125bd8;section: [.f@w] 183b92;ntdll.RtlAllocateHeap 13b65a;SYSCALL:0x50(NtProtectVirtualMemory) f4e81;SYSCALL:0x50(NtProtectVirtualMemory) 13b65a;SYSCALL:0x50(NtProtectVirtualMemory) 18458d;CPUID:1 18458d;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 18649b;CPUID:40000000 18649b;[ANTIVM] --> CPUID - HyperVisor vendor check;https://unprotect.it/technique/cpuid/ 18458d;CPUID:40000003 13b65a;SYSCALL:0x36(NtQuerySystemInformation) NtQuerySystemInformation: Arg[0] = 0x000000000000004c = 76 Arg[1] = ptr 0x00000084b530eef8 -> "MRIF" Arg[2] = 0x0000000000000010 = 16 Arg[3] = ptr 0x00000084b530ee2c -> {\x00\x00\x00\x00\x10YQ\x10} f4e81;SYSCALL:0x36(NtQuerySystemInformation) NtQuerySystemInformation: Arg[0] = 0x000000000000004c = 76 Arg[1] = ptr 0x00000084b530eef8 -> "BMSR" Arg[2] = 0x0000000000000010 = 16 Arg[3] = ptr 0x00000084b530ee2c -> {\x00\x00\x00\x00\x10YQ\x10} 18559d;ntdll.RtlAllocateHeap 13b65a;SYSCALL:0x36(NtQuerySystemInformation) NtQuerySystemInformation: Arg[0] = 0x000000000000004c = 76 Arg[1] = ptr 0x00000190b98c4810 -> "BMSR" Arg[2] = 0x0000000000000014 = 20 Arg[3] = 0 f4e81;SYSCALL:0x36(NtQuerySystemInformation) NtQuerySystemInformation: Arg[0] = 0x000000000000004c = 76 Arg[1] = ptr 0x00000084b530eef8 -> {BMSR\x01\x00\x00\x00} Arg[2] = 0x0000000000000010 = 16 Arg[3] = ptr 0x00000084b530ee18 -> {\xc4\xeeD\x10\xfd\x7f\x00\x00} 18168c;ntdll.RtlAllocateHeap 13b65a;SYSCALL:0x36(NtQuerySystemInformation) NtQuerySystemInformation: Arg[0] = 0x000000000000004c = 76 Arg[1] = ptr 0x00000190b98c63a0 -> {BMSR\x01\x00\x00\x00} Arg[2] = 0x0000000000001159 = 4441 Arg[3] = 0 182e36;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98c63a0 -> {BMSR\x01\x00\x00\x00} 182e36;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98c4810 -> "BMSR" 15728b;kernel32.GetModuleHandleA GetModuleHandleA: Arg[0] = ptr 0x00000084b530eba0 -> "sbiedll.dll" 183b92;ntdll.RtlGetNativeSystemInformation NtQuerySystemInformation: Arg[0] = 0 Arg[1] = ptr 0x00000084b530f700 -> {\xb0\xf70\xb5\x84\x00\x00\x00} Arg[2] = 0x0000000000000040 = 64 Arg[3] = 0 1866a7;ntdll.ZwQueryInformationProcess ZwQueryInformationProcess: Arg[0] = 0xffffffffffffffff = 18446744073709551615 Arg[1] = 0 Arg[2] = ptr 0x00000084b530f490 -> {\x7f\x02\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000030 = 48 183b92;ntdll.ZwQueryInformationThread ZwQueryInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0 Arg[2] = ptr 0x00000084b530f4c0 -> {\x1e\x02\xbe\xcb\xff\xff\xff\xff} Arg[3] = 0x0000000000000030 = 48 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x01\x00\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x02\x00\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x04\x00\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x08\x00\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x10\x00\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> L" " Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> L"@" Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x80\x00\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x00\x01\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x00\x02\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x00\x04\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x00\x08\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x00\x10\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x00 \x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x00@\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 182e36;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530ee40 -> {\x00\x80\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 1866a7;ntdll.ZwDelayExecution 18649b;CPUID:1 18649b;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 18168c;ntdll.ZwSetInformationThread ZwSetInformationThread: Arg[0] = 0xfffffffffffffffe = 18446744073709551614 Arg[1] = 0x0000000000000004 = 4 Arg[2] = ptr 0x00000084b530f4d8 -> {\x14<\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000008 = 8 18168c;[.f@w] -> [.,;E] 61900;section: [.,;E] edd8c;CPUID:1 edd8c;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 65cab;kernel32.GetSystemTimeAsFileTime GetSystemTimeAsFileTime: Arg[0] = ptr 0x00000084b530e960 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 65cb6;kernel32.GetCurrentProcessId GetCurrentProcessId: Arg[0] = ptr 0x00000084b530e960 -> {2\xa8ho\x9a\xe9\xda\x01} 65cc2;kernel32.GetCurrentThreadId GetCurrentThreadId: 65cce;kernel32.GetTickCount GetTickCount: Arg[0] = ptr 0x00000084b530e960 -> {2\xa8ho\x9a\xe9\xda\x01} 65cdf;kernel32.QueryPerformanceCounter QueryPerformanceCounter: Arg[0] = ptr 0x00000084b530e968 -> {\x80\xe90\xb5\x84\x00\x00\x00} 65a26;kernel32.HeapCreate HeapCreate: Arg[0] = 0 Arg[1] = 0x0000000000001000 = 4096 Arg[2] = 0 65a50;kernel32.HeapSetInformation HeapSetInformation: Arg[0] = ptr 0x00000190ccd60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000084b530e920 -> {\x02\x00\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000004 = 4 62572;ntdll.RtlEncodePointer 62568;ntdll.RtlEncodePointer 62568;ntdll.RtlEncodePointer 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbb20 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbb48 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbb70 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbb98 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbbc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbbe8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbc10 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbc38 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbc60 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbc88 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbcb0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbcd8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbd00 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00007ff7fc2fbd28 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 6289f;kernel32.FlsAlloc FlsAlloc: Arg[0] = ptr 0x00007ff7fc2e270c -> {H\x85\xc9\x0f\x84+\x01\x00} 688a8;ntdll.RtlAllocateHeap 628d0;kernel32.FlsSetValue FlsSetValue: Arg[0] = 0x0000000000000001 = 1 Arg[1] = ptr 0x00000190ccd60860 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 6642d;ntdll.RtlEnterCriticalSection 66301;ntdll.RtlLeaveCriticalSection 6642d;ntdll.RtlEnterCriticalSection 66301;ntdll.RtlLeaveCriticalSection 628e4;kernel32.GetCurrentThreadId GetCurrentThreadId: 616e1;kernel32.GetCommandLineA GetCommandLineA: Arg[0] = 0x00000000ffffffff = 4294967295 6581f;kernel32.GetEnvironmentStringsW GetEnvironmentStringsW: Arg[0] = 0 658b4;kernel32.WideCharToMultiByte WideCharToMultiByte: Arg[0] = 0 Arg[1] = 0 Arg[2] = ptr 0x00000190b98c64b0 -> L"=::=::\" Arg[3] = 0x00000000000011a4 = 4516 Arg[4] = 0 Arg[5] = 0x0000008400000000 = 566935683072 Arg[6] = 0 Arg[7] = 0 63019;ntdll.RtlAllocateHeap 658f0;kernel32.WideCharToMultiByte WideCharToMultiByte: Arg[0] = 0 Arg[1] = 0 Arg[2] = ptr 0x00000190b98c64b0 -> L"=::=::\" Arg[3] = 0x00000000000011a4 = 4516 Arg[4] = ptr 0x00000190ccd60b30 -> {P\x01\xd6\xcc\x90\x01\x00\x00} Arg[5] = 0x00000084000011a4 = 566935687588 Arg[6] = 0 Arg[7] = 0 65909;kernel32.FreeEnvironmentStringsW FreeEnvironmentStringsW: Arg[0] = ptr 0x00000190b98c64b0 -> L"=::=::\" 650c1;kernel32.GetStartupInfoA GetStartupInfoA: Arg[0] = ptr 0x00000084b530e890 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 688a8;ntdll.RtlAllocateHeap 652e0;kernel32.GetStdHandle GetStdHandle: Arg[0] = 