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x24eea8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0045.779] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x24f874, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0045.779] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f974, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0045.779] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f974, cbMultiByte=256, lpWideCharStr=0x24f0d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0045.779] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0045.779] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x24eec8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0045.779] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x24f774, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x0, Size=0x80) returned 0x694fb0 [0045.780] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x148) returned 0x696a58 [0045.780] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0045.780] GetLastError () returned 0x0 [0045.780] SetLastError (dwErrCode=0x0) [0045.780] GetEnvironmentStringsW () returned 0x696ba8* [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x0, Size=0xb0e) returned 0x6976c0 [0045.780] FreeEnvironmentStringsW (penv=0x696ba8) returned 1 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x98) returned 0x696ba8 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x3e) returned 0x696c48 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x56) returned 0x696c90 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x6e) returned 0x696cf0 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x78) returned 0x691288 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x62) returned 0x696d68 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x30) returned 0x696dd8 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x48) returned 0x696e10 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x28) returned 0x695038 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x1a) returned 0x696a18 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x34) returned 0x696e60 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x5c) returned 0x696ea0 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x32) returned 0x696f08 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x2e) returned 0x696f48 [0045.780] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x1c) returned 0x6981f0 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x12a) returned 0x6989d8 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x7c) returned 0x698b10 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x36) returned 0x698b98 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x3a) returned 0x698bd8 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x90) returned 0x698c20 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x24) returned 0x698cb8 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x30) returned 0x698ce8 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x36) returned 0x698d20 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x48) returned 0x698d60 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x52) returned 0x698db0 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x3c) returned 0x698e10 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0xd6) returned 0x698e58 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x2e) returned 0x698f38 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x1e) returned 0x698218 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x2c) returned 0x698f70 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x54) returned 0x696f80 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x52) returned 0x696fe0 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x2c) returned 0x698fa8 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x26) returned 0x697040 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x3e) returned 0x699000 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x24) returned 0x697070 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x30) returned 0x6970a0 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x8c) returned 0x6970d8 [0045.781] HeapFree (in: hHeap=0x680000, dwFlags=0x0, lpMem=0x6976c0 | out: hHeap=0x680000) returned 1 [0045.781] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x8, Size=0x800) returned 0x697170 [0045.781] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0045.782] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0045.782] GetStartupInfoW (in: lpStartupInfo=0x24fadc | out: lpStartupInfo=0x24fadc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0045.782] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass" [0045.782] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass", pNumArgs=0x24fac8 | out: pNumArgs=0x24fac8) returned 0x697dc0*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0045.782] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0051.391] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0051.391] OleUninitialize () [0051.410] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0051.410] OleUninitialize () [0051.410] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0051.410] CoGetCurrentProcess () returned 0x27 [0051.520] CoFreeUnusedLibraries () [0051.520] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0x1a69af41, Data2=0xadcf, Data3=0x4257, Data4=([0]=0xb0, [1]=0xbc, [2]=0x32, [3]=0x50, [4]=0xb7, [5]=0x73, [6]=0x3d, [7]=0xc7))) returned 0x0 [0051.520] ShowCursor (bShow=1) returned 1 [0051.520] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0051.520] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0051.520] OleInitialize (pvReserved=0x0) returned 0x0 [0051.721] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0051.725] CoFreeUnusedLibraries () [0051.725] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0051.725] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0x4038e342, Data2=0xb658, Data3=0x4259, Data4=([0]=0xb1, [1]=0xe4, [2]=0xdd, [3]=0x17, [4]=0xdd, [5]=0xc9, [6]=0xff, [7]=0x3b))) returned 0x0 [0051.725] ShowCursor (bShow=1) returned 2 [0051.725] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0x4038e342, Data2=0xb658, Data3=0x4259, Data4=([0]=0xb1, [1]=0xe4, [2]=0xdd, [3]=0x17, [4]=0xdd, [5]=0xc9, [6]=0xff, [7]=0x3b))) returned 0x0 [0051.725] ShowCursor (bShow=1) returned 3 [0051.725] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0x4038e342, Data2=0xb658, Data3=0x4259, Data4=([0]=0xb1, [1]=0xe4, [2]=0xdd, [3]=0x17, [4]=0xdd, [5]=0xc9, [6]=0xff, [7]=0x3b))) returned 0x0 [0051.725] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0051.725] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0051.725] GetCurrentThread () returned 0xfffffffe [0051.725] ShowCursor (bShow=1) returned 4 [0051.725] CoGetCurrentProcess () returned 0x27 [0051.725] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0051.725] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0051.725] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0046.056] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x19efb4 | out: lpCharType=0x19efb4) returned 1 [0046.056] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f5b4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0046.056] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f5b4, cbMultiByte=256, lpWideCharStr=0x19ecf8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā") returned 256 [0046.056] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0046.056] GetLastError () returned 0x7e [0046.056] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0046.056] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0046.056] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x19eae8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0046.056] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x19f4b4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0e`\x07¨ðö\x19", lpUsedDefaultChar=0x0) returned 256 [0046.056] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f5b4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0046.057] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19f5b4, cbMultiByte=256, lpWideCharStr=0x19ed18, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0046.057] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0046.057] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19eb08, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0046.057] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x19f3b4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0e`\x07¨ðö\x19", lpUsedDefaultChar=0x0) returned 256 [0046.057] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0x80) returned 0x594fb0 [0046.057] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0046.057] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x148) returned 0x596a58 [0046.057] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0046.057] GetLastError () returned 0x0 [0046.057] SetLastError (dwErrCode=0x0) [0046.057] GetEnvironmentStringsW () returned 0x596ba8* [0046.057] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x0, Size=0xb0e) returned 0x5976c0 [0046.057] FreeEnvironmentStringsW (penv=0x596ba8) returned 1 [0046.057] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x98) returned 0x596ba8 [0046.057] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3e) returned 0x596c48 [0046.057] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x56) returned 0x596c90 [0046.057] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x6e) returned 0x596cf0 [0046.057] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x78) returned 0x591288 [0046.057] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x62) returned 0x596d68 [0046.057] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x30) returned 0x596dd8 [0046.057] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x48) returned 0x596e10 [0046.057] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x28) returned 0x595038 [0046.057] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x1a) returned 0x596a18 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x34) returned 0x596e60 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x5c) returned 0x596ea0 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x32) returned 0x596f08 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2e) returned 0x596f48 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x1c) returned 0x5981f0 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x12a) returned 0x5989d8 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x7c) returned 0x598b10 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x36) returned 0x598b98 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3a) returned 0x598bd8 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x90) returned 0x598c20 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x24) returned 0x598cb8 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x30) returned 0x598ce8 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x36) returned 0x598d20 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x48) returned 0x598d60 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x52) returned 0x598db0 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3c) returned 0x598e10 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0xd6) returned 0x598e58 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2e) returned 0x598f38 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x1e) returned 0x598218 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2c) returned 0x598f70 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x54) returned 0x596f80 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x52) returned 0x596fe0 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x2c) returned 0x598fa8 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x26) returned 0x597040 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x3e) returned 0x599000 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x24) returned 0x597070 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x30) returned 0x5970a0 [0046.058] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x8c) returned 0x5970d8 [0046.059] HeapFree (in: hHeap=0x580000, dwFlags=0x0, lpMem=0x5976c0 | out: hHeap=0x580000) returned 1 [0046.059] RtlAllocateHeap (HeapHandle=0x580000, Flags=0x8, Size=0x800) returned 0x597170 [0046.059] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0046.059] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0046.060] GetStartupInfoW (in: lpStartupInfo=0x19f71c | out: lpStartupInfo=0x19f71c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0046.060] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass" [0046.060] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass", pNumArgs=0x19f708 | out: pNumArgs=0x19f708) returned 0x597dc0*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0046.060] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0051.387] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0051.387] OleUninitialize () [0051.393] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0051.394] OleUninitialize () [0051.394] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0051.394] CoGetCurrentProcess () returned 0x24 [0051.440] CoFreeUnusedLibraries () [0051.440] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0xf9ec4864, Data2=0x6a02, Data3=0x4643, Data4=([0]=0x9d, [1]=0xb9, [2]=0xa8, [3]=0xba, [4]=0xe3, [5]=0x27, [6]=0x20, [7]=0xdd))) returned 0x0 [0051.441] ShowCursor (bShow=1) returned 1 [0051.441] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0051.441] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0051.441] OleInitialize (pvReserved=0x0) returned 0x0 [0051.471] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0051.488] CoFreeUnusedLibraries () [0051.488] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0051.488] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0xc8112512, Data2=0x9b66, Data3=0x443f, Data4=([0]=0x9e, [1]=0x78, [2]=0x92, [3]=0xe9, [4]=0xd4, [5]=0xcf, [6]=0xcb, [7]=0x4d))) returned 0x0 [0051.488] ShowCursor (bShow=1) returned 2 [0051.488] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0xc8112512, Data2=0x9b66, Data3=0x443f, Data4=([0]=0x9e, [1]=0x78, [2]=0x92, [3]=0xe9, [4]=0xd4, [5]=0xcf, [6]=0xcb, [7]=0x4d))) returned 0x0 [0051.488] ShowCursor (bShow=1) returned 3 [0051.488] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0xc8112512, Data2=0x9b66, Data3=0x443f, Data4=([0]=0x9e, [1]=0x78, [2]=0x92, [3]=0xe9, [4]=0xd4, [5]=0xcf, [6]=0xcb, [7]=0x4d))) returned 0x0 [0051.488] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0051.488] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0051.488] GetCurrentThread () returned 0xfffffffe [0051.488] ShowCursor (bShow=1) returned 4 [0051.488] CoGetCurrentProcess () returned 0x24 [0051.488] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0051.488] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0051.488] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0046.331] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpCharType=0x54f23c | out: lpCharType=0x54f23c) returned 1 [0046.331] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x54f83c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0046.331] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x54f83c, cbMultiByte=256, lpWideCharStr=0x54ef78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0046.331] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0046.331] GetLastError () returned 0x7e [0046.331] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0046.331] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0046.331] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x54ed68, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0046.331] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x54f73c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x15I\x8e®xùT", lpUsedDefaultChar=0x0) returned 256 [0046.332] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x54f83c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0046.332] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x54f83c, cbMultiByte=256, lpWideCharStr=0x54ef98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0046.332] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0046.332] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x54ed88, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0046.332] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x54f63c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x15I\x8e®xùT", lpUsedDefaultChar=0x0) returned 256 [0046.332] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x0, Size=0x80) returned 0x174fd8 [0046.332] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0046.332] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x162) returned 0x176a80 [0046.332] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0046.332] GetLastError () returned 0x0 [0046.332] SetLastError (dwErrCode=0x0) [0046.332] GetEnvironmentStringsW () returned 0x176bf0* [0046.332] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x0, Size=0xb0e) returned 0x177708 [0046.333] FreeEnvironmentStringsW (penv=0x176bf0) returned 1 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x98) returned 0x176bf0 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x3e) returned 0x176c90 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x56) returned 0x176cd8 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x6e) returned 0x176d38 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x78) returned 0x1712b0 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x62) returned 0x176db0 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x30) returned 0x176e20 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x48) returned 0x176e58 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x28) returned 