Created
July 27, 2021 06:31
-
-
Save hasherezade/98ea5d00efdf09f2492d1e510d8ac70b to your computer and use it in GitHub Desktop.
Tag file from tracing a VMProtect-protected NuggetPhantom component
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 71941;kernel32.LoadLibraryA | |
| Arg[0] = ptr 0x000000d19111f670 -> "kernel32.dll" | |
| cdb3d;kernel32.GetModuleFileNameW | |
| cdb3d;kernel32.CreateFileW | |
| Arg[0] = ptr 0x000000d19111f280 -> L"C:\Users\tester\Desktop\winupdate64.dll" | |
| Arg[1] = 0x0000000080000000 = 2147483648 | |
| Arg[2] = 0x0000000000000003 = 3 | |
| Arg[3] = 0 | |
| Arg[4] = 0x0000000000000003 = 3 | |
| Arg[5] = 0x0000000000000080 = 128 | |
| cdb3d;kernel32.GetFileSize | |
| cdb3d;kernel32.CreateFileMappingW | |
| cdb3d;kernel32.MapViewOfFile | |
| cdb3d;kernel32.UnmapViewOfFile | |
| cdb3d;kernel32.CloseHandle | |
| cdb3d;kernel32.CloseHandle | |
| cdb3d;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x0000000000401000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[1] = 0x000000000001716c = 94572 | |
| Arg[2] = 0x0000000000000040 = 64 | |
| Arg[3] = ptr 0x000000d19111f680 -> {\xb4\x00\x00\x00\x00\x00\x00\x00} | |
| cdb3d;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x0000000000425000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[1] = 0x000000000000008b = 139 | |
| Arg[2] = 0x0000000000000004 = 4 | |
| Arg[3] = ptr 0x000000d19111f680 -> L" " | |
| cdb3d;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x0000000000426000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[1] = 0x0000000000000044 = 68 | |
| Arg[2] = 0x0000000000000004 = 4 | |
| Arg[3] = ptr 0x000000d19111f680 -> {\x02\x00\x00\x00\x00\x00\x00\x00} | |
| cdb3d;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x0000000000427000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[1] = 0x00000000000012dc = 4828 | |
| Arg[2] = 0x0000000000000040 = 64 | |
| Arg[3] = ptr 0x000000d19111f680 -> {\x02\x00\x00\x00\x00\x00\x00\x00} | |
| cdb3d;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x0000000000429000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[1] = 0x00000000000014ac = 5292 | |
| Arg[2] = 0x0000000000000004 = 4 | |
| Arg[3] = ptr 0x000000d19111f680 -> L" " | |
| 833ab;kernel32.LocalAlloc | |
| 6e930;kernel32.LocalFree | |
| 833ab;kernel32.LocalAlloc | |
| 6e930;kernel32.LocalFree | |
| 833ab;kernel32.LocalAlloc | |
| 6e930;kernel32.LocalFree | |
| 833ab;kernel32.LocalAlloc | |
| 6e930;kernel32.LocalFree | |
| 833ab;kernel32.LocalAlloc | |
| 6e930;kernel32.LocalFree | |
| 833ab;kernel32.LocalAlloc | |
| 6e930;kernel32.LocalFree | |
| 833ab;kernel32.LocalAlloc | |
| 6e930;kernel32.LocalFree | |
| 833ab;kernel32.LocalAlloc | |
| 6e930;kernel32.LocalFree | |
| 833ab;kernel32.LocalAlloc | |
| 6e930;kernel32.LocalFree | |
| cdb3d;kernel32.LocalAlloc | |
| cc2b6;CPUID:1 | |
| 71941;kernel32.LoadLibraryA | |
| Arg[0] = ptr 0x000000d19111f670 -> "oleaut32.dll" | |
| 71941;kernel32.LoadLibraryA | |
| Arg[0] = ptr 0x000000d19111f670 -> "kernel32.dll" | |
| 71941;kernel32.LoadLibraryA | |
| Arg[0] = ptr 0x000000d19111ebf9 -> "NTDLL" | |
| 71941;kernel32.LoadLibraryA | |
| Arg[0] = ptr 0x000000d19111ebf5 -> "NTDLL" | |
| 71941;kernel32.LoadLibraryA | |
| Arg[0] = ptr 0x000000d19111ebf5 -> "NTDLL" | |
| 71941;kernel32.LoadLibraryA | |
| Arg[0] = ptr 0x000000d19111ec00 -> "NTDLL" | |
| 71941;kernel32.LoadLibraryA | |
| Arg[0] = ptr 0x000000d19111ebf9 -> "NTDLL" | |
| 71941;kernel32.LoadLibraryA | |
| Arg[0] = ptr 0x000000d19111f670 -> "advapi32.dll" | |
| cdb3d;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x0000000000401000 -> {\x08\x10@\x00\x00\x00\x00\x00} | |
| Arg[1] = 0x000000000001716c = 94572 | |
| Arg[2] = 0x0000000000000020 = 32 | |
| Arg[3] = ptr 0x000000d19111f680 -> {\x02\x00\x00\x00\x00\x00\x00\x00} | |
| cdb3d;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x0000000000425000 -> {+F\xa8T\xbb\xb8\xc5\xa3} | |
| Arg[1] = 0x000000000000008b = 139 | |
| Arg[2] = 0x0000000000000002 = 2 | |
| Arg[3] = ptr 0x000000d19111f680 -> L"@" | |
| cdb3d;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x0000000000426000 -> "Embarcadero Delphi for Win64 compiler version 29.0 (22.0.19908.869)" | |
| Arg[1] = 0x0000000000000044 = 68 | |
| Arg[2] = 0x0000000000000002 = 2 | |
| Arg[3] = ptr 0x000000d19111f680 -> {\x04\x00\x00\x00\x00\x00\x00\x00} | |
| cdb3d;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x0000000000427000 -> {f\x89E\x00\xe9\x1a\xcd\x00} | |
| Arg[1] = 0x00000000000012dc = 4828 | |
| Arg[2] = 0x0000000000000020 = 32 | |
| Arg[3] = ptr 0x000000d19111f680 -> {\x04\x00\x00\x00\x00\x00\x00\x00} | |