0x00000000fffffff6 = 4294967286 652f7;kernel32.GetFileType GetFileType: Arg[0] = 0x0000000000000054 = 84 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00000190ccd641b0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 652e0;kernel32.GetStdHandle GetStdHandle: Arg[0] = 0x00000000fffffff5 = 4294967285 652f7;kernel32.GetFileType GetFileType: Arg[0] = 0x0000000000000058 = 88 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00000190ccd64208 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 652e0;kernel32.GetStdHandle GetStdHandle: Arg[0] = 0x00000000fffffff4 = 4294967284 652f7;kernel32.GetFileType GetFileType: Arg[0] = 0x000000000000005c = 92 68c7c;kernel32.InitializeCriticalSectionAndSpinCount InitializeCriticalSectionAndSpinCount: Arg[0] = ptr 0x00000190ccd64260 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 6535a;kernel32.SetHandleCount SetHandleCount: Arg[0] = 0x0000000000000020 = 32 6266e;kernel32.GetLastError GetLastError: Arg[0] = 0x00000000fffffffd = 4294967293 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0x000000000000007e = 126 6266e;kernel32.GetLastError GetLastError: Arg[0] = 0xbacd1a366c4f0000 = 13460443682327953408 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0x000000000000007e = 126 6642d;ntdll.RtlEnterCriticalSection 66301;ntdll.RtlLeaveCriticalSection 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e840 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0x000000000000007e = 126 61d08;kernel32.GetACP GetACP: 63019;ntdll.RtlAllocateHeap 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e7d0 -> {\x00\x00(\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0x000000000000007e = 126 61dc7;kernel32.IsValidCodePage IsValidCodePage: Arg[0] = 0x00000000000004e4 = 1252 61ddc;kernel32.GetCPInfo GetCPInfo: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = ptr 0x00000084b530e820 -> {\x01\x00\x00\x00\x00\x00\x00\x00} 61a43;kernel32.GetCPInfo GetCPInfo: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = ptr 0x00000084b530e2c0 -> {\x18\x00\x00\x00\x00\x00\x00\x00} 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e240 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0x000000000000007e = 126 65f10;kernel32.GetStringTypeW GetStringTypeW: Arg[0] = 0x0000000000000001 = 1 Arg[1] = ptr 0x00007ff7fc2ee520 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530e1c0 -> {@\xe20\xb5\x84\x00\x00\x00} 65f82;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0x0000000000000001 = 1 Arg[2] = ptr 0x00000084b530e2e0 -> { \x01\x02\x03\x04\x05\x06\x07} Arg[3] = 0x0000000000000100 = 256 Arg[4] = 0 Arg[5] = 0 66038;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0x0000000000000001 = 1 Arg[2] = ptr 0x00000084b530e2e0 -> { \x01\x02\x03\x04\x05\x06\x07} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530dfc0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[5] = 0x0000019000000100 = 1717986918656 6604f;kernel32.GetStringTypeW GetStringTypeW: Arg[0] = 0x0000000000000001 = 1 Arg[1] = ptr 0x00000084b530dfc0 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[2] = 0x0000000000000100 = 256 Arg[3] = ptr 0x00000084b530e5e0 -> {\xa0d\x8c\xb9\x90\x01\x00\x00} 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e240 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0x000000000000007e = 126 634d2;kernel32.LCMapStringW LCMapStringW: Arg[0] = 0 Arg[1] = 0x0000000000000100 = 256 Arg[2] = ptr 0x00007ff7fc2ee520 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000001 = 1 Arg[4] = 0 Arg[5] = 0x00007ff700000000 = 140698833649664 63592;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0x0000000000000001 = 1 Arg[2] = ptr 0x00000084b530e2e0 -> { \x01\x02\x03\x04\x05\x06\x07} Arg[3] = 0x0000000000000100 = 256 Arg[4] = 0 Arg[5] = 0x00007ff700000000 = 140698833649664 6363a;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0x0000000000000001 = 1 Arg[2] = ptr 0x00000084b530e2e0 -> { \x01\x02\x03\x04\x05\x06\x07} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530dfa0 -> {\x9e\xccm`wX\x00\x00} Arg[5] = 0x00007ff700000100 = 140698833649920 6365f;kernel32.LCMapStringW LCMapStringW: Arg[0] = 0 Arg[1] = 0x0000000000000100 = 256 Arg[2] = ptr 0x00000084b530dfa0 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[3] = 0x0000000000000100 = 256 Arg[4] = 0 Arg[5] = 0x00007ff700000000 = 140698833649664 6373c;kernel32.LCMapStringW LCMapStringW: Arg[0] = 0 Arg[1] = 0x0000000000000100 = 256 Arg[2] = ptr 0x00000084b530dfa0 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530dd90 -> {\xae\xcem`wX\x00\x00} Arg[5] = 0x0000000000000100 = 256 6377f;kernel32.WideCharToMultiByte WideCharToMultiByte: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0 Arg[2] = ptr 0x00000084b530dd90 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530e3e0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[5] = 0x0000000000000100 = 256 Arg[6] = 0 Arg[7] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e240 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0x000000000000007e = 126 63592;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0x0000000000000001 = 1 Arg[2] = ptr 0x00000084b530e2e0 -> { \x01\x02\x03\x04\x05\x06\x07} Arg[3] = 0x0000000000000100 = 256 Arg[4] = 0 Arg[5] = 0x00007ff700000000 = 140698833649664 6363a;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0x0000000000000001 = 1 Arg[2] = ptr 0x00000084b530e2e0 -> { \x01\x02\x03\x04\x05\x06\x07} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530dfa0 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[5] = 0x00f700f600000100 = 69525375809487104 6365f;kernel32.LCMapStringW LCMapStringW: Arg[0] = 0 Arg[1] = 0x0000000000000200 = 512 Arg[2] = ptr 0x00000084b530dfa0 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[3] = 0x0000000000000100 = 256 Arg[4] = 0 Arg[5] = 0x00f700f600000000 = 69525375809486848 6373c;kernel32.LCMapStringW LCMapStringW: Arg[0] = 0 Arg[1] = 0x0000000000000200 = 512 Arg[2] = ptr 0x00000084b530dfa0 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530dd90 -> {\xae\xcem`wX\x00\x00} Arg[5] = 0x0000000000000100 = 256 6377f;kernel32.WideCharToMultiByte WideCharToMultiByte: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0 Arg[2] = ptr 0x00000084b530dd90 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530e4e0 -> {\x00B\x8c\xb9\x90\x01\x00\x00} Arg[5] = 0x0000000000000100 = 256 Arg[6] = 0 Arg[7] = 0 6642d;ntdll.RtlEnterCriticalSection 66301;ntdll.RtlLeaveCriticalSection 6572e;kernel32.GetModuleFileNameA GetModuleFileNameA: Arg[0] = 0 Arg[1] = ptr 0x00007ff7fc2fba00 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[2] = 0x0000000000000104 = 260 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\x00\xba/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 63019;ntdll.RtlAllocateHeap 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xff\xff\xff\xff\x00\x00\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 6266e;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530e870 -> {\xb0\x85/\xfc\xf7\x7f\x00\x00} 6267c;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000001 = 1 626d4;kernel32.SetLastError SetLastError: Arg[0] = 0 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 688a8;ntdll.RtlAllocateHeap 61956;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190ccd60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190ccd60b30 -> "=::=::\" 62568;ntdll.RtlEncodePointer 62568;ntdll.RtlEncodePointer 62568;ntdll.RtlEncodePointer 62568;ntdll.RtlEncodePointer 