0x175060 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x1a) returned 0x176a40 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x34) returned 0x176ea8 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x5c) returned 0x176ee8 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x32) returned 0x176f50 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x2e) returned 0x176f90 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x1c) returned 0x178238 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x12a) returned 0x178a20 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x7c) returned 0x178b58 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x36) returned 0x178be0 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x3a) returned 0x178c20 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x90) returned 0x178c68 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x24) returned 0x178d00 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x30) returned 0x178d30 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x36) returned 0x178d68 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x48) returned 0x178da8 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x52) returned 0x178df8 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x3c) returned 0x178e58 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0xd6) returned 0x178ea0 [0046.333] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x2e) returned 0x178f80 [0046.334] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x1e) returned 0x178260 [0046.334] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x2c) returned 0x176fc8 [0046.334] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x54) returned 0x177000 [0046.334] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x52) returned 0x177060 [0046.334] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x2c) returned 0x1770c0 [0046.334] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x26) returned 0x178fb8 [0046.334] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x3e) returned 0x179000 [0046.334] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x24) returned 0x1770f8 [0046.334] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x30) returned 0x177128 [0046.334] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x8c) returned 0x177160 [0046.334] HeapFree (in: hHeap=0x160000, dwFlags=0x0, lpMem=0x177708 | out: hHeap=0x160000) returned 1 [0046.334] RtlAllocateHeap (HeapHandle=0x160000, Flags=0x8, Size=0x800) returned 0x1771f8 [0046.334] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0046.334] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0046.335] GetStartupInfoW (in: lpStartupInfo=0x54f9a4 | out: lpStartupInfo=0x54f9a4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0046.335] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"0\"" [0046.335] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"0\"", pNumArgs=0x54f990 | out: pNumArgs=0x54f990) returned 0x177e48*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0046.335] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0051.392] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0051.392] OleUninitialize () [0051.406] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0051.406] OleUninitialize () [0051.406] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0051.406] CoGetCurrentProcess () returned 0x26 [0051.494] CoFreeUnusedLibraries () [0051.494] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0x53690ca7, Data2=0xeaa3, Data3=0x4b8b, Data4=([0]=0x8b, [1]=0xa4, [2]=0x0, [3]=0x85, [4]=0x69, [5]=0xcb, [6]=0x28, [7]=0x3f))) returned 0x0 [0051.494] ShowCursor (bShow=1) returned 1 [0051.494] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0051.494] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0051.494] OleInitialize (pvReserved=0x0) returned 0x0 [0051.512] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0051.517] CoFreeUnusedLibraries () [0051.517] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0051.517] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0xa729d7d9, Data2=0x1aa0, Data3=0x430f, Data4=([0]=0xac, [1]=0xa3, [2]=0xc5, [3]=0x12, [4]=0x58, [5]=0xa3, [6]=0xdc, [7]=0x38))) returned 0x0 [0051.517] ShowCursor (bShow=1) returned 2 [0051.517] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0xa729d7d9, Data2=0x1aa0, Data3=0x430f, Data4=([0]=0xac, [1]=0xa3, [2]=0xc5, [3]=0x12, [4]=0x58, [5]=0xa3, [6]=0xdc, [7]=0x38))) returned 0x0 [0051.517] ShowCursor (bShow=1) returned 3 [0051.517] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0xa729d7d9, Data2=0x1aa0, Data3=0x430f, Data4=([0]=0xac, [1]=0xa3, [2]=0xc5, [3]=0x12, [4]=0x58, [5]=0xa3, [6]=0xdc, [7]=0x38))) returned 0x0 [0051.517] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0051.517] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0051.517] GetCurrentThread () returned 0xfffffffe [0051.517] ShowCursor (bShow=1) returned 4 [0051.517] CoGetCurrentProcess () returned 0x26 [0051.517] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0051.517] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0051.517] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0046.987] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpCharType=0x17f0ac | out: lpCharType=0x17f0ac) returned 1 [0046.987] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x17f6ac, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0046.987] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x17f6ac, cbMultiByte=256, lpWideCharStr=0x17ede8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0046.987] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0046.987] GetLastError () returned 0x7e [0046.987] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0046.987] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0046.988] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x17ebd8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0046.988] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x17f5ac, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¾\x82ÌÒè÷\x17", lpUsedDefaultChar=0x0) returned 256 [0046.988] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x17f6ac, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0046.988] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x17f6ac, cbMultiByte=256, lpWideCharStr=0x17ee08, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0046.988] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0046.988] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x17ebf8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0046.988] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x17f4ac, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¾\x82ÌÒè÷\x17", lpUsedDefaultChar=0x0) returned 256 [0046.988] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x80) returned 0x414fd8 [0046.988] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0046.988] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x162) returned 0x416a80 [0046.988] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0046.988] GetLastError () returned 0x0 [0046.988] SetLastError (dwErrCode=0x0) [0046.988] GetEnvironmentStringsW () returned 0x416bf0* [0046.988] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xb0e) returned 0x417708 [0046.989] FreeEnvironmentStringsW (penv=0x416bf0) returned 1 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x98) returned 0x416bf0 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x3e) returned 0x416c90 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x56) returned 0x416cd8 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x6e) returned 0x416d38 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x78) returned 0x4112b0 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x62) returned 0x416db0 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x30) returned 0x416e20 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x48) returned 0x416e58 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x28) returned 0x415060 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1a) returned 0x416a40 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x34) returned 0x416ea8 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x5c) returned 0x416ee8 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x32) returned 0x416f50 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x2e) returned 0x416f90 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1c) returned 0x418238 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x12a) returned 0x418a20 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x7c) returned 0x418b58 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x36) returned 0x418be0 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x3a) returned 0x418c20 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x90) returned 0x418c68 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x24) returned 0x418d00 [0046.989] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x30) returned 0x418d30 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x36) returned 0x418d68 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x48) returned 0x418da8 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x52) returned 0x418df8 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x3c) returned 0x418e58 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0xd6) returned 0x418ea0 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x2e) returned 0x418f80 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1e) returned 0x418260 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x2c) returned 0x416fc8 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x54) returned 0x417000 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x52) returned 0x417060 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x2c) returned 0x4170c0 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x26) returned 0x418fb8 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x3e) returned 0x419000 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x24) returned 0x4170f8 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x30) returned 0x417128 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x8c) returned 0x417160 [0046.990] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x417708 | out: hHeap=0x400000) returned 1 [0046.990] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x800) returned 0x4171f8 [0046.990] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0046.991] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0046.991] GetStartupInfoW (in: lpStartupInfo=0x17f814 | out: lpStartupInfo=0x17f814*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0046.991] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"0\"" [0046.991] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"0\"", pNumArgs=0x17f800 | out: pNumArgs=0x17f800) returned 0x417e48*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0046.991] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0051.390] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0051.390] OleUninitialize () [0051.415] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0051.415] OleUninitialize () [0051.415] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0051.415] CoGetCurrentProcess () returned 0x28 [0051.525] CoFreeUnusedLibraries () [0051.525] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0xb9813062, Data2=0x5760, Data3=0x4548, Data4=([0]=0xa7, [1]=0xfb, [2]=0x29, [3]=0xbb, [4]=0x7d, [5]=0xf1, [6]=0x66, [7]=0x21))) returned 0x0 [0051.525] ShowCursor (bShow=1) returned 1 [0051.525] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0051.526] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0051.526] OleInitialize (pvReserved=0x0) returned 0x0 [0051.730] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0051.733] CoFreeUnusedLibraries () [0051.733] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0051.733] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0x607f66aa, Data2=0xaa92, Data3=0x4502, Data4=([0]=0xba, [1]=0x5f, [2]=0x3f, [3]=0xf5, [4]=0x41, [5]=0x2a, [6]=0x2c, [7]=0x83))) returned 0x0 [0051.733] ShowCursor (bShow=1) returned 2 [0051.733] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0x607f66aa, Data2=0xaa92, Data3=0x4502, Data4=([0]=0xba, [1]=0x5f, [2]=0x3f, [3]=0xf5, [4]=0x41, [5]=0x2a, [6]=0x2c, [7]=0x83))) returned 0x0 [0051.733] ShowCursor (bShow=1) returned 3 [0051.733] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0x607f66aa, Data2=0xaa92, Data3=0x4502, Data4=([0]=0xba, [1]=0x5f, [2]=0x3f, [3]=0xf5, [4]=0x41, [5]=0x2a, [6]=0x2c, [7]=0x83))) returned 0x0 [0051.733] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0051.733] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0051.733] GetCurrentThread () returned 0xfffffffe [0051.733] ShowCursor (bShow=1) returned 4 [0051.733] CoGetCurrentProcess () returned 0x28 [0051.733] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0051.734] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0051.734] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0047.906] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpCharType=0x1bf23c | out: lpCharType=0x1bf23c) returned 1 [0047.907] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1bf83c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0047.907] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1bf83c, cbMultiByte=256, lpWideCharStr=0x1bef78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0047.907] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0047.907] GetLastError () returned 0x7e [0047.907] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0047.907] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0047.907] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x1bed68, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0047.907] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x1bf73c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x07\x15mÕxù\x1b", lpUsedDefaultChar=0x0) returned 256 [0047.907] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1bf83c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0047.907] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x1bf83c, cbMultiByte=256, lpWideCharStr=0x1bef98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0047.907] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0047.907] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x1bed88, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0047.907] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x1bf63c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x07\x15mÕxù\x1b", lpUsedDefaultChar=0x0) returned 256 [0047.907] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x80) returned 0x674fd8 [0047.907] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0047.907] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x162) returned 0x676a80 [0047.907] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0047.907] GetLastError () returned 0x0 [0047.907] SetLastError (dwErrCode=0x0) [0047.908] GetEnvironmentStringsW () returned 0x676bf0* [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0xb0e) returned 0x677708 [0047.908] FreeEnvironmentStringsW (penv=0x676bf0) returned 1 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x98) returned 0x676bf0 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x3e) returned 0x676c90 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x56) returned 0x676cd8 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x6e) returned 0x676d38 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x78) returned 0x6712b0 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x62) returned 0x676db0 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x30) returned 0x676e20 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x48) returned 0x676e58 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x28) returned 0x675060 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x1a) returned 0x676a40 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x34) returned 0x676ea8 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x5c) returned 0x676ee8 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x32) returned 0x676f50 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x2e) returned 0x676f90 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x1c) returned 0x678238 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x12a) returned 0x678a20 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x7c) returned 0x678b58 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x36) returned 0x678be0 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x3a) returned 0x678c20 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x90) returned 0x678c68 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x24) returned 0x678d00 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x30) returned 0x678d30 [0047.908] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x36) returned 0x678d68 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x48) returned 0x678da8 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x52) returned 0x678df8 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x3c) returned 0x678e58 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0xd6) returned 0x678ea0 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x2e) returned 0x678f80 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x1e) returned 0x678260 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x2c) returned 0x676fc8 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x54) returned 0x677000 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x52) returned 0x677060 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x2c) returned 0x6770c0 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x26) returned 0x678fb8 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x3e) returned 