| cdb3d;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x0000000000429000 -> {\x80(\x00\x00\xbc(\x00\x00} | |
| Arg[1] = 0x00000000000014ac = 5292 | |
| Arg[2] = 0x0000000000000002 = 2 | |
| Arg[3] = ptr 0x000000d19111f680 -> L"@" | |
| cc2b6;CPUID:1 | |
| 39993;kernel32.GetCurrentThreadId | |
| 35f2c;kernel32.TlsAlloc | |
| 44400;kernel32.LocalAlloc | |
| 50e36;kernel32.TlsSetValue | |
| 58d68;kernel32.TlsGetValue | |
| 398d1;kernel32.SetThreadLocale | |
| 44c3f;ntdll.RtlInitializeCriticalSection | |
| 755a7;kernel32.GetVersion | |
| 54db2;kernel32.GetModuleHandleW | |
| 4312f;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x0000000000408a9e -> "GetThreadPreferredUILanguages" | |
| 54db2;kernel32.GetModuleHandleW | |
| 4312f;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x0000000000408abc -> "SetThreadPreferredUILanguages" | |
| 54db2;kernel32.GetModuleHandleW | |
| 4312f;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x0000000000408ada -> "GetThreadUILanguage" | |
| 444eb;kernel32.GetSystemInfo | |
| 63416;kernel32.GetCommandLineW | |
| 52061;kernel32.GetStartupInfoW | |
| 5c855;kernel32.GetACP | |
| 39993;kernel32.GetCurrentThreadId | |
| 755a7;kernel32.GetVersion | |
| 85138;kernel32.GetVersionExW | |
| 51d06;kernel32.QueryPerformanceCounter | |
| 669f4;kernel32.GetModuleHandleW | |
| 397c5;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000000040d3aa -> L"SetProcessDEPPolicy" | |
| Arg[3] = 0x0000000000000013 = 19 | |
| 6d274;kernel32.VirtualAlloc | |
| 397c5;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000000040d3aa -> L"SetProcessDEPPolicy" | |
| Arg[3] = 0x0000000000000013 = 19 | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a41a8d00 -> "SetProcessDEPPolicy" | |
| d2e9;kernel32.SetProcessDEPPolicy | |
| 669f4;kernel32.GetModuleHandleW | |
| 397c5;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000000040d3e6 -> L"NtSetInformationProcess" | |
| Arg[3] = 0x0000000000000017 = 23 | |
| 397c5;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000000040d3e6 -> L"NtSetInformationProcess" | |
| Arg[3] = 0x0000000000000017 = 23 | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5d60000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a41a8d00 -> "NtSetInformationProcess" | |
| 58077;kernel32.GetCurrentProcess | |
| d37b;ntdll.ZwSetInformationProcess | |
| 6a6fc;kernel32.SetUnhandledExceptionFilter | |
| 54e12;kernel32.GetModuleHandleA | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000000040c3b1 -> "GetVersionExA" | |
| c395;kernel32.GetVersionExA | |
| 55da5;kernel32.GetCurrentThreadId | |
| 699b5;ntdll.RtlInitializeCriticalSection | |
| 52efa;ntdll.RtlInitializeCriticalSection | |
| 52efa;ntdll.RtlInitializeCriticalSection | |
| 30dcd;kernel32.SetUnhandledExceptionFilter | |
| 580b7;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000000040c340 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111f3ac -> {\x00\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| 50bcd;kernel32.GetVolumeInformationA | |
| 30dcd;kernel32.GlobalAddAtomA | |
| 30dcd;kernel32.GetCurrentProcess | |
| 30dcd;kernel32.SetPriorityClass | |
| 580b7;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000000040c340 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111f3ac -> {\x00\x00\x00\x00\xb8\xf5\x11\x91} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| 50bcd;kernel32.GetVolumeInformationA | |
| 580b7;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a41a19d0 -> "%SystemRoot%\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = ptr 0x000000d19111f3ec -> {\x00\x00\x00\x00\xd0\x19\x1a\xa4} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| 681fd;kernel32.GetFileAttributesA | |
| 580b7;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a41a1a10 -> "C:\Windows\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = ptr 0x000000d19111f18c -> {\x00\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| 580b7;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a41a1a10 -> "C:\Windows\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = ptr 0x000000d19111f18c -> "C:\Windows\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[2] = 0x0000000000000104 = 260 | |
| 66179;kernel32.FindFirstFileA | |
| Arg[0] = ptr 0x000000d1a41a1ad0 -> "C:\Windows\AppPatch\*.sdb" | |
| 4b9dd;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a4193370 -> "C:\Windows\AppPatch\DBC6FEA6B4MK.sdb" | |
| Arg[1] = 0x0000000080000000 = 2147483648 | |
| Arg[2] = 0 | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 45984;kernel32.CloseHandle | |
| 6458