62568;ntdll.RtlEncodePointer 62568;ntdll.RtlEncodePointer 62568;ntdll.RtlEncodePointer 62568;ntdll.RtlEncodePointer 62568;ntdll.RtlEncodePointer 62568;ntdll.RtlEncodePointer 688a8;ntdll.RtlAllocateHeap 62568;ntdll.RtlEncodePointer 688a8;ntdll.RtlAllocateHeap 6642d;ntdll.RtlEnterCriticalSection 6257c;ntdll.RtlDecodePointer 6257c;ntdll.RtlDecodePointer 66f63;ntdll.RtlSizeHeap 62568;ntdll.RtlEncodePointer 62568;ntdll.RtlEncodePointer 66301;ntdll.RtlLeaveCriticalSection edc09;CPUID:1 edc09;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 63019;ntdll.RtlAllocateHeap eb507;ntdll.RtlInitializeCriticalSection 63019;ntdll.RtlAllocateHeap eb507;ntdll.RtlInitializeCriticalSection 63019;ntdll.RtlAllocateHeap 618ff;[.,;E] -> [.f@w] 18168e;section: [.f@w] 13b65a;SYSCALL:0x50(NtProtectVirtualMemory) f4e81;SYSCALL:0x50(NtProtectVirtualMemory) 13b65a;SYSCALL:0x50(NtProtectVirtualMemory) 18118b;[.f@w] -> [.text] 8670;section: [.text] 8a39;CPUID:0 8a39;[ANTIVM] --> CPUID - vendor check;https://unprotect.it/technique/cpuid/ 8a5c;CPUID:1 8a5c;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 8af5;CPUID:7 da31;kernel32.LoadLibraryExW LoadLibraryExW: Arg[0] = ptr 0x00007ff7fc2ae868 -> L"api-ms-win-core-synch-l1-2-0" Arg[1] = 0 Arg[2] = 0x0000000000000800 = 2048 dae3;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2ae930 -> "InitializeCriticalSectionEx" 297b0;kernelbase.InitializeCriticalSectionEx da31;kernel32.LoadLibraryExW LoadLibraryExW: Arg[0] = ptr 0x00007ff7fc2ae828 -> L"api-ms-win-core-fibers-l1-1-1" Arg[1] = 0 Arg[2] = 0x0000000000000800 = 2048 dae3;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2ae8d8 -> "FlsAlloc" 297b0;kernelbase.FlsAlloc dae3;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2ae918 -> "FlsSetValue" 297b0;kernelbase.FlsSetValue FlsSetValue: Arg[0] = 0x0000000000000002 = 2 Arg[1] = ptr 0x00007ff7fc2bee80 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b9f8;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530f740 -> {\x00\x00\x00\x00\xabg\x9c\x00} 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2beff0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf018 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf040 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf068 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf090 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf0b8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf0e0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf108 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf130 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf158 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf180 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf1a8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf1d0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf1f8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bf220 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 24724;kernel32.GetProcessHeap GetProcessHeap: Arg[0] = 0xbacd1a366c4f0000 = 13460443682327953408 1b145;kernel32.LoadLibraryExW LoadLibraryExW: Arg[0] = ptr 0x00007ff7fc2b0da0 -> L"api-ms-win-core-fibers-l1-1-2" Arg[1] = 0 Arg[2] = 0x0000000000000800 = 2048 1b276;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2b12e0 -> "FlsGetValue2" 10b4a;ntdll.RtlEnterCriticalSection 1b1f5;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000004 = 4 Arg[3] = ptr 0x00000084b530f6f0 -> {\x00\x00\x00\x00\xf7\x7f\x00\x00} 1b226;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530f6f0 -> {\x02\x00\x00\x00\xf7\x7f\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 1b49c;kernel32.FlsAlloc FlsAlloc: Arg[0] = ptr 0x00007ff7fc2990e0 -> {H\x85\xc9t\x1aSH\x83} 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ffd1055d2f0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 19207;kernel32.GetLastError GetLastError: Arg[0] = 0x0000000000000010 = 16 1b4c0;kernel32.FlsSetValue FlsSetValue: Arg[0] = 0x0000000000000003 = 3 Arg[1] = 0xffffffffffffffff = 18446744073709551615 175d5;ntdll.RtlAllocateHeap 1b4c0;kernel32.FlsSetValue FlsSetValue: Arg[0] = 0x0000000000000003 = 3 Arg[1] = ptr 0x00000190b98c64b0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 19294;kernel32.SetLastError SetLastError: Arg[0] = 0 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0x000000000000007f = 127 10b4a;ntdll.RtlEnterCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 175d5;ntdll.RtlAllocateHeap 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6880 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c68c8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6910 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6958 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c69a0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c69e8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6a30 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6a78 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6ac0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6b08 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6b50 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6b98 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6be0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6c28 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6c70 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6cb8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6d00 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6d48 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6d90 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6dd8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6e20 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6e68 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6eb0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6ef8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6f40 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6f88 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c6fd0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7018 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7060 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c70a8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c70f0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7138 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7180 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c71c8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7210 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7258 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c72a0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c72e8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7330 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7378 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c73c0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7408 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7450 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7498 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c74e0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7528 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7570 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c75b8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7600 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7648 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7690 