0x679000 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x24) returned 0x6770f8 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x30) returned 0x677128 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x8c) returned 0x677160 [0047.909] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x677708 | out: hHeap=0x660000) returned 1 [0047.909] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x800) returned 0x6771f8 [0047.909] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0047.909] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0047.909] GetStartupInfoW (in: lpStartupInfo=0x1bf9a4 | out: lpStartupInfo=0x1bf9a4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0047.910] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"1\"" [0047.910] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"1\"", pNumArgs=0x1bf990 | out: pNumArgs=0x1bf990) returned 0x677e48*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0047.910] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0051.389] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0051.389] OleUninitialize () [0051.419] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0051.420] OleUninitialize () [0051.420] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0051.420] CoGetCurrentProcess () returned 0x29 [0051.531] CoFreeUnusedLibraries () [0051.531] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0x707a29d3, Data2=0xe799, Data3=0x487b, Data4=([0]=0xad, [1]=0x25, [2]=0x19, [3]=0x3b, [4]=0x1a, [5]=0x7b, [6]=0xaf, [7]=0xd6))) returned 0x0 [0051.531] ShowCursor (bShow=1) returned 1 [0051.531] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0051.531] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0051.531] OleInitialize (pvReserved=0x0) returned 0x0 [0051.738] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0051.741] CoFreeUnusedLibraries () [0051.742] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0051.742] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0x305eb280, Data2=0xb0fb, Data3=0x4eb6, Data4=([0]=0x96, [1]=0x86, [2]=0xd0, [3]=0x93, [4]=0xc8, [5]=0x89, [6]=0x7e, [7]=0x4c))) returned 0x0 [0051.742] ShowCursor (bShow=1) returned 2 [0051.742] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0x305eb280, Data2=0xb0fb, Data3=0x4eb6, Data4=([0]=0x96, [1]=0x86, [2]=0xd0, [3]=0x93, [4]=0xc8, [5]=0x89, [6]=0x7e, [7]=0x4c))) returned 0x0 [0051.742] ShowCursor (bShow=1) returned 3 [0051.742] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0x305eb280, Data2=0xb0fb, Data3=0x4eb6, Data4=([0]=0x96, [1]=0x86, [2]=0xd0, [3]=0x93, [4]=0xc8, [5]=0x89, [6]=0x7e, [7]=0x4c))) returned 0x0 [0051.742] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0051.742] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0051.742] GetCurrentThread () returned 0xfffffffe [0051.742] ShowCursor (bShow=1) returned 4 [0051.742] CoGetCurrentProcess () returned 0x29 [0051.742] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0051.742] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0051.742] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0047.950] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x26f034 | out: lpCharType=0x26f034) returned 1 [0047.950] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f634, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0047.950] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f634, cbMultiByte=256, lpWideCharStr=0x26ed78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā") returned 256 [0047.950] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0047.950] GetLastError () returned 0x7e [0047.951] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0047.951] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0047.951] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x26eb68, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0047.951] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x26f534, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿj¤¶Ôp÷&", lpUsedDefaultChar=0x0) returned 256 [0047.951] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f634, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0047.951] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f634, cbMultiByte=256, lpWideCharStr=0x26ed98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0047.951] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0047.951] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26eb88, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0047.951] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x26f434, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿj¤¶Ôp÷&", lpUsedDefaultChar=0x0) returned 256 [0047.951] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x80) returned 0x474fd8 [0047.951] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0047.951] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x162) returned 0x476a80 [0047.951] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0047.951] GetLastError () returned 0x0 [0047.951] SetLastError (dwErrCode=0x0) [0047.951] GetEnvironmentStringsW () returned 0x476bf0* [0047.951] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0xb0e) returned 0x477708 [0047.951] FreeEnvironmentStringsW (penv=0x476bf0) returned 1 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x98) returned 0x476bf0 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x3e) returned 0x476c90 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x56) returned 0x476cd8 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x6e) returned 0x476d38 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x78) returned 0x4712b0 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x62) returned 0x476db0 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x30) returned 0x476e20 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x48) returned 0x476e58 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x28) returned 0x475060 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x1a) returned 0x476a40 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x34) returned 0x476ea8 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x5c) returned 0x476ee8 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x32) returned 0x476f50 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x2e) returned 0x476f90 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x1c) returned 0x478238 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x12a) returned 0x478a20 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x7c) returned 0x478b58 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x36) returned 0x478be0 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x3a) returned 0x478c20 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x90) returned 0x478c68 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x24) returned 0x478d00 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x30) returned 0x478d30 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x36) returned 0x478d68 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x48) returned 0x478da8 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x52) returned 0x478df8 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x3c) returned 0x478e58 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0xd6) returned 0x478ea0 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x2e) returned 0x478f80 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x1e) returned 0x478260 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x2c) returned 0x476fc8 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x54) returned 0x477000 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x52) returned 0x477060 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x2c) returned 0x4770c0 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x26) returned 0x478fb8 [0047.952] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x3e) returned 0x479000 [0047.953] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x24) returned 0x4770f8 [0047.953] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x30) returned 0x477128 [0047.953] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x8c) returned 0x477160 [0047.953] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x477708 | out: hHeap=0x460000) returned 1 [0047.953] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x8, Size=0x800) returned 0x4771f8 [0047.953] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0047.953] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0047.953] GetStartupInfoW (in: lpStartupInfo=0x26f79c | out: lpStartupInfo=0x26f79c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0047.953] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"1\"" [0047.953] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"1\"", pNumArgs=0x26f788 | out: pNumArgs=0x26f788) returned 0x477e48*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0047.953] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0051.393] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0051.393] OleUninitialize () [0051.401] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0051.401] OleUninitialize () [0051.401] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0051.401] CoGetCurrentProcess () returned 0x25 [0051.490] CoFreeUnusedLibraries () [0051.490] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0x717fa9df, Data2=0xa1ef, Data3=0x443c, Data4=([0]=0xb8, [1]=0xa2, [2]=0xba, [3]=0xa0, [4]=0xfc, [5]=0x9e, [6]=0x41, [7]=0x57))) returned 0x0 [0051.490] ShowCursor (bShow=1) returned 1 [0051.490] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0051.490] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0051.490] OleInitialize (pvReserved=0x0) returned 0x0 [0051.504] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0051.508] CoFreeUnusedLibraries () [0051.508] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0051.508] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0x233e628d, Data2=0x4108, Data3=0x47d1, Data4=([0]=0x95, [1]=0xa3, [2]=0x83, [3]=0xc2, [4]=0x30, [5]=0x3b, [6]=0x99, [7]=0xc4))) returned 0x0 [0051.508] ShowCursor (bShow=1) returned 2 [0051.508] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0x233e628d, Data2=0x4108, Data3=0x47d1, Data4=([0]=0x95, [1]=0xa3, [2]=0x83, [3]=0xc2, [4]=0x30, [5]=0x3b, [6]=0x99, [7]=0xc4))) returned 0x0 [0051.508] ShowCursor (bShow=1) returned 3 [0051.508] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0x233e628d, Data2=0x4108, Data3=0x47d1, Data4=([0]=0x95, [1]=0xa3, [2]=0x83, [3]=0xc2, [4]=0x30, [5]=0x3b, [6]=0x99, [7]=0xc4))) returned 0x0 [0051.508] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0051.508] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0051.508] GetCurrentThread () returned 0xfffffffe [0051.508] ShowCursor (bShow=1) returned 4 [0051.508] CoGetCurrentProcess () returned 0x25 [0051.508] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0051.508] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0051.508] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0049.225] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x4af454 | out: lpCharType=0x4af454) returned 1 [0049.225] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x4afa54, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0049.225] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x4afa54, cbMultiByte=256, lpWideCharStr=0x4af198, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā") returned 256 [0049.225] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0049.225] GetLastError () returned 0x7e [0049.225] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0049.226] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0049.226] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x4aef88, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0049.226] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x4af954, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ~ðÎÝ\x90ûJ", lpUsedDefaultChar=0x0) returned 256 [0049.226] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x4afa54, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0049.226] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x4afa54, cbMultiByte=256, lpWideCharStr=0x4af1b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0049.226] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0049.226] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x4aefa8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0049.226] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x4af854, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ~ðÎÝ\x90ûJ", lpUsedDefaultChar=0x0) returned 256 [0049.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x80) returned 0x784ff0 [0049.226] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0049.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x16e) returned 0x786a98 [0049.226] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0049.226] GetLastError () returned 0x0 [0049.226] SetLastError (dwErrCode=0x0) [0049.226] GetEnvironmentStringsW () returned 0x786c10* [0049.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xb0e) returned 0x787728 [0049.226] FreeEnvironmentStringsW (penv=0x786c10) returned 1 [0049.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x98) returned 0x786c10 [0049.226] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x3e) returned 0x786cb0 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x56) returned 0x786cf8 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x6e) returned 0x786d58 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x78) returned 0x7812c8 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x62) returned 0x786dd0 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x30) returned 0x786e40 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x48) returned 0x786e78 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x28) returned 0x785078 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x1a) returned 0x786a58 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x34) returned 0x786ec8 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x5c) returned 0x786f08 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x32) returned 0x786f70 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x2e) returned 0x786fb0 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x1c) returned 0x788258 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x12a) returned 0x788a40 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x7c) returned 0x788b78 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x36) returned 0x788c00 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x3a) returned 0x788c40 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x90) returned 0x788c88 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x24) returned 0x788d20 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x30) returned 0x788d50 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x36) returned 0x788d88 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x48) returned 0x788dc8 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x52) returned 0x788e18 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x3c) returned 0x788e78 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0xd6) returned 0x788ec0 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x2e) returned 0x788fa0 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x1e) returned 0x788280 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x2c) returned 0x786fe8 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x54) returned 0x787020 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x52) returned 0x787080 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x2c) returned 0x7870e0 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x26) returned 0x787118 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x3e) returned 0x788ff0 [0049.227] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x24) returned 0x787148 [0049.228] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x30) returned 0x787178 [0049.228] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x8c) returned 0x7871b0 [0049.228] HeapFree (in: hHeap=0x770000, dwFlags=0x0, lpMem=0x787728 | out: hHeap=0x770000) returned 1 [0049.228] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x800) returned 0x787248 [0049.228] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0049.228] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0049.228] GetStartupInfoW (in: lpStartupInfo=0x4afbbc | out: lpStartupInfo=0x4afbbc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0049.228] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"Install\"" [0049.228] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"Install\"", pNumArgs=0x4afba8 | out: pNumArgs=0x4afba8) returned 0x787e98*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0049.228] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") [0051.460] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0051.460] OleUninitialize () [0051.461] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0051.461] OleUninitialize () [0051.461] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0051.461] CoGetCurrentProcess () returned 0x2a [0052.143] CoFreeUnusedLibraries () [0052.143] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0x5a8af4b8, Data2=0x4866, Data3=0x4f33, Data4=([0]=0xa9, [1]=0xb6, [2]=0xae, [3]=0xb7, [4]=0x6c, [5]=0xeb, [6]=0x48, [7]=0xd4))) returned 0x0 [0052.144] ShowCursor (bShow=1) returned 1 [0052.144] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0052.144] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0052.144] OleInitialize (pvReserved=0x0) returned 0x0 [0052.568] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0052.572] CoFreeUnusedLibraries () [0052.573] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0052.573] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0x775e87c5, Data2=0x9152, Data3=0x4cbe, Data4=([0]=0x97, [1]=0x3d, [2]=0xf8, [3]=0x8d, [4]=0xf6, [5]=0x23, [6]=0x57, [7]=0x35))) returned 0x0 [0052.573] ShowCursor (bShow=1) returned 2 [0052.573] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0x775e87c5, Data2=0x9152, Data3=0x4cbe, Data4=([0]=0x97, [1]=0x3d, [2]=0xf8, [3]=0x8d, [4]=0xf6, [5]=0x23, [6]=0x57, [7]=0x35))) returned 0x0 [0052.573] ShowCursor (bShow=1) returned 3 [0052.573] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0x775e87c5, Data2=0x9152, Data3=0x4cbe, Data4=([0]=0x97, [1]=0x3d, [2]=0xf8, [3]=0x8d, [4]=0xf6, [5]=0x23, [6]=0x57, [7]=0x35))) returned 0x0 [0052.573] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0052.573] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0052.573] GetCurrentThread () returned 0xfffffffe [0052.573] ShowCursor (bShow=1) returned 4 [0052.573] CoGetCurrentProcess () returned 0x2a [0052.573] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0052.573] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0052.573] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0049.259] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpCharType=0x42f5cc | out: lpCharType=0x42f5cc) returned 1 [0049.259] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x42fbcc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0049.259] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x42fbcc, cbMultiByte=256, lpWideCharStr=0x42f308, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0049.259] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0049.260] GetLastError () returned 0x7e [0049.260] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0049.260] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0049.260] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x42f0f8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0049.260] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x42facc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿç¥\x9fÝ\x08ýB", lpUsedDefaultChar=0x0) returned 256 [0049.