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c76d8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7720 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7768 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c77b0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c77f8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7840 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7888 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c78d0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7918 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7960 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c79a8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c79f0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00000190b98c7a38 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 10b9e;ntdll.RtlLeaveCriticalSection 194fc;kernel32.GetStartupInfoW GetStartupInfoW: Arg[0] = ptr 0x00000084b530f690 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 19645;kernel32.GetStdHandle GetStdHandle: Arg[0] = 0x00000000fffffff6 = 4294967286 1965b;kernel32.GetFileType GetFileType: Arg[0] = 0x0000000000000054 = 84 19645;kernel32.GetStdHandle GetStdHandle: Arg[0] = 0x00000000fffffff5 = 4294967285 1965b;kernel32.GetFileType GetFileType: Arg[0] = 0x0000000000000058 = 88 19645;kernel32.GetStdHandle GetStdHandle: Arg[0] = 0x00000000fffffff4 = 4294967284 1965b;kernel32.GetFileType GetFileType: Arg[0] = 0x000000000000005c = 92 10b9e;ntdll.RtlLeaveCriticalSection 14d74;kernel32.GetCommandLineA GetCommandLineA: Arg[0] = 0x00000000ffffffff = 4294967295 14d81;kernel32.GetCommandLineW GetCommandLineW: Arg[0] = 0x00000000ffffffff = 4294967295 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 20ac1;kernel32.GetACP GetACP: 1769e;ntdll.RtlAllocateHeap 211af;kernel32.IsValidCodePage IsValidCodePage: Arg[0] = 0x00000000000004e4 = 1252 211f3;kernel32.GetCPInfo GetCPInfo: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = ptr 0x00000084b530f430 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 20be8;kernel32.GetCPInfo GetCPInfo: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = ptr 0x00000084b530ecd0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1f9f5;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0x0000000000000001 = 1 Arg[2] = ptr 0x00000084b530ecf0 -> { \x01\x02\x03\x04\x05\x06\x07} Arg[3] = 0x0000000000000100 = 256 Arg[4] = 0 Arg[5] = 0x00007ff700000000 = 140698833649664 1f9f5;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0x0000000000000001 = 1 Arg[2] = ptr 0x00000084b530ecf0 -> { \x01\x02\x03\x04\x05\x06\x07} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530ea20 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[5] = 0x0000000100000100 = 4294967552 1f11a;kernel32.GetStringTypeW GetStringTypeW: Arg[0] = 0x0000000000000001 = 1 Arg[1] = ptr 0x00000084b530ea20 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[2] = 0x0000000000000100 = 256 Arg[3] = ptr 0x00000084b530eff0 -> {\x06\x8c\xd3M\x1c\x95\xbf\x0f} 1f9f5;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0x0000000000000001 = 1 Arg[2] = ptr 0x00000084b530ecf0 -> { \x01\x02\x03\x04\x05\x06\x07} Arg[3] = 0x0000000000000100 = 256 Arg[4] = 0 Arg[5] = 0x00bf00be00000000 = 53762536595521536 1f9f5;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0x0000000000000001 = 1 Arg[2] = ptr 0x00000084b530ecf0 -> { \x01\x02\x03\x04\x05\x06\x07} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530e9c0 -> {\x00\x02\x00\x00\x00\x00\x00\x00} Arg[5] = 0x0000000000000100 = 256 1b145;kernel32.LoadLibraryExW LoadLibraryExW: Arg[0] = ptr 0x00007ff7fc2b0e90 -> L"api-ms-win-core-localization-l1-2-1" Arg[1] = 0 Arg[2] = 0x0000000000000800 = 2048 1b276;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2b1388 -> "LCMapStringEx" 10b4a;ntdll.RtlEnterCriticalSection 1b1f5;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000004 = 4 Arg[3] = ptr 0x00000084b530e910 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b226;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530e910 -> {\x02\x00\x00\x00\x00\x00\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 297b0;kernelbase.LCMapStringEx LCMapStringEx: Arg[0] = 0 Arg[1] = 0x0000000000000100 = 256 Arg[2] = ptr 0x00000084b530e9c0 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[3] = 0x0000000000000100 = 256 Arg[4] = 0 Arg[5] = 0 Arg[6] = 0 Arg[7] = 0 Arg[8] = 0 297b0;kernelbase.LCMapStringEx LCMapStringEx: Arg[0] = 0 Arg[1] = 0x0000000000000100 = 256 Arg[2] = ptr 0x00000084b530e9c0 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530e7b0 -> {\x00\x01\x00\x00\x00\x01\x00\x00} Arg[5] = 0x0000000000000100 = 256 Arg[6] = 0 Arg[7] = 0 Arg[8] = 0 1fb0b;kernel32.WideCharToMultiByte WideCharToMultiByte: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0 Arg[2] = ptr 0x00000084b530e7b0 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530edf0 -> {\xf0\xf00\xb5\x84\x00\x00\x00} Arg[5] = 0x0000008400000100 = 566935683328 Arg[6] = 0 Arg[7] = 0 1f9f5;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0x0000000000000001 = 1 Arg[2] = ptr 0x00000084b530ecf0 -> { \x01\x02\x03\x04\x05\x06\x07} Arg[3] = 0x0000000000000100 = 256 Arg[4] = 0 Arg[5] = 0x00ef00ee00000000 = 67273541636063232 1f9f5;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0x0000000000000001 = 1 Arg[2] = ptr 0x00000084b530ecf0 -> { \x01\x02\x03\x04\x05\x06\x07} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530e9c0 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[5] = 0x00ef00ee00000100 = 67273541636063488 297b0;kernelbase.LCMapStringEx LCMapStringEx: Arg[0] = 0 Arg[1] = 0x0000000000000200 = 512 Arg[2] = ptr 0x00000084b530e9c0 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[3] = 0x0000000000000100 = 256 Arg[4] = 0 Arg[5] = 0 Arg[6] = 0 Arg[7] = 0 Arg[8] = 0 297b0;kernelbase.LCMapStringEx LCMapStringEx: Arg[0] = 0 Arg[1] = 0x0000000000000200 = 512 Arg[2] = ptr 0x00000084b530e9c0 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530e7b0 -> {\x00\x01\x00\x00\x00\x02\x00\x00} Arg[5] = 0x0000000000000100 = 256 Arg[6] = 0 Arg[7] = 0 Arg[8] = 0 1fb0b;kernel32.WideCharToMultiByte WideCharToMultiByte: Arg[0] = 0x00000000000004e4 = 1252 Arg[1] = 0 Arg[2] = ptr 0x00000084b530e7b0 -> -> { \x00\x01\x00\x02\x00\x03\x00} Arg[3] = 0x0000000000000100 = 256 Arg[4] = ptr 0x00000084b530eef0 -> {!\xc2\xe07\x90\x01\x00\x00} Arg[5] = 0x0000008400000100 = 566935683328 Arg[6] = 0 Arg[7] = 0 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 1769e;ntdll.RtlAllocateHeap 10b9e;ntdll.RtlLeaveCriticalSection 207c7;kernel32.GetModuleFileNameW GetModuleFileNameW: Arg[0] = 0 Arg[1] = ptr 0x00000084b530f4b0 -> { \xf70\xb5\x03\x00\x00\x00} Arg[2] = 0x0000000000000105 = 261 1b145;kernel32.LoadLibraryExW LoadLibraryExW: Arg[0] = ptr 0x00007ff7fc2ae8a8 -> L"kernel32" Arg[1] = 0 Arg[2] = 0x0000000000000800 = 2048 1b276;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd10240000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2b1290 -> "AreFileApisANSI" 10b4a;ntdll.RtlEnterCriticalSection 1b1f5;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000004 = 4 Arg[3] = ptr 0x00000084b530f410 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b226;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530f410 -> {\x02\x00\x00\x00\x00\x00\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 297b0;kernel32.AreFileApisANSI AreFileApisANSI: Arg[0] = 0x00000000ffffffff = 4294967295 1fb0b;kernel32.WideCharToMultiByte WideCharToMultiByte: Arg[0] = 0 Arg[1] = 0 Arg[2] = ptr 0x00000084b530f4b0 -> L"C:\Users\tester\Desktop\testdemo\testaslr.vmp.exe" Arg[3] = 0x00000000ffffffff = 4294967295 Arg[4] = 0 Arg[5] = 0x0000008400000000 = 566935683072 Arg[6] = 0 Arg[7] = 0 1fb0b;kernel32.WideCharToMultiByte WideCharToMultiByte: Arg[0] = 0 Arg[1] = 0 Arg[2] = ptr 0x00000084b530f4b0 -> L"C:\Users\tester\Desktop\testdemo\testaslr.vmp.exe" Arg[3] = 0x00000000ffffffff = 4294967295 Arg[4] = ptr 0x00007ff7fc2bf280 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[5] = 0x0000008400000104 = 566935683332 Arg[6] = 0 Arg[7] = 0 175d5;ntdll.RtlAllocateHeap 904f;ntdll.RtlInitializeSListHead RtlInitializeSListHead: Arg[0] = ptr 0x00007ff7fc2bee50 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 193c1;kernel32.GetLastError GetLastError: Arg[0] = 0 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 2149d;kernel32.GetEnvironmentStringsW GetEnvironmentStringsW: Arg[0] = 0 1fb0b;kernel32.WideCharToMultiByte WideCharToMultiByte: Arg[0] = 0 Arg[1] = 0 Arg[2] = ptr 0x00000190b98c7e20 -> L"=::=::\" Arg[3] = 0x00000000000011a4 = 4516 Arg[4] = 0 Arg[5] = 0x0000008400000000 = 566935683072 Arg[6] = 0 Arg[7] = 0 1769e;ntdll.RtlAllocateHeap 1fb0b;kernel32.WideCharToMultiByte WideCharToMultiByte: Arg[0] = 0 Arg[1] = 0 Arg[2] = ptr 0x00000190b98c7e20 -> L"=::=::\" Arg[3] = 0x00000000000011a4 = 4516 Arg[4] = ptr 0x00000190b98ca170 -> {P\x01\x8c\xb9\x90\x01\x00\x00} Arg[5] = 0x00000084000011a4 = 566935687588 Arg[6] = 0 Arg[7] = 0 2156e;kernel32.FreeEnvironmentStringsW FreeEnvironmentStringsW: Arg[0] = ptr 0x00000190b98c7e20 -> L"=::=::\" 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98ca170 -> "=::=::\" 175d5;ntdll.RtlAllocateHeap 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bd1b0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bd208 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 1b5cc;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2bd260 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 291c7;CPUID:1 291c7;[ANTIVM] --> CPUID - HyperVisor bit check;https://unprotect.it/technique/cpuid/ 29222;CPUID:0 29222;[ANTIVM] --> CPUID - vendor check;https://unprotect.it/technique/cpuid/ 29230;CPUID:7 924b;kernel32.SetUnhandledExceptionFilter SetUnhandledExceptionFilter: Arg[0] = ptr 0x00007ff7fc289254 -> {H\x89\$\x08WH\x83} 84e1;[ANTIDEBUG] --> ^ SetUnhandledExceptionFilter;https://anti-debug.checkpoint.com/techniques/exceptions.html#unhandledexceptionfilter 7ea8;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2be280 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 7ea8;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2be2a8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 7ea8;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2be2d0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 7ea8;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2be2f8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 7ea8;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2be320 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 7ea8;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2be348 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 7ea8;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2be370 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 7ea8;kernel32.InitializeCriticalSectionEx InitializeCriticalSectionEx: Arg[0] = ptr 0x00007ff7fc2be398 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0x0000000000000fa0 = 4000 Arg[2] = 0 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 1b145;kernel32.LoadLibraryExW LoadLibraryExW: Arg[0] = ptr 0x00007ff7fc2b0f90 -> L"api-ms-win-core-string-l1-1-0" Arg[1] = 0 Arg[2] = 0x0000000000000800 = 2048 1b276;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2b12a8 -> "CompareStringEx" 10b4a;ntdll.RtlEnterCriticalSection 1b1f5;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000004 = 4 Arg[3] = ptr 0x00000084b530f640 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b226;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530f640 -> {\x02\x00\x00\x00\x00\x00\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 1b276;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2b12c0 -> "EnumSystemLocalesEx" 10b4a;ntdll.RtlEnterCriticalSection 1b1f5;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000004 = 4 Arg[3] = ptr 0x00000084b530f640 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b226;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530f640 -> {\x02\x00\x00\x00\x00\x00\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 1b145;kernel32.LoadLibraryExW LoadLibraryExW: Arg[0] = ptr 0x00007ff7fc2b0d60 -> L"api-ms-win-core-datetime-l1-1-1" Arg[1] = 0 Arg[2] = 0x0000000000000800 = 2048 1b276;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2b12f8 -> "GetDateFormatEx" 10b4a;ntdll.RtlEnterCriticalSection 1b1f5;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000004 = 4 Arg[3] = ptr 0x00000084b530f640 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b226;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530f640 -> {\x02\x00\x00\x00\x00\x00\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 1b276;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2b1310 -> "GetLocaleInfoEx" 10b4a;ntdll.RtlEnterCriticalSection 1b1f5;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000004 = 4 Arg[3] = ptr 0x00000084b530f640 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b226;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530f640 -> {\x02\x00\x00\x00\x00\x00\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 1b276;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2b1328 -> "GetTimeFormatEx" 10b4a;ntdll.RtlEnterCriticalSection 1b1f5;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000004 = 4 Arg[3] = ptr 0x00000084b530f640 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b226;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530f640 -> {\x02\x00\x00\x00\x00\x00\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 1b276;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2b1340 -> "GetUserDefaultLocaleName" 10b4a;ntdll.RtlEnterCriticalSection 1b1f5;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000004 = 4 Arg[3] = ptr 0x00000084b530f640 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b226;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530f640 -> {\x02\x00\x00\x00\x00\x00\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 1b276;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2b1368 -> "IsValidLocaleName" 10b4a;ntdll.RtlEnterCriticalSection 1b1f5;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000004 = 4 Arg[3] = ptr 0x00000084b530f640 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b226;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530f640 -> {\x02\x00\x00\x00\x00\x00\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 1b145;kernel32.LoadLibraryExW LoadLibraryExW: Arg[0] = ptr 0x00007ff7fc2b0ee0 -> L"api-ms-win-core-localization-obsolete-l1-2-0" Arg[1] = 0 Arg[2] = 0x0000000000000800 = 2048 1b276;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2b13a0 -> "LCIDToLocaleName" 10b4a;ntdll.RtlEnterCriticalSection 1b1f5;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000004 = 4 Arg[3] = ptr 0x00000084b530f640 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b226;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530f640 -> {\x02\x00\x00\x00\x00\x00\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 