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x42fbcc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0049.260] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x42fbcc, cbMultiByte=256, lpWideCharStr=0x42f328, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0049.260] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0049.260] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x42f118, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0049.260] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x42f9cc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿç¥\x9fÝ\x08ýB", lpUsedDefaultChar=0x0) returned 256 [0049.260] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x80) returned 0x784ff0 [0049.260] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0049.260] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x16e) returned 0x786a98 [0049.260] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0049.260] GetLastError () returned 0x0 [0049.260] SetLastError (dwErrCode=0x0) [0049.260] GetEnvironmentStringsW () returned 0x786c10* [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0xb0e) returned 0x787728 [0049.261] FreeEnvironmentStringsW (penv=0x786c10) returned 1 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x98) returned 0x786c10 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x3e) returned 0x786cb0 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x56) returned 0x786cf8 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x6e) returned 0x786d58 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x78) returned 0x7812c8 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x62) returned 0x786dd0 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x30) returned 0x786e40 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x48) returned 0x786e78 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x28) returned 0x785078 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x1a) returned 0x786a58 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x34) returned 0x786ec8 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x5c) returned 0x786f08 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x32) returned 0x786f70 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x2e) returned 0x786fb0 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x1c) returned 0x788258 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x12a) returned 0x788a40 [0049.261] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x7c) returned 0x788b78 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x36) returned 0x788c00 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x3a) returned 0x788c40 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x90) returned 0x788c88 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x24) returned 0x788d20 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x30) returned 0x788d50 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x36) returned 0x788d88 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x48) returned 0x788dc8 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x52) returned 0x788e18 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x3c) returned 0x788e78 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0xd6) returned 0x788ec0 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x2e) returned 0x788fa0 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x1e) returned 0x788280 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x2c) returned 0x786fe8 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x54) returned 0x787020 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x52) returned 0x787080 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x2c) returned 0x7870e0 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x26) returned 0x787118 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x3e) returned 0x788ff0 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x24) returned 0x787148 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x30) returned 0x787178 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x8c) returned 0x7871b0 [0049.262] HeapFree (in: hHeap=0x770000, dwFlags=0x0, lpMem=0x787728 | out: hHeap=0x770000) returned 1 [0049.262] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x800) returned 0x787248 [0049.263] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0049.263] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0049.263] GetStartupInfoW (in: lpStartupInfo=0x42fd34 | out: lpStartupInfo=0x42fd34*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0049.263] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"Install\"" [0049.263] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"Install\"", pNumArgs=0x42fd20 | out: pNumArgs=0x42fd20) returned 0x787e98*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0049.263] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0051.711] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0051.711] OleUninitialize () [0051.711] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0051.712] OleUninitialize () [0051.712] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0051.712] CoGetCurrentProcess () returned 0x2b [0052.705] CoFreeUnusedLibraries () [0052.705] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0xe2cefdf8, Data2=0x49e9, Data3=0x4fdd, Data4=([0]=0x91, [1]=0x7a, [2]=0x7, [3]=0x25, [4]=0x3c, [5]=0x23, [6]=0xd2, [7]=0x7b))) returned 0x0 [0052.706] ShowCursor (bShow=1) returned 1 [0052.706] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0052.706] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0052.706] OleInitialize (pvReserved=0x0) returned 0x0 [0052.893] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0052.897] CoFreeUnusedLibraries () [0052.897] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0052.897] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0xcb0b0758, Data2=0xe39b, Data3=0x427b, Data4=([0]=0x9f, [1]=0x4f, [2]=0xc6, [3]=0xbc, [4]=0x96, [5]=0x15, [6]=0x95, [7]=0x8e))) returned 0x0 [0052.897] ShowCursor (bShow=1) returned 2 [0052.897] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0xcb0b0758, Data2=0xe39b, Data3=0x427b, Data4=([0]=0x9f, [1]=0x4f, [2]=0xc6, [3]=0xbc, [4]=0x96, [5]=0x15, [6]=0x95, [7]=0x8e))) returned 0x0 [0052.897] ShowCursor (bShow=1) returned 3 [0052.897] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0xcb0b0758, Data2=0xe39b, Data3=0x427b, Data4=([0]=0x9f, [1]=0x4f, [2]=0xc6, [3]=0xbc, [4]=0x96, [5]=0x15, [6]=0x95, [7]=0x8e))) returned 0x0 [0052.897] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0052.897] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0052.897] GetCurrentThread () returned 0xfffffffe [0052.897] ShowCursor (bShow=1) returned 4 [0052.897] CoGetCurrentProcess () returned 0x2b [0052.897] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0052.897] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0052.897] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0050.074] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpCharType=0x22f0fc | out: lpCharType=0x22f0fc) returned 1 [0050.075] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f6fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.075] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f6fc, cbMultiByte=256, lpWideCharStr=0x22ee38, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0050.075] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0050.075] GetLastError () returned 0x7e [0050.075] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0050.075] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.075] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x22ec28, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0050.075] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x22f5fc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0f°³À8ø\"", lpUsedDefaultChar=0x0) returned 256 [0050.075] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f6fc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.075] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x22f6fc, cbMultiByte=256, lpWideCharStr=0x22ee58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0050.075] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.075] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x22ec48, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0050.075] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x22f4fc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0f°³À8ø\"", lpUsedDefaultChar=0x0) returned 256 [0050.075] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x80) returned 0x555000 [0050.076] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0050.076] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x17c) returned 0x556aa8 [0050.076] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0050.076] GetLastError () returned 0x0 [0050.076] SetLastError (dwErrCode=0x0) [0050.076] GetEnvironmentStringsW () returned 0x556c30* [0050.076] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0xb0e) returned 0x557748 [0050.076] FreeEnvironmentStringsW (penv=0x556c30) returned 1 [0050.076] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x98) returned 0x556c30 [0050.076] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x3e) returned 0x556cd0 [0050.076] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x56) returned 0x556d18 [0050.076] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x6e) returned 0x556d78 [0050.076] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x78) returned 0x5512d8 [0050.076] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x62) returned 0x556df0 [0050.076] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x30) returned 0x556e60 [0050.076] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x48) returned 0x556e98 [0050.076] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x28) returned 0x555088 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x1a) returned 0x556a68 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x34) returned 0x556ee8 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x5c) returned 0x556f28 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x32) returned 0x556f90 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x2e) returned 0x556fd0 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x1c) returned 0x558278 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x12a) returned 0x558a60 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x7c) returned 0x558b98 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x36) returned 0x558c20 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x3a) returned 0x558c60 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x90) returned 0x558ca8 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x24) returned 0x558d40 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x30) returned 0x558d70 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x36) returned 0x558da8 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x48) returned 0x558de8 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x52) returned 0x558e38 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x3c) returned 0x558e98 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0xd6) returned 0x558ee0 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x2e) returned 0x557008 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x1e) returned 0x5582a0 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x2c) returned 0x557040 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x54) returned 0x557078 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x52) returned 0x5570d8 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x2c) returned 0x557138 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x26) returned 0x557170 [0050.077] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x3e) returned 0x558fd8 [0050.078] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x24) returned 0x5571a0 [0050.078] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x30) returned 0x5571d0 [0050.078] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x8c) returned 0x557208 [0050.078] HeapFree (in: hHeap=0x540000, dwFlags=0x0, lpMem=0x557748 | out: hHeap=0x540000) returned 1 [0050.078] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x8, Size=0x800) returned 0x5572a0 [0050.078] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0050.078] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0050.078] GetStartupInfoW (in: lpStartupInfo=0x22f864 | out: lpStartupInfo=0x22f864*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0050.078] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"DefaultInstall\"" [0050.078] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"DefaultInstall\"", pNumArgs=0x22f850 | out: pNumArgs=0x22f850) returned 0x557ef0*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0050.079] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") [0054.085] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0054.085] OleUninitialize () [0054.085] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0054.086] OleUninitialize () [0054.086] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0054.086] CoGetCurrentProcess () returned 0x2f [0054.178] CoFreeUnusedLibraries () [0054.178] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0xef0bf518, Data2=0x8481, Data3=0x435e, Data4=([0]=0x8a, [1]=0x8a, [2]=0x98, [3]=0x9, [4]=0xb8, [5]=0x8b, [6]=0x6c, [7]=0xd6))) returned 0x0 [0054.179] ShowCursor (bShow=1) returned 1 [0054.179] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0054.179] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0054.179] OleInitialize (pvReserved=0x0) returned 0x0 [0054.303] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0054.307] CoFreeUnusedLibraries () [0054.307] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0054.307] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0x21e3c7a4, Data2=0xc3d1, Data3=0x42ae, Data4=([0]=0xa9, [1]=0x1b, [2]=0xc9, [3]=0xc6, [4]=0x21, [5]=0xe5, [6]=0x78, [7]=0x12))) returned 0x0 [0054.307] ShowCursor (bShow=1) returned 2 [0054.307] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0x21e3c7a4, Data2=0xc3d1, Data3=0x42ae, Data4=([0]=0xa9, [1]=0x1b, [2]=0xc9, [3]=0xc6, [4]=0x21, [5]=0xe5, [6]=0x78, [7]=0x12))) returned 0x0 [0054.307] ShowCursor (bShow=1) returned 3 [0054.307] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0x21e3c7a4, Data2=0xc3d1, Data3=0x42ae, Data4=([0]=0xa9, [1]=0x1b, [2]=0xc9, [3]=0xc6, [4]=0x21, [5]=0xe5, [6]=0x78, [7]=0x12))) returned 0x0 [0054.307] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0054.307] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0054.307] GetCurrentThread () returned 0xfffffffe [0054.307] ShowCursor (bShow=1) returned 4 [0054.307] CoGetCurrentProcess () returned 0x2f [0054.307] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0054.307] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0054.307] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0050.112] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x24f194 | out: lpCharType=0x24f194) returned 1 [0050.