1b276;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2b13c0 -> "LocaleNameToLCID" 10b4a;ntdll.RtlEnterCriticalSection 1b1f5;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000004 = 4 Arg[3] = ptr 0x00000084b530f640 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b226;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530f640 -> {\x02\x00\x00\x00\x00\x00\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 10bbc;ntdll.RtlEnterCriticalSection 1769e;ntdll.RtlAllocateHeap 1769e;ntdll.RtlAllocateHeap 803a;ntdll.RtlEncodePointer 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cdfb0 -> -> {*\x00\x8c\xb9\x90\x01\x00\x00} 1769e;ntdll.RtlAllocateHeap 10bcb;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10bbc;ntdll.RtlEnterCriticalSection 10bcb;ntdll.RtlLeaveCriticalSection 10bbc;ntdll.RtlEnterCriticalSection 10bbc;ntdll.RtlEnterCriticalSection 10bcb;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10bbc;ntdll.RtlEnterCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 193c1;kernel32.GetLastError GetLastError: Arg[0] = 0 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ffd0dd8d270 -> {@USVWATA} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 175d5;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 1769e;ntdll.RtlAllocateHeap 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cdfd0 -> {\x01\x00\x00\x00L\x00C\x00} 10b9e;ntdll.RtlLeaveCriticalSection 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c64b0 -> {\x10\xfe*\xfc\xf7\x7f\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 1769e;ntdll.RtlAllocateHeap 10b9e;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 175d5;ntdll.RtlAllocateHeap 193c1;kernel32.GetLastError GetLastError: Arg[0] = 0 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ffd0dd8d270 -> {@USVWATA} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 175d5;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 1769e;ntdll.RtlAllocateHeap 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cdfd0 -> {\x01\x00\x00\x00L\x00C\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb0b0 -> {\x00\x00\x00\x00C\x00\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98caf50 -> {\xc0\xeb*\xfc\xf7\x7f\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb0f0 -> L"C" 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 1769e;ntdll.RtlAllocateHeap 10b9e;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530f5b8 -> {|\xb2)\xfc\xf7\x7f\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 175d5;ntdll.RtlAllocateHeap 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x000000007ffe0380 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98ce1d0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 10b4a;ntdll.RtlEnterCriticalSection 175d5;ntdll.RtlAllocateHeap 193c1;kernel32.GetLastError GetLastError: Arg[0] = 0 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ffd0dd8d270 -> {@USVWATA} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 175d5;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 1769e;ntdll.RtlAllocateHeap 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98ce1e0 -> {\x01\x00\x00\x00L\x00C\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb0f0 -> {\x00\x00\x00\x00C\x00\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb110 -> {\xc0\xeb*\xfc\xf7\x7f\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb290 -> L"C" 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 1769e;ntdll.RtlAllocateHeap 10b9e;ntdll.RtlLeaveCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb270 -> -> {C\x00\x8c\xb9\x90\x01\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb0d0 -> -> {C\x00\x8c\xb9\x90\x01\x00\x00} 10bcb;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10bcb;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10bbc;ntdll.RtlEnterCriticalSection 10bcb;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10bbc;ntdll.RtlEnterCriticalSection 10bcb;ntdll.RtlLeaveCriticalSection 10bbc;ntdll.RtlEnterCriticalSection 10bcb;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 2018;kernel32.GetModuleHandleW GetModuleHandleW: Arg[0] = 0 10db0;ntdll.RtlEnterCriticalSection 10db0;ntdll.RtlEnterCriticalSection 1769e;ntdll.RtlAllocateHeap 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530df70 -> {\xb5\xb1\xc7\xb0\xbd\xf8\xb3\xcc} Arg[2] = 0x0000000000000016 = 22 Arg[3] = ptr 0x00000084b530df60 -> {\x00\x00\x00\x00\xf7\x7f\x00\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection a6a7;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ff7fc2be3e0 -> {\x18\xc6*\xfc\xf7\x7f\x00\x00} dae3;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0dd60000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2ae900 -> "FlsGetValue" 297b0;kernelbase.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000002 = 2 a6bf;kernel32.SetLastError SetLastError: Arg[0] = 0 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 10bbc;ntdll.RtlEnterCriticalSection 10bbc;ntdll.RtlEnterCriticalSection 10bcb;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10bbc;ntdll.RtlEnterCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 193c1;kernel32.GetLastError GetLastError: Arg[0] = 0 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ffd0dd8d270 -> {@USVWATA} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 175d5;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 1769e;ntdll.RtlAllocateHeap 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf1f0 -> {\x01\x00\x00\x00L\x00C\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb0b0 -> {\x00\x00\x00\x00C\x00\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98caf50 -> {\xc0\xeb*\xfc\xf7\x7f\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c64b0 -> {\x10\xfe*\xfc\xf7\x7f\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 1769e;ntdll.RtlAllocateHeap 10b9e;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 175d5;ntdll.RtlAllocateHeap 193c1;kernel32.GetLastError GetLastError: Arg[0] = 0 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ffd0dd8d270 -> {@USVWATA} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 175d5;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 1769e;ntdll.RtlAllocateHeap 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf1f0 -> {\x01\x00\x00\x00L\x00C\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb230 -> {\x00\x00\x00\x00C\x00\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb0d0 -> {\xc0\xeb*\xfc\xf7\x7f\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb270 -> L"C" 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 1769e;ntdll.RtlAllocateHeap 10b9e;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 175d5;ntdll.RtlAllocateHeap 193c1;kernel32.GetLastError GetLastError: Arg[0] = 0 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ffd0dd8d270 -> {@USVWATA} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 175d5;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 1769e;ntdll.RtlAllocateHeap 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf400 -> {\x01\x00\x00\x00L\x00C\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb270 -> {\x00\x00\x00\x00C\x00\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98caf50 -> {\xc0\xeb*\xfc\xf7\x7f\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf2c0 -> L"C" 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 1769e;ntdll.RtlAllocateHeap 10b9e;ntdll.RtlLeaveCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb290 -> -> {C\x00\x8c\xb9\x90\x01\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb250 -> -> {C\x00\x8c\xb9\x90\x01\x00\x00} 10bcb;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10bcb;ntdll.RtlLeaveCriticalSection 10bbc;ntdll.RtlEnterCriticalSection 10bcb;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10bbc;ntdll.RtlEnterCriticalSection 10bbc;ntdll.RtlEnterCriticalSection 10bcb;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10bbc;ntdll.RtlEnterCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 193c1;kernel32.GetLastError GetLastError: Arg[0] = 0 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ffd0dd8d270 -> {@USVWATA} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 175d5;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 1769e;ntdll.RtlAllocateHeap 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf810 -> {\x01\x00\x00\x00L\x00C\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf380 -> {\x00\x00\x00\x00C\x00\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb0b0 -> {\xc0\xeb*\xfc\xf7\x7f\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c64b0 -> {\x10\xfe*\xfc\xf7\x7f\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 1769e;ntdll.RtlAllocateHeap 10b9e;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 175d5;ntdll.RtlAllocateHeap 193c1;kernel32.GetLastError GetLastError: Arg[0] = 0 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ffd0dd8d270 -> {@USVWATA} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 175d5;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 1769e;ntdll.RtlAllocateHeap 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf810 -> {\x01\x00\x00\x00L\x00C\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf2c0 -> {\x00\x00\x00\x00C\x00\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98caf50 -> {\xc0\xeb*\xfc\xf7\x7f\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf2e0 -> L"C" 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 1769e;ntdll.RtlAllocateHeap 10b9e;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 193c1;kernel32.GetLastError GetLastError: Arg[0] = 0x0000000000000043 = 67 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530f438 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c64b0 -> {\x10\xfe*\xfc\xf7\x7f\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c64b0 -> {\x10\xfe*\xfc\xf7\x7f\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000084b530f438 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c64b0 -> {\x10\xfe*\xfc\xf7\x7f\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c64b0 -> {\x10\xfe*\xfc\xf7\x7f\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 175d5;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 175d5;ntdll.RtlAllocateHeap 193c1;kernel32.GetLastError GetLastError: Arg[0] = 0 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ffd0dd8d270 -> {@USVWATA} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 175d5;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 1769e;ntdll.RtlAllocateHeap 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf810 -> {\x01\x00\x00\x00L\x00C\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf270 -> {\x00\x00\x00\x00C\x00\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb0b0 -> {\xc0\xeb*\xfc\xf7\x7f\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf3a0 -> L"C" 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 1769e;ntdll.RtlAllocateHeap 10b9e;ntdll.RtlLeaveCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf280 -> L"C" 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf300 -> L"C" 10bcb;ntdll.RtlLeaveCriticalSection 1769e;ntdll.RtlAllocateHeap 10bcb;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {0\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {0\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {0\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {0\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {7\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {F\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {F\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {7\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {F\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {C\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {2\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {8\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {0\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {0\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {0\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530ddf0 -> -> {0\x001\x002\x003\x00} Arg[2] = 0x0000000000000001 = 1 Arg[3] = ptr 0x00000084b530dde0 -> {\x00\x00\x00\x00*\x00+\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf660 -> "00007FF7FC280000" a6a7;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ff7fc2be3e0 -> {\x18\xc6*\xfc\xf7\x7f\x00\x00} 297b0;kernelbase.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000002 = 2 a6bf;kernel32.SetLastError SetLastError: Arg[0] = 0 10dbc;ntdll.RtlLeaveCriticalSection 10bbc;ntdll.RtlEnterCriticalSection 10bcb;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection 10db0;ntdll.RtlEnterCriticalSection 21c00;ntdll.RtlEnterCriticalSection 1c41c;kernel32.WriteFile WriteFile: Arg[0] = 0x0000000000000058 = 88 Arg[1] = ptr 0x00000084b530df90 -> " " Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530df80 -> {\x00\x00\x00\x000x\x00\x00} Arg[4] = 0 21c28;ntdll.RtlLeaveCriticalSection 10dbc;ntdll.RtlLeaveCriticalSection a6a7;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ff7fc2be3e0 -> {\x18\xc6*\xfc\xf7\x7f\x00\x00} 297b0;kernelbase.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000002 = 2 a6bf;kernel32.SetLastError SetLastError: Arg[0] = 0 10dbc;ntdll.RtlLeaveCriticalSection 10db0;ntdll.RtlEnterCriticalSection a6a7;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ff7fc2be3e0 -> {\x18\xc6*\xfc\xf7\x7f\x00\x00} 297b0;kernelbase.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000002 = 2 a6bf;kernel32.SetLastError SetLastError: Arg[0] = 0 10dbc;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 175d5;ntdll.RtlAllocateHeap 10b9e;ntdll.RtlLeaveCriticalSection 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00007ff7fc2aeaa0 -> "/c" 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 193c1;kernel32.GetLastError GetLastError: Arg[0] = ptr 0x00000190b98c64b0 -> {\x10\xfe*\xfc\xf7\x7f\x00\x00} 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 297b0;kernel32.AreFileApisANSI AreFileApisANSI: Arg[0] = ptr 0x00000084b530f640 -> {`\xf70\xb5\x84\x00\x00\x00} 1f9f5;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0 Arg[1] = 0x0000000000000009 = 9 Arg[2] = ptr 0x00000190b98cf690 -> "C:\WINDOWS\system32\cmd.exe" Arg[3] = 0x00000000ffffffff = 4294967295 Arg[4] = 0 Arg[5] = 0x00007ffd00000000 = 140724603453440 1769e;ntdll.RtlAllocateHeap 1f9f5;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0 Arg[1] = 0x0000000000000009 = 9 Arg[2] = ptr 0x00000190b98cf690 -> "C:\WINDOWS\system32\cmd.exe" Arg[3] = 0x00000000ffffffff = 4294967295 Arg[4] = ptr 0x00000190b98cb250 -> {\xb0\xb0\x8c\xb9\x90\x01\x00\x00} Arg[5] = 0x00007ffd0000001c = 140724603453468 1a413;kernel32.GetFileAttributesExW GetFileAttributesExW: Arg[0] = ptr 0x00000190b98cb250 -> L"C:\WINDOWS\system32\cmd.exe" Arg[1] = 0 Arg[2] = ptr 0x00000084b530f5e0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb250 -> L"C:\WINDOWS\system32\cmd.exe" 175d5;ntdll.RtlAllocateHeap 10b4a;ntdll.RtlEnterCriticalSection 175d5;ntdll.RtlAllocateHeap 