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f794, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f794, cbMultiByte=256, lpWideCharStr=0x24eed8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā") returned 256 [0050.112] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0050.112] GetLastError () returned 0x7e [0050.112] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0050.112] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.113] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x24ecc8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0050.113] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x24f694, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÛ\x8dÌÀÐø$", lpUsedDefaultChar=0x0) returned 256 [0050.113] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f794, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.113] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x24f794, cbMultiByte=256, lpWideCharStr=0x24eef8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0050.113] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.113] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x24ece8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0050.113] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x24f594, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÛ\x8dÌÀÐø$", lpUsedDefaultChar=0x0) returned 256 [0050.113] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x0, Size=0x80) returned 0x3d5000 [0050.113] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0050.113] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x17c) returned 0x3d6aa8 [0050.113] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0050.113] GetLastError () returned 0x0 [0050.113] SetLastError (dwErrCode=0x0) [0050.113] GetEnvironmentStringsW () returned 0x3d6c30* [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x0, Size=0xb0e) returned 0x3d7748 [0050.114] FreeEnvironmentStringsW (penv=0x3d6c30) returned 1 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x98) returned 0x3d6c30 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x3e) returned 0x3d6cd0 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x56) returned 0x3d6d18 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x6e) returned 0x3d6d78 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x78) returned 0x3d12d8 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x62) returned 0x3d6df0 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x30) returned 0x3d6e60 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x48) returned 0x3d6e98 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x28) returned 0x3d5088 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x1a) returned 0x3d6a68 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x34) returned 0x3d6ee8 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x5c) returned 0x3d6f28 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x32) returned 0x3d6f90 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x2e) returned 0x3d6fd0 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x1c) returned 0x3d8278 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x12a) returned 0x3d8a60 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x7c) returned 0x3d8b98 [0050.114] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x36) returned 0x3d8c20 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x3a) returned 0x3d8c60 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x90) returned 0x3d8ca8 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x24) returned 0x3d8d40 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x30) returned 0x3d8d70 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x36) returned 0x3d8da8 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x48) returned 0x3d8de8 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x52) returned 0x3d8e38 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x3c) returned 0x3d8e98 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0xd6) returned 0x3d8ee0 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x2e) returned 0x3d7008 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x1e) returned 0x3d82a0 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x2c) returned 0x3d7040 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x54) returned 0x3d7078 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x52) returned 0x3d70d8 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x2c) returned 0x3d7138 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x26) returned 0x3d7170 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x3e) returned 0x3d8fd8 [0050.115] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x24) returned 0x3d71a0 [0050.116] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x30) returned 0x3d71d0 [0050.116] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x8c) returned 0x3d7208 [0050.116] HeapFree (in: hHeap=0x3c0000, dwFlags=0x0, lpMem=0x3d7748 | out: hHeap=0x3c0000) returned 1 [0050.116] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x8, Size=0x800) returned 0x3d72a0 [0050.116] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0050.116] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0050.116] GetStartupInfoW (in: lpStartupInfo=0x24f8fc | out: lpStartupInfo=0x24f8fc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0050.116] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"DefaultInstall\"" [0050.116] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"DefaultInstall\"", pNumArgs=0x24f8e8 | out: pNumArgs=0x24f8e8) returned 0x3d7ef0*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0050.116] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0052.884] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0052.884] OleUninitialize () [0052.884] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0052.884] OleUninitialize () [0052.884] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0052.884] CoGetCurrentProcess () returned 0x2c [0053.457] CoFreeUnusedLibraries () [0053.458] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0x8c35eb3c, Data2=0x9cf6, Data3=0x4cbd, Data4=([0]=0x9a, [1]=0x46, [2]=0x21, [3]=0x99, [4]=0x70, [5]=0x3f, [6]=0xd, [7]=0x2f))) returned 0x0 [0053.458] ShowCursor (bShow=1) returned 1 [0054.099] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0054.099] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0054.099] OleInitialize (pvReserved=0x0) returned 0x0 [0054.311] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0054.314] CoFreeUnusedLibraries () [0054.314] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0054.314] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0xf257c66e, Data2=0x4bec, Data3=0x4ba6, Data4=([0]=0xaa, [1]=0xd8, [2]=0x98, [3]=0x57, [4]=0x30, [5]=0x27, [6]=0x97, [7]=0x8e))) returned 0x0 [0054.315] ShowCursor (bShow=1) returned 2 [0054.315] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0xf257c66e, Data2=0x4bec, Data3=0x4ba6, Data4=([0]=0xaa, [1]=0xd8, [2]=0x98, [3]=0x57, [4]=0x30, [5]=0x27, [6]=0x97, [7]=0x8e))) returned 0x0 [0054.315] ShowCursor (bShow=1) returned 3 [0054.315] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0xf257c66e, Data2=0x4bec, Data3=0x4ba6, Data4=([0]=0xaa, [1]=0xd8, [2]=0x98, [3]=0x57, [4]=0x30, [5]=0x27, [6]=0x97, [7]=0x8e))) returned 0x0 [0054.315] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0054.315] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0054.315] GetCurrentThread () returned 0xfffffffe [0054.315] ShowCursor (bShow=1) returned 4 [0054.315] CoGetCurrentProcess () returned 0x2c [0054.315] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0054.315] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0054.315] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0050.439] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x20f5d4 | out: lpCharType=0x20f5d4) returned 1 [0050.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20fbd4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20fbd4, cbMultiByte=256, lpWideCharStr=0x20f318, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā") returned 256 [0050.439] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0050.439] GetLastError () returned 0x7e [0050.439] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0050.439] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.439] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x20f108, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0050.439] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x20fad4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿP?-Ç\x10ý ", lpUsedDefaultChar=0x0) returned 256 [0050.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20fbd4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.439] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x20fbd4, cbMultiByte=256, lpWideCharStr=0x20f338, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0050.440] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.440] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x20f128, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0050.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x20f9d4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿP?-Ç\x10ý ", lpUsedDefaultChar=0x0) returned 256 [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x0, Size=0x80) returned 0x714ff0 [0050.440] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x172) returned 0x716a98 [0050.440] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0050.440] GetLastError () returned 0x0 [0050.440] SetLastError (dwErrCode=0x0) [0050.440] GetEnvironmentStringsW () returned 0x716c18* [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x0, Size=0xb0e) returned 0x717730 [0050.440] FreeEnvironmentStringsW (penv=0x716c18) returned 1 [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x98) returned 0x716c18 [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x3e) returned 0x716cb8 [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x56) returned 0x716d00 [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x6e) returned 0x716d60 [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x78) returned 0x7112c8 [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x62) returned 0x716dd8 [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x30) returned 0x716e48 [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x48) returned 0x716e80 [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x28) returned 0x715078 [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x1a) returned 0x716a58 [0050.440] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x34) returned 0x716ed0 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x5c) returned 0x716f10 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x32) returned 0x716f78 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x2e) returned 0x716fb8 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x1c) returned 0x718260 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x12a) returned 0x718a48 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x7c) returned 0x718b80 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x36) returned 0x718c08 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x3a) returned 0x718c48 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x90) returned 0x718c90 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x24) returned 0x718d28 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x30) returned 0x718d58 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x36) returned 0x718d90 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x48) returned 0x718dd0 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x52) returned 0x718e20 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x3c) returned 0x718e80 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0xd6) returned 0x718ec8 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x2e) returned 0x718fa8 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x1e) returned 0x718288 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x2c) returned 0x716ff0 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x54) returned 0x717028 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x52) returned 0x717088 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x2c) returned 0x7170e8 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x26) returned 0x717120 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x3e) returned 0x719000 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x24) returned 0x717150 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x30) returned 0x717180 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x8c) returned 0x7171b8 [0050.441] HeapFree (in: hHeap=0x700000, dwFlags=0x0, lpMem=0x717730 | out: hHeap=0x700000) returned 1 [0050.441] RtlAllocateHeap (HeapHandle=0x700000, Flags=0x8, Size=0x800) returned 0x717250 [0050.441] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0050.442] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0050.442] GetStartupInfoW (in: lpStartupInfo=0x20fd3c | out: lpStartupInfo=0x20fd3c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0050.442] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"127.0.0.1\"" [0050.442] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"127.0.0.1\"", pNumArgs=0x20fd28 | out: pNumArgs=0x20fd28) returned 0x717ea0*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0050.442] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0053.934] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0053.934] OleUninitialize () [0053.935] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0053.935] OleUninitialize () [0053.935] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0053.935] CoGetCurrentProcess () returned 0x2e [0054.171] CoFreeUnusedLibraries () [0054.172] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0x94a8f555, Data2=0xfdcc, Data3=0x4310, Data4=([0]=0xad, [1]=0x24, [2]=0xd9, [3]=0x6, [4]=0xc1, [5]=0x95, [6]=0xe7, [7]=0x55))) returned 0x0 [0054.172] ShowCursor (bShow=1) returned 1 [0054.172] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0054.172] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0054.172] OleInitialize (pvReserved=0x0) returned 0x0 [0054.295] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0054.298] CoFreeUnusedLibraries () [0054.298] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0054.298] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0x11db31b9, Data2=0xe6ba, Data3=0x4a90, Data4=([0]=0x95, [1]=0x91, [2]=0x9e, [3]=0x1f, [4]=0x9d, [5]=0x4d, [6]=0x23, [7]=0xf6))) returned 0x0 [0054.299] ShowCursor (bShow=1) returned 2 [0054.299] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0x11db31b9, Data2=0xe6ba, Data3=0x4a90, Data4=([0]=0x95, [1]=0x91, [2]=0x9e, [3]=0x1f, [4]=0x9d, [5]=0x4d, [6]=0x23, [7]=0xf6))) returned 0x0 [0054.299] ShowCursor (bShow=1) returned 3 [0054.299] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0x11db31b9, Data2=0xe6ba, Data3=0x4a90, Data4=([0]=0x95, [1]=0x91, [2]=0x9e, [3]=0x1f, [4]=0x9d, [5]=0x4d, [6]=0x23, [7]=0xf6))) returned 0x0 [0054.299] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0054.299] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0054.299] GetCurrentThread () returned 0xfffffffe [0054.299] ShowCursor (bShow=1) returned 4 [0054.299] CoGetCurrentProcess () returned 0x2e [0054.299] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0054.299] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0054.299] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0050.470] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x4ef224 | out: lpCharType=0x4ef224) returned 1 [0050.471] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x4ef824, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.471] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x4ef824, cbMultiByte=256, lpWideCharStr=0x4eef68, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā") returned 256 [0050.471] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0050.471] GetLastError () returned 0x7e [0050.471] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0050.471] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.471] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x4eed58, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0050.471] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x4ef724, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x95XÓÄ`ùN", lpUsedDefaultChar=0x0) returned 256 [0050.471] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x4ef824, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.471] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x4ef824, cbMultiByte=256, lpWideCharStr=0x4eef88, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0050.471] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.471] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x4eed78, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0050.471] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x4ef624, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x95XÓÄ`ùN", lpUsedDefaultChar=0x0) returned 256 [0050.472] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x80) returned 0x574ff0 [0050.472] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0050.472] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x172) returned 0x576a98 [0050.472] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0050.472] GetLastError () returned 0x0 [0050.472] SetLastError (dwErrCode=0x0) [0050.472] GetEnvironmentStringsW () returned 0x576c18* [0050.472] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0xb0e) returned 0x577730 [0050.472] FreeEnvironmentStringsW (penv=0x576c18) returned 1 [0050.472] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x98) returned 0x576c18 [0050.472] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x3e) returned 0x576cb8 [0050.472] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x56) returned 0x576d00 [0050.472] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x6e) returned 0x576d60 [0050.472] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x78) returned 0x5712c8 [0050.472] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x62) returned 0x576dd8 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x30) returned 0x576e48 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x48) returned 0x576e80 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x28) returned 0x575078 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x1a) returned 0x576a58 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x34) returned 0x576ed0 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x5c) returned 0x576f10 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x32) returned 0x576f78 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x2e) returned 0x576fb8 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x1c) returned 0x578260 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x12a) returned 0x578a48 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x7c) returned 0x578b80 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x36) returned 0x578c08 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x3a) returned 0x578c48 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x90) returned 0x578c90 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x24) returned 0x578d28 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x30) returned 0x578d58 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x36) returned 0x578d90 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x48) returned 0x578dd0 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x52) returned 0x578e20 [0050.473] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x3c) returned 0x578e80 [0050.474] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0xd6) returned 0x578ec8 [0050.474] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x2e) returned 0x578fa8 [0050.474] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x1e) returned 0x578288 [0050.474] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x2c) returned 0x576ff0 [0050.474] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x54) returned 0x577028 [0050.474] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x52) returned 0x577088 [0050.474] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x2c) returned 0x5770e8 [0050.474] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x26) returned 0x577120 [0050.474] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x3e) returned 0x579000 [0050.474] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x24) returned 0x577150 [0050.474] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x30) returned 0x577180 [0050.474] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x8c) returned 0x5771b8 [0050.474] HeapFree (in: hHeap=0x560000, dwFlags=0x0, lpMem=0x577730 | out: hHeap=0x560000) returned 1 [0050.474] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x800) returned 0x577250 [0050.474] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0050.474] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0050.475] GetStartupInfoW (in: lpStartupInfo=0x4ef98c | out: lpStartupInfo=0x4ef98c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0050.475] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"127.0.0.1\"" [0050.475] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"127.0.0.1\"", pNumArgs=0x4ef978 | out: pNumArgs=0x4ef978) returned 0x577ea0*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0050.475] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0054.921] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0054.921] OleUninitialize () [0054.921] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0054.922] OleUninitialize () [0054.922] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0054.922] CoGetCurrentProcess () returned 0x34 [0055.072] CoFreeUnusedLibraries () [0055.072] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0x55c42c64, Data2=0xc656, Data3=0x496e, Data4=([0]=0xb4, [1]=0x33, [2]=0xd9, [3]=0xe8, [4]=0x26, [5]=0xa6, [6]=0x34, [7]=0x6e))) returned 0x0 [0055.073] ShowCursor (bShow=1) returned 1 [0055.073] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0055.073] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0055.073] OleInitialize (pvReserved=0x0) returned 0x0 [0055.291] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0055.299] CoFreeUnusedLibraries () [0055.299] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0055.299] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0xb709f4a8, Data2=0x8f22, Data3=0x4eb0, Data4=([0]=0xb3, [1]=0xd6, [2]=0x2b, [3]=0x11, [4]=0x12, [5]=0x6e, [6]=0x87, [7]=0xae))) returned 0x0 [0055.299] ShowCursor (bShow=1) returned 2 [0055.299] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0xb709f4a8, Data2=0x8f22, Data3=0x4eb0, Data4=([0]=0xb3, [1]=0xd6, [2]=0x2b, [3]=0x11, [4]=0x12, [5]=0x6e, [6]=0x87, [7]=0xae))) returned 0x0 [0055.299] ShowCursor (bShow=1) returned 3 [0055.299] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0xb709f4a8, Data2=0x8f22, Data3=0x4eb0, Data4=([0]=0xb3, [1]=0xd6, [2]=0x2b, [3]=0x11, [4]=0x12, [5]=0x6e, [6]=0x87, [7]=0xae))) returned 0x0 [0055.299] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0055.299] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0055.299] GetCurrentThread () returned 0xfffffffe [0055.299] ShowCursor (bShow=1) returned 4 [0055.299] CoGetCurrentProcess () returned 0x34 [0055.299] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0055.299] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0055.299] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0050.542] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x26f014 | out: lpCharType=0x26f014) returned 1 [0050.542] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f614, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.542] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f614, cbMultiByte=256, lpWideCharStr=0x26ed58, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā") returned 256 [0050.542] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0050.542] GetLastError () returned 0x7e [0050.542] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0050.543] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.543] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x26eb48, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0050.543] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x26f514, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¹¨}ÄP÷&", lpUsedDefaultChar=0x0) returned 256 [0050.543] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f614, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.543] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x26f614, cbMultiByte=256, lpWideCharStr=0x26ed78, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0050.543] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.543] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x26eb68, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0050.543] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x26f414, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¹¨}ÄP÷&", lpUsedDefaultChar=0x0) returned 256 [0050.543] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x80) returned 0x414ff8 [0050.543] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0050.543] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x178) returned 0x416aa0 [0050.543] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0050.543] GetLastError () returned 0x0 [0050.543] SetLastError (dwErrCode=0x0) [0050.543] GetEnvironmentStringsW () returned 0x416c20* [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xb0e) returned 0x417738 [0050.544] FreeEnvironmentStringsW (penv=0x416c20) returned 1 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x98) returned 0x416c20 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x3e) returned 0x416cc0 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x56) returned 0x416d08 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x6e) returned 0x416d68 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x78) returned 0x4112d0 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x62) returned 0x416de0 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x30) returned 0x416e50 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x48) returned 0x416e88 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x28) returned 0x415080 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1a) returned 0x416a60 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x34) returned 0x416ed8 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x5c) returned 0x416f18 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x32) returned 0x416f80 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x2e) returned 0x416fc0 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1c) returned 0x418268 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x12a) returned 0x418a50 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x7c) returned 0x418b88 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x36) returned 0x418c10 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x3a) returned 0x418c50 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x90) returned 0x418c98 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x24) returned 0x418d30 [0050.544] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x30) returned 0x418d60 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x36) returned 0x418d98 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x48) returned 0x418dd8 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x52) returned 0x418e28 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x3c) returned 0x418e88 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0xd6) returned 0x418ed0 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x2e) returned 0x418fb0 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1e) returned 0x418290 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x2c) returned 0x416ff8 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x54) returned 0x417030 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x52) returned 0x417090 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x2c) returned 0x4170f0 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x26) returned 0x417128 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x3e) returned 0x419000 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x24) returned 0x417158 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x30) returned 0x417188 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x8c) returned 0x4171c0 [0050.545] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x417738 | out: hHeap=0x400000) returned 1 [0050.545] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x800) returned 0x417258 [0050.545] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0050.546] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0050.546] GetStartupInfoW (in: lpStartupInfo=0x26f77c | out: lpStartupInfo=0x26f77c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0050.546] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"explorer.exe\"" [0050.546] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"explorer.exe\"", pNumArgs=0x26f768 | out: pNumArgs=0x26f768) returned 0x417ea8*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0050.546] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0053.909] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0053.909] OleUninitialize () [0053.909] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0053.909] OleUninitialize () [0053.909] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0053.910] CoGetCurrentProcess () returned 0x2d [0054.164] CoFreeUnusedLibraries () [0054.164] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0x6271379a, Data2=0x2395, Data3=0x481c, Data4=([0]=0xb0, [1]=0x1b, [2]=0x91, [3]=0xd5, [4]=0x21, [5]=0xf, [6]=0xd6, [7]=0x27))) returned 0x0 [0054.164] ShowCursor (bShow=1) returned 1 [0054.267] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0054.267] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0054.267] OleInitialize (pvReserved=0x0) returned 0x0 [0054.320] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0054.324] CoFreeUnusedLibraries () [0054.324] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0054.324] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0x509d9d76, Data2=0xe418, Data3=0x4ad3, Data4=([0]=0x88, [1]=0xa4, [2]=0xf1, [3]=0xbd, [4]=0x26, [5]=0x2d, [6]=0xb8, [7]=0x3e))) returned 0x0 [0054.324] ShowCursor (bShow=1) returned 2 [0054.324] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0x509d9d76, Data2=0xe418, Data3=0x4ad3, Data4=([0]=0x88, [1]=0xa4, [2]=0xf1, [3]=0xbd, [4]=0x26, [5]=0x2d, [6]=0xb8, [7]=0x3e))) returned 0x0 [0054.324] ShowCursor (bShow=1) returned 3 [0054.324] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0x509d9d76, Data2=0xe418, Data3=0x4ad3, Data4=([0]=0x88, [1]=0xa4, [2]=0xf1, [3]=0xbd, [4]=0x26, [5]=0x2d, [6]=0xb8, [7]=0x3e))) returned 0x0 [0054.324] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0054.324] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0054.324] GetCurrentThread () returned 0xfffffffe [0054.324] ShowCursor (bShow=1) returned 4 [0054.325] CoGetCurrentProcess () returned 0x2d [0054.325] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0054.325] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0054.325] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0050.781] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x42f2a4 | out: lpCharType=0x42f2a4) returned 1 [0050.782] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x42f8a4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.782] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x42f8a4, cbMultiByte=256, lpWideCharStr=0x42efe8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā") returned 256 [0050.782] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0050.782] GetLastError () returned 0x7e [0050.782] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0050.782] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.782] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x42edd8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0050.782] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x42f7a4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0ejjÅàùB", lpUsedDefaultChar=0x0) returned 256 [0050.782] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x42f8a4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.782] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x42f8a4, cbMultiByte=256, lpWideCharStr=0x42f008, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0050.782] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.782] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x42edf8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0050.782] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x42f6a4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x0ejjÅàùB", lpUsedDefaultChar=0x0) returned 256 [0050.783] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x80) returned 0x514ff8 [0050.783] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0050.783] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x178) returned 0x516aa0 [0050.783] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0050.783] GetLastError () returned 0x0 [0050.783] SetLastError (dwErrCode=0x0) [0050.783] GetEnvironmentStringsW () returned 0x516c20* [0050.783] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0xb0e) returned 0x517738 [0050.783] FreeEnvironmentStringsW (penv=0x516c20) returned 1 [0050.783] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x98) returned 0x516c20 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3e) returned 0x516cc0 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x56) returned 0x516d08 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x6e) returned 0x516d68 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x78) returned 0x5112d0 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x62) returned 0x516de0 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x30) returned 0x516e50 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x48) returned 0x516e88 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x28) returned 0x515080 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x1a) returned 0x516a60 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x34) returned 0x516ed8 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x5c) returned 0x516f18 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x32) returned 0x516f80 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2e) returned 0x516fc0 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x1c) returned 0x518268 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x12a) returned 0x518a50 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x7c) returned 0x518b88 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x36) returned 0x518c10 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3a) returned 0x518c50 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x90) returned 0x518c98 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x24) returned 0x518d30 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x30) returned 0x518d60 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x36) returned 0x518d98 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x48) returned 0x518dd8 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x52) returned 0x518e28 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3c) returned 0x518e88 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0xd6) returned 0x518ed0 [0050.784] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2e) returned 0x518fb0 [0050.785] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x1e) returned 0x518290 [0050.785] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2c) returned 0x516ff8 [0050.785] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x54) returned 0x517030 [0050.785] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x52) returned 0x517090 [0050.785] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x2c) returned 0x5170f0 [0050.785] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x26) returned 0x517128 [0050.785] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x3e) returned 0x519000 [0050.785] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x24) returned 