10b9e;ntdll.RtlLeaveCriticalSection 193c1;kernel32.GetLastError GetLastError: Arg[0] = 0x00000000ffffffff = 4294967295 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 297b0;kernel32.AreFileApisANSI AreFileApisANSI: Arg[0] = ptr 0x00000084b530f498 -> {\x00\x00\x00\x16\xfd\x7f\x00\x00} 1f9f5;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0 Arg[1] = 0x0000000000000009 = 9 Arg[2] = ptr 0x00000190b98cf690 -> "C:\WINDOWS\system32\cmd.exe" Arg[3] = 0x00000000ffffffff = 4294967295 Arg[4] = 0 Arg[5] = 0 1769e;ntdll.RtlAllocateHeap 1f9f5;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0 Arg[1] = 0x0000000000000009 = 9 Arg[2] = ptr 0x00000190b98cf690 -> "C:\WINDOWS\system32\cmd.exe" Arg[3] = 0x00000000ffffffff = 4294967295 Arg[4] = ptr 0x00000190b98cb250 -> {\xb0\xb0\x8c\xb9\x90\x01\x00\x00} Arg[5] = 0x000000000000001c = 28 297b0;kernel32.AreFileApisANSI AreFileApisANSI: Arg[0] = ptr 0x00000084b530f498 -> {\x00\x00\x00\x16\xfd\x7f\x00\x00} 1f9f5;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0 Arg[1] = 0x0000000000000009 = 9 Arg[2] = ptr 0x00000190b98cf5d0 -> "C:\WINDOWS\system32\cmd.exe /c pause" Arg[3] = 0x00000000ffffffff = 4294967295 Arg[4] = 0 Arg[5] = 0 1769e;ntdll.RtlAllocateHeap 1f9f5;kernel32.MultiByteToWideChar MultiByteToWideChar: Arg[0] = 0 Arg[1] = 0x0000000000000009 = 9 Arg[2] = ptr 0x00000190b98cf5d0 -> "C:\WINDOWS\system32\cmd.exe /c pause" Arg[3] = 0x00000000ffffffff = 4294967295 Arg[4] = ptr 0x00000190b98cb290 -> {\xb0\xb0\x8c\xb9\x90\x01\x00\x00} Arg[5] = 0x0000000000000025 = 37 265e7;kernel32.CreateProcessW CreateProcessW: Arg[0] = ptr 0x00000190b98cb250 -> L"C:\WINDOWS\system32\cmd.exe" Arg[1] = ptr 0x00000190b98cb290 -> L"C:\WINDOWS\system32\cmd.exe /c pause" Arg[2] = 0 Arg[3] = 0 Arg[4] = 0x0000000000000001 = 1 Arg[5] = 0x00007ff700000000 = 140698833649664 Arg[6] = 0 Arg[7] = 0 Arg[8] = ptr 0x00000084b530f610 -> L"h" Arg[9] = ptr 0x00000084b530f5f0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb290 -> L"C:\WINDOWS\system32\cmd.exe /c pause" 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb250 -> L"C:\WINDOWS\system32\cmd.exe" 19cf7;kernel32.WaitForSingleObject WaitForSingleObject: Arg[0] = 0x0000000000000114 = 276 Arg[1] = 0x00000000ffffffff = 4294967295 19d09;kernel32.GetExitCodeProcess GetExitCodeProcess: Arg[0] = 0x0000000000000114 = 276 Arg[1] = ptr 0x00000084b530f6a8 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 19d1f;kernel32.CloseHandle CloseHandle: Arg[0] = 0x0000000000000110 = 272 19d2d;kernel32.CloseHandle CloseHandle: Arg[0] = 0x0000000000000114 = 276 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf810 -> L"@" 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf5d0 -> "C:\WINDOWS\system32\cmd.exe /c pause" 193c1;kernel32.GetLastError GetLastError: Arg[0] = 0 1b4ac;kernel32.FlsGetValue FlsGetValue: Arg[0] = 0x0000000000000003 = 3 193f4;kernel32.SetLastError SetLastError: Arg[0] = 0 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf690 -> "C:\WINDOWS\system32\cmd.exe" 91f6;kernel32.GetModuleHandleW GetModuleHandleW: Arg[0] = 0 14b63;kernel32.GetModuleHandleW GetModuleHandleW: Arg[0] = 0 10b4a;ntdll.RtlEnterCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf2b0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf2f0 -> "false" 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf290 -> "true" 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cb210 -> {`\xc5*\xfc\xf7\x7f\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98c8b90 -> {\x10\x8b\x8c\xb9\x90\x01\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98c8ad0 -> {`\xc5*\xfc\xf7\x7f\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98c8b10 -> {\xf0\x88\x8c\xb9\x90\x01\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cdfd0 -> -> { \x00 \x00 \x00 \x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98caf10 -> {`\xc5*\xfc\xf7\x7f\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98c88f0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 2b22b;ntdll.RtlDecodePointer 10bbc;ntdll.RtlEnterCriticalSection 10bcb;ntdll.RtlLeaveCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98c8a90 -> -> {t\x00o\x00p\x00\\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98c8af0 -> -> {e\x00r\x00\\x00D\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98c89f0 -> -> {s\x00o\x00u\x00r\x00} 10bbc;ntdll.RtlEnterCriticalSection 10bcb;ntdll.RtlLeaveCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cdfb0 -> -> {C\x00\x8c\xb9\x90\x01\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98caed0 -> {`\xc5*\xfc\xf7\x7f\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98c8b70 -> -> {\\x00t\x00i\x00n\x00} 7e98;ntdll.RtlDeleteCriticalSection 7e98;ntdll.RtlDeleteCriticalSection 7e98;ntdll.RtlDeleteCriticalSection 7e98;ntdll.RtlDeleteCriticalSection 7e98;ntdll.RtlDeleteCriticalSection 7e98;ntdll.RtlDeleteCriticalSection 7e98;ntdll.RtlDeleteCriticalSection 7e98;ntdll.RtlDeleteCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98c7cc0 -> {\x0cSKd\x00l\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 10d39;ntdll.RtlDeleteCriticalSection 10d39;ntdll.RtlDeleteCriticalSection 10d39;ntdll.RtlDeleteCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98c9a40 -> {\x80\xd1+\xfc\xf7\x7f\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 1b145;kernel32.LoadLibraryExW LoadLibraryExW: Arg[0] = ptr 0x00007ff7fc2b1220 -> L"api-ms-win-appmodel-runtime-l1-1-2" Arg[1] = 0 Arg[2] = 0x0000000000000800 = 2048 1b276;kernel32.GetProcAddress GetProcAddress: Arg[0] = ptr 0x00007ffd0c270000 -> {MZ\x90\x00\x03\x00\x00\x00} Arg[1] = ptr 0x00007ff7fc2b13d8 -> "AppPolicyGetProcessTerminationMethod" 10b4a;ntdll.RtlEnterCriticalSection 1b1f5;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000004 = 4 Arg[3] = ptr 0x00000084b530f6f0 -> {\x00\x00\x00\x00\x00\x00\x00\x00} 1b226;kernel32.VirtualProtect VirtualProtect: Arg[0] = ptr 0x00007ff7fc2c3000 -> {0\x0f&\x10\xfd\x7f\x00\x00} Arg[1] = 0x0000000000000100 = 256 Arg[2] = 0x0000000000000002 = 2 Arg[3] = ptr 0x00000084b530f6f0 -> {\x02\x00\x00\x00\x00\x00\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 297b0;kernel.appcore.AppPolicyGetProcessTerminationMethod 14c75;kernel32.GetModuleHandleExW GetModuleHandleExW: Arg[0] = 0 Arg[1] = ptr 0x00007ff7fc2aff60 -> L"mscoree.dll" Arg[2] = ptr 0x00000084b530f718 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[3] = 0x0000000000000002 = 2 Arg[4] = 0xfffffffffffffffe = 18446744073709551614 14c46;kernel32.FatalExit FatalExit: Arg[0] = 0 6270c;section: [.,;E] 6642d;ntdll.RtlEnterCriticalSection 66301;ntdll.RtlLeaveCriticalSection 6642d;ntdll.RtlEnterCriticalSection 66301;ntdll.RtlLeaveCriticalSection 61956;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190ccd60000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190ccd60860 -> {\x14<\x00\x00\x00\x00\x00\x00} 62840;ntdll.[RtlProcessFlsData+135]* a594;section: [.text] a5b2;ntdll.[RtlProcessFlsData+135]* 10b4a;ntdll.RtlEnterCriticalSection 10b9e;ntdll.RtlLeaveCriticalSection 10b4a;ntdll.RtlEnterCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98cf380 -> {\x00\x00\x00\x00C\x00\x00\x00} 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98caf50 -> {\xc0\xeb*\xfc\xf7\x7f\x00\x00} 10b9e;ntdll.RtlLeaveCriticalSection 17616;kernel32.HeapFree HeapFree: Arg[0] = ptr 0x00000190b98c0000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} Arg[1] = 0 Arg[2] = ptr 0x00000190b98c64b0 -> {\x10\xfe*\xfc\xf7\x7f\x00\x00} 190ff;ntdll.[RtlProcessFlsData+135]*