0x517158 [0050.785] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x30) returned 0x517188 [0050.785] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x8c) returned 0x5171c0 [0050.785] HeapFree (in: hHeap=0x500000, dwFlags=0x0, lpMem=0x517738 | out: hHeap=0x500000) returned 1 [0050.785] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x8, Size=0x800) returned 0x517258 [0050.785] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0050.785] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0050.786] GetStartupInfoW (in: lpStartupInfo=0x42fa0c | out: lpStartupInfo=0x42fa0c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0050.786] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"explorer.exe\"" [0050.786] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"explorer.exe\"", pNumArgs=0x42f9f8 | out: pNumArgs=0x42f9f8) returned 0x517ea8*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0050.786] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0054.286] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0054.286] OleUninitialize () [0054.287] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0054.287] OleUninitialize () [0054.287] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0054.287] CoGetCurrentProcess () returned 0x30 [0055.015] CoFreeUnusedLibraries () [0055.015] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0x8a0a46a, Data2=0xba31, Data3=0x4ae1, Data4=([0]=0x8a, [1]=0x9f, [2]=0xb2, [3]=0x5c, [4]=0xc2, [5]=0x9b, [6]=0x48, [7]=0xab))) returned 0x0 [0055.015] ShowCursor (bShow=1) returned 1 [0055.262] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0055.262] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0055.263] OleInitialize (pvReserved=0x0) returned 0x0 [0055.312] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0055.315] CoFreeUnusedLibraries () [0055.315] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0055.315] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0x8ef5d2b, Data2=0xc719, Data3=0x42cb, Data4=([0]=0x9d, [1]=0x13, [2]=0x7e, [3]=0x77, [4]=0x6a, [5]=0x2f, [6]=0xd4, [7]=0x75))) returned 0x0 [0055.315] ShowCursor (bShow=1) returned 2 [0055.315] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0x8ef5d2b, Data2=0xc719, Data3=0x42cb, Data4=([0]=0x9d, [1]=0x13, [2]=0x7e, [3]=0x77, [4]=0x6a, [5]=0x2f, [6]=0xd4, [7]=0x75))) returned 0x0 [0055.315] ShowCursor (bShow=1) returned 3 [0055.315] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0x8ef5d2b, Data2=0xc719, Data3=0x42cb, Data4=([0]=0x9d, [1]=0x13, [2]=0x7e, [3]=0x77, [4]=0x6a, [5]=0x2f, [6]=0xd4, [7]=0x75))) returned 0x0 [0055.315] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0055.315] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0055.315] GetCurrentThread () returned 0xfffffffe [0055.315] ShowCursor (bShow=1) returned 4 [0055.315] CoGetCurrentProcess () returned 0x30 [0055.315] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0055.315] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0055.316] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0050.954] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x46f5b4 | out: lpCharType=0x46f5b4) returned 1 [0050.954] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x46fbb4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.954] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x46fbb4, cbMultiByte=256, lpWideCharStr=0x46f2f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā") returned 256 [0050.954] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0050.954] GetLastError () returned 0x7e [0050.954] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0050.954] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.954] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x46f0e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0050.954] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x46fab4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿE\x02µËðüF", lpUsedDefaultChar=0x0) returned 256 [0050.954] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x46fbb4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0050.954] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x46fbb4, cbMultiByte=256, lpWideCharStr=0x46f318, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0050.955] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0050.955] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x46f108, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0050.955] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x46f9b4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿE\x02µËðüF", lpUsedDefaultChar=0x0) returned 256 [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x0, Size=0x80) returned 0x824ff8 [0050.955] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x178) returned 0x826aa0 [0050.955] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0050.955] GetLastError () returned 0x0 [0050.955] SetLastError (dwErrCode=0x0) [0050.955] GetEnvironmentStringsW () returned 0x826c20* [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x0, Size=0xb0e) returned 0x827738 [0050.955] FreeEnvironmentStringsW (penv=0x826c20) returned 1 [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x98) returned 0x826c20 [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x3e) returned 0x826cc0 [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x56) returned 0x826d08 [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x6e) returned 0x826d68 [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x78) returned 0x8212d0 [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x62) returned 0x826de0 [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x30) returned 0x826e50 [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x48) returned 0x826e88 [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x28) returned 0x825080 [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x1a) returned 0x826a60 [0050.955] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x34) returned 0x826ed8 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x5c) returned 0x826f18 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x32) returned 0x826f80 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x2e) returned 0x826fc0 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x1c) returned 0x828268 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x12a) returned 0x828a50 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x7c) returned 0x828b88 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x36) returned 0x828c10 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x3a) returned 0x828c50 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x90) returned 0x828c98 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x24) returned 0x828d30 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x30) returned 0x828d60 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x36) returned 0x828d98 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x48) returned 0x828dd8 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x52) returned 0x828e28 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x3c) returned 0x828e88 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0xd6) returned 0x828ed0 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x2e) returned 0x828fb0 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x1e) returned 0x828290 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x2c) returned 0x826ff8 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x54) returned 0x827030 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x52) returned 0x827090 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x2c) returned 0x8270f0 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x26) returned 0x827128 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x3e) returned 0x829000 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x24) returned 0x827158 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x30) returned 0x827188 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x8c) returned 0x8271c0 [0050.956] HeapFree (in: hHeap=0x810000, dwFlags=0x0, lpMem=0x827738 | out: hHeap=0x810000) returned 1 [0050.956] RtlAllocateHeap (HeapHandle=0x810000, Flags=0x8, Size=0x800) returned 0x827258 [0050.956] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0050.957] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0050.957] GetStartupInfoW (in: lpStartupInfo=0x46fd1c | out: lpStartupInfo=0x46fd1c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0050.957] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"iexplore.exe\"" [0050.957] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"iexplore.exe\"", pNumArgs=0x46fd08 | out: pNumArgs=0x46fd08) returned 0x827ea8*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0050.958] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0054.648] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0054.648] OleUninitialize () [0054.648] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0054.648] OleUninitialize () [0054.648] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0054.648] CoGetCurrentProcess () returned 0x33 [0055.067] CoFreeUnusedLibraries () [0055.067] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0x1f528c1, Data2=0x933d, Data3=0x431d, Data4=([0]=0x9d, [1]=0x96, [2]=0x71, [3]=0x4a, [4]=0xe0, [5]=0x8d, [6]=0x2e, [7]=0x7d))) returned 0x0 [0055.067] ShowCursor (bShow=1) returned 1 [0055.067] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0055.067] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0055.067] OleInitialize (pvReserved=0x0) returned 0x0 [0055.283] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0055.287] CoFreeUnusedLibraries () [0055.287] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0055.287] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0x3aed41c7, Data2=0xca67, Data3=0x4af8, Data4=([0]=0x85, [1]=0x6e, [2]=0xed, [3]=0x47, [4]=0x1a, [5]=0xb0, [6]=0x1c, [7]=0x90))) returned 0x0 [0055.287] ShowCursor (bShow=1) returned 2 [0055.287] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0x3aed41c7, Data2=0xca67, Data3=0x4af8, Data4=([0]=0x85, [1]=0x6e, [2]=0xed, [3]=0x47, [4]=0x1a, [5]=0xb0, [6]=0x1c, [7]=0x90))) returned 0x0 [0055.287] ShowCursor (bShow=1) returned 3 [0055.287] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0x3aed41c7, Data2=0xca67, Data3=0x4af8, Data4=([0]=0x85, [1]=0x6e, [2]=0xed, [3]=0x47, [4]=0x1a, [5]=0xb0, [6]=0x1c, [7]=0x90))) returned 0x0 [0055.287] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0055.287] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0055.287] GetCurrentThread () returned 0xfffffffe [0055.287] ShowCursor (bShow=1) returned 4 [0055.287] CoGetCurrentProcess () returned 0x33 [0055.287] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0055.287] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0055.287] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0051.167] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x42f5f4 | out: lpCharType=0x42f5f4) returned 1 [0051.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x42fbf4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0051.167] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x42fbf4, cbMultiByte=256, lpWideCharStr=0x42f338, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā") returned 256 [0051.167] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0051.168] GetLastError () returned 0x7e [0051.168] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0051.168] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0051.168] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x42f128, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0051.168] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x42faf4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x8fF\x14È0ýB", lpUsedDefaultChar=0x0) returned 256 [0051.168] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x42fbf4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0051.168] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x42fbf4, cbMultiByte=256, lpWideCharStr=0x42f358, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0051.168] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0051.168] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x42f148, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0051.168] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x42f9f4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x8fF\x14È0ýB", lpUsedDefaultChar=0x0) returned 256 [0051.168] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x0, Size=0x80) returned 0x844ff8 [0051.168] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0051.168] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x178) returned 0x846aa0 [0051.168] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0051.168] GetLastError () returned 0x0 [0051.168] SetLastError (dwErrCode=0x0) [0051.168] GetEnvironmentStringsW () returned 0x846c20* [0051.168] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x0, Size=0xb0e) returned 0x847738 [0051.169] FreeEnvironmentStringsW (penv=0x846c20) returned 1 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x98) returned 0x846c20 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x3e) returned 0x846cc0 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x56) returned 0x846d08 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x6e) returned 0x846d68 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x78) returned 0x8412d0 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x62) returned 0x846de0 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x30) returned 0x846e50 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x48) returned 0x846e88 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x28) returned 0x845080 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x1a) returned 0x846a60 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x34) returned 0x846ed8 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x5c) returned 0x846f18 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x32) returned 0x846f80 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x2e) returned 0x846fc0 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x1c) returned 0x848268 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x12a) returned 0x848a50 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x7c) returned 0x848b88 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x36) returned 0x848c10 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x3a) returned 0x848c50 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x90) returned 0x848c98 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x24) returned 0x848d30 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x30) returned 0x848d60 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x36) returned 0x848d98 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x48) returned 0x848dd8 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x52) returned 0x848e28 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x3c) returned 0x848e88 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0xd6) returned 0x848ed0 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x2e) returned 0x848fb0 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x1e) returned 0x848290 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x2c) returned 0x846ff8 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x54) returned 0x847030 [0051.169] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x52) returned 0x847090 [0051.170] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x2c) returned 0x8470f0 [0051.170] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x26) returned 0x847128 [0051.170] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x3e) returned 0x849000 [0051.170] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x24) returned 0x847158 [0051.170] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x30) returned 0x847188 [0051.170] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x8c) returned 0x8471c0 [0051.170] HeapFree (in: hHeap=0x830000, dwFlags=0x0, lpMem=0x847738 | out: hHeap=0x830000) returned 1 [0051.170] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x8, Size=0x800) returned 0x847258 [0051.170] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0051.170] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0051.170] GetStartupInfoW (in: lpStartupInfo=0x42fd5c | out: lpStartupInfo=0x42fd5c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0051.170] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"iexplore.exe\"" [0051.170] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"iexplore.exe\"", pNumArgs=0x42fd48 | out: pNumArgs=0x42fd48) returned 0x847ea8*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0051.170] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0054.594] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0054.594] OleUninitialize () [0054.594] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0054.594] OleUninitialize () [0054.594] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0054.594] CoGetCurrentProcess () returned 0x31 [0055.051] CoFreeUnusedLibraries () [0055.052] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0xb2d6cf67, Data2=0x4f64, Data3=0x4e59, Data4=([0]=0xa3, [1]=0xdc, [2]=0x92, [3]=0xe0, [4]=0x4f, [5]=0xaf, [6]=0x3d, [7]=0x21))) returned 0x0 [0055.052] ShowCursor (bShow=1) returned 1 [0055.057] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0055.057] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0055.057] OleInitialize (pvReserved=0x0) returned 0x0 [0055.274] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0055.278] CoFreeUnusedLibraries () [0055.278] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0055.278] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0xc28e12cd, Data2=0x49a5, Data3=0x4bf7, Data4=([0]=0xb7, [1]=0xde, [2]=0xf3, [3]=0x78, [4]=0x61, [5]=0x85, [6]=0x3c, [7]=0x58))) returned 0x0 [0055.278] ShowCursor (bShow=1) returned 2 [0055.278] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0xc28e12cd, Data2=0x49a5, Data3=0x4bf7, Data4=([0]=0xb7, [1]=0xde, [2]=0xf3, [3]=0x78, [4]=0x61, [5]=0x85, [6]=0x3c, [7]=0x58))) returned 0x0 [0055.278] ShowCursor (bShow=1) returned 3 [0055.278] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0xc28e12cd, Data2=0x49a5, Data3=0x4bf7, Data4=([0]=0xb7, [1]=0xde, [2]=0xf3, [3]=0x78, [4]=0x61, [5]=0x85, [6]=0x3c, [7]=0x58))) returned 0x0 [0055.278] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0055.278] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0055.278] GetCurrentThread () returned 0xfffffffe [0055.278] ShowCursor (bShow=1) returned 4 [0055.278] CoGetCurrentProcess () returned 0x31 [0055.278] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0055.278] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0055.278] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0051.302] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x44f5d4 | out: lpCharType=0x44f5d4) returned 1 [0051.303] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x44fbd4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0051.303] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x44fbd4, cbMultiByte=256, lpWideCharStr=0x44f318, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā") returned 256 [0051.303] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0051.303] GetLastError () returned 0x7e [0051.303] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0051.303] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0051.303] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᖉ(Ā", cchSrc=256, lpDestStr=0x44f108, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0051.303] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x44fad4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x88òRÉ\x10ýD", lpUsedDefaultChar=0x0) returned 256 [0051.303] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x44fbd4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0051.303] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x44fbd4, cbMultiByte=256, lpWideCharStr=0x44f338, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0051.303] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0051.303] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x44f128, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0051.303] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x44f9d4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x88òRÉ\x10ýD", lpUsedDefaultChar=0x0) returned 256 [0051.303] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0x80) returned 0x535008 [0051.303] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0051.303] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x184) returned 0x536ab0 [0051.303] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0051.303] GetLastError () returned 0x0 [0051.303] SetLastError (dwErrCode=0x0) [0051.303] GetEnvironmentStringsW () returned 0x536c40* [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x0, Size=0xb0e) returned 0x537758 [0051.304] FreeEnvironmentStringsW (penv=0x536c40) returned 1 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x98) returned 0x536c40 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3e) returned 0x536ce0 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x56) returned 0x536d28 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x6e) returned 0x536d88 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x78) returned 0x5312e0 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x62) returned 0x536e00 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x30) returned 0x536e70 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x48) returned 0x536ea8 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x28) returned 0x535090 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x1a) returned 0x536a70 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x34) returned 0x536ef8 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x5c) returned 0x536f38 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x32) returned 0x536fa0 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2e) returned 0x536fe0 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x1c) returned 0x538288 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x12a) returned 0x538a70 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x7c) returned 0x538ba8 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x36) returned 0x538c30 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3a) returned 0x538c70 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x90) returned 0x538cb8 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x24) returned 0x538d50 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x30) returned 0x538d80 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x36) returned 0x538db8 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x48) returned 0x538df8 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x52) returned 0x538e48 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3c) returned 0x538ea8 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0xd6) returned 0x538ef0 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2e) returned 0x537018 [0051.304] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x1e) returned 0x5382b0 [0051.305] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2c) returned 0x537050 [0051.305] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x54) returned 0x537088 [0051.305] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x52) returned 0x5370e8 [0051.305] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x2c) returned 0x537148 [0051.305] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x26) returned 0x537180 [0051.305] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x3e) returned 0x538fe8 [0051.305] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x24) returned 0x5371b0 [0051.305] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x30) returned 0x5371e0 [0051.305] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x8c) returned 0x537218 [0051.305] HeapFree (in: hHeap=0x520000, dwFlags=0x0, lpMem=0x537758 | out: hHeap=0x520000) returned 1 [0051.305] RtlAllocateHeap (HeapHandle=0x520000, Flags=0x8, Size=0x800) returned 0x5372b0 [0051.305] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0051.305] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0051.305] GetStartupInfoW (in: lpStartupInfo=0x44fd3c | out: lpStartupInfo=0x44fd3c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0051.305] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"%Temp%\\IXP000.TMP\\\"" [0051.305] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=GetClass /fn_args=\"%Temp%\\IXP000.TMP\\\"", pNumArgs=0x44fd28 | out: pNumArgs=0x44fd28) returned 0x537f00*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0051.306] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0054.946] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0054.946] OleUninitialize () [0054.946] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0054.947] OleUninitialize () [0054.947] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0054.947] CoGetCurrentProcess () returned 0x35 [0055.078] CoFreeUnusedLibraries () [0055.078] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0xbe4779fd, Data2=0x3595, Data3=0x49f8, Data4=([0]=0x81, [1]=0xfc, [2]=0xc, [3]=0x59, [4]=0x10, [5]=0x87, [6]=0xaa, [7]=0x7f))) returned 0x0 [0055.079] ShowCursor (bShow=1) returned 1 [0055.079] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0055.079] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0055.079] OleInitialize (pvReserved=0x0) returned 0x0 [0055.303] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0055.307] CoFreeUnusedLibraries () [0055.307] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0055.307] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0x6d00f556, Data2=0xdd96, Data3=0x40a7, Data4=([0]=0x9e, [1]=0x9f, [2]=0xc8, [3]=0x31, [4]=0xfe, [5]=0xad, [6]=0x1d, [7]=0xf1))) returned 0x0 [0055.307] ShowCursor (bShow=1) returned 2 [0055.307] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0x6d00f556, Data2=0xdd96, Data3=0x40a7, Data4=([0]=0x9e, [1]=0x9f, [2]=0xc8, [3]=0x31, [4]=0xfe, [5]=0xad, [6]=0x1d, [7]=0xf1))) returned 0x0 [0055.307] ShowCursor (bShow=1) returned 3 [0055.307] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0x6d00f556, Data2=0xdd96, Data3=0x40a7, Data4=([0]=0x9e, [1]=0x9f, [2]=0xc8, [3]=0x31, [4]=0xfe, [5]=0xad, [6]=0x1d, [7]=0xf1))) returned 0x0 [0055.307] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0055.307] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0055.307] GetCurrentThread () returned 0xfffffffe [0055.307] ShowCursor (bShow=1) returned 4 [0055.307] CoGetCurrentProcess () returned 0x35 [0055.307] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0055.307] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0055.307] lstrcmpA (lpString1="X38", lpString2="k4?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0051.328] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpCharType=0x48f0cc | out: lpCharType=0x48f0cc) returned 1 [0051.328] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x48f6cc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0051.328] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x48f6cc, cbMultiByte=256, lpWideCharStr=0x48ee08, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0051.328] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0051.328] GetLastError () returned 0x7e [0051.328] GetProcAddress (hModule=0x772b0000, lpProcName="LCMapStringEx") returned 0x77344d91 [0051.328] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0051.328] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x48ebf8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0051.328] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x48f5cc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿzauÉ\x08øH", lpUsedDefaultChar=0x0) returned 256 [0051.328] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x48f6cc, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0051.328] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x48f6cc, cbMultiByte=256, lpWideCharStr=0x48ee28, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0051.328] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0051.328] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x48ec18, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0051.328] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x48f4cc, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿzauÉ\x08øH", lpUsedDefaultChar=0x0) returned 256 [0051.328] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x80) returned 0x625008 [0051.329] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28de10, nSize=0x104 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\dadjtxjf.exe")) returned 0x27 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x184) returned 0x626ab0 [0051.329] RtlInitializeSListHead (in: ListHead=0x28dd40 | out: ListHead=0x28dd40) [0051.329] GetLastError () returned 0x0 [0051.329] SetLastError (dwErrCode=0x0) [0051.329] GetEnvironmentStringsW () returned 0x626c40* [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0xb0e) returned 0x627758 [0051.329] FreeEnvironmentStringsW (penv=0x626c40) returned 1 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x98) returned 0x626c40 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x3e) returned 0x626ce0 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x56) returned 0x626d28 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x6e) returned 0x626d88 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x78) returned 0x6212e0 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x62) returned 0x626e00 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x30) returned 0x626e70 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x48) returned 0x626ea8 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x28) returned 0x625090 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x1a) returned 0x626a70 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x34) returned 0x626ef8 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x5c) returned 0x626f38 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x32) returned 0x626fa0 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x2e) returned 0x626fe0 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x1c) returned 0x628288 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x12a) returned 0x628a70 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x7c) returned 0x628ba8 [0051.329] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x36) returned 0x628c30 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x3a) returned 0x628c70 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x90) returned 0x628cb8 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x24) returned 0x628d50 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x30) returned 0x628d80 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x36) returned 0x628db8 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x48) returned 0x628df8 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x52) returned 0x628e48 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x3c) returned 0x628ea8 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0xd6) returned 0x628ef0 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x2e) returned 0x627018 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x1e) returned 0x6282b0 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x2c) returned 0x627050 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x54) returned 0x627088 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x52) returned 0x6270e8 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x2c) returned 0x627148 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x26) returned 0x627180 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x3e) returned 0x628fe8 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x24) returned 0x6271b0 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x30) returned 0x6271e0 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x8c) returned 0x627218 [0051.330] HeapFree (in: hHeap=0x610000, dwFlags=0x0, lpMem=0x627758 | out: hHeap=0x610000) returned 1 [0051.330] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x8, Size=0x800) returned 0x6272b0 [0051.330] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0051.330] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2721d9) returned 0x0 [0051.331] GetStartupInfoW (in: lpStartupInfo=0x48f834 | out: lpStartupInfo=0x48f834*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0051.331] GetCommandLineW () returned="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"%Temp%\\IXP000.TMP\\\"" [0051.331] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe\" /dll=\"C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll\" /fn_id=SetClass /fn_args=\"%Temp%\\IXP000.TMP\\\"", pNumArgs=0x48f820 | out: pNumArgs=0x48f820) returned 0x627f00*="C:\\Users\\kEecfMwgj\\Desktop\\daDJtXJF.exe" [0051.331] LoadLibraryW (lpLibFileName="C:\\Users\\KEECFM~1\\Desktop\\b5bac95d38c0b9a246cf01fd76276870c42bdb38e2c5bab7d47ae04f1c52e969.dll") returned 0x10000000 [0054.629] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x1, X=19, Y=59, cx=119, cy=267, uFlags=0x2000) returned 0 [0054.629] OleUninitialize () [0054.629] CoGetContextToken (in: pToken=0x10035908 | out: pToken=0x10035908) returned 0x800401f0 [0054.629] OleUninitialize () [0054.629] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=75, Y=75, cx=250, cy=142, uFlags=0x2) returned 0 [0054.629] CoGetCurrentProcess () returned 0x32 [0055.052] CoFreeUnusedLibraries () [0055.052] CoCreateGuid (in: pguid=0x100352db | out: pguid=0x100352db*(Data1=0xa09d22c9, Data2=0xd6f0, Data3=0x4afb, Data4=([0]=0x8f, [1]=0x24, [2]=0x11, [3]=0xe7, [4]=0x17, [5]=0xbf, [6]=0x9d, [7]=0x84))) returned 0x0 [0055.053] ShowCursor (bShow=1) returned 1 [0055.266] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x2, X=54, Y=35, cx=235, cy=464, uFlags=0x200) returned 0 [0055.266] SetWindowPos (hWnd=0x0, hWndInsertAfter=0xffffffff, X=9, Y=0, cx=209, cy=0, uFlags=0x1000) returned 0 [0055.266] OleInitialize (pvReserved=0x0) returned 0x0 [0055.320] lstrcmpA (lpString1=":o?", lpString2="?)") returned -1 [0055.324] CoFreeUnusedLibraries () [0055.324] ShowWindow (hWnd=0x0, nCmdShow=9) returned 0 [0055.324] CoGetCurrentLogicalThreadId (in: pguid=0x100350f2 | out: pguid=0x100350f2*(Data1=0x332e26, Data2=0x94ad, Data3=0x468e, Data4=([0]=0x92, [1]=0xc, [2]=0xcc, [3]=0x1c, [4]=0xcf, [5]=0x7a, [6]=0xd6, [7]=0x72))) returned 0x0 [0055.324] ShowCursor (bShow=1) returned 2 [0055.324] CoGetCurrentLogicalThreadId (in: pguid=0x1003532b | out: pguid=0x1003532b*(Data1=0x332e26, Data2=0x94ad, Data3=0x468e, Data4=([0]=0x92, [1]=0xc, [2]=0xcc, [3]=0x1c, [4]=0xcf, [5]=0x7a, [6]=0xd6, [7]=0x72))) returned 0x0 [0055.324] ShowCursor (bShow=1) returned 3 [0055.324] CoGetCurrentLogicalThreadId (in: pguid=0x1003586c | out: pguid=0x1003586c*(Data1=0x332e26, Data2=0x94ad, Data3=0x468e, Data4=([0]=0x92, [1]=0xc, [2]=0xcc, [3]=0x1c, [4]=0xcf, [5]=0x7a, [6]=0xd6, [7]=0x72))) returned 0x0 [0055.324] CoGetContextToken (in: pToken=0x10035782 | out: pToken=0x10035782) returned 0x0 [0055.324] ShowWindow (hWnd=0x0, nCmdShow=1) returned 0 [0055.324] GetCurrentThread () returned 0xfffffffe [0055.324] ShowCursor (bShow=1) returned 4 [0055.324] CoGetCurrentProcess () returned 0x32 [0055.324] lstrcmpA (lpString1="h(7", lpString2="|[o%") returned 1 [0055.324] ShowWindow (hWnd=0x0, nCmdShow=7) returned 0 [0055.324] lstrcmpA (lpString1="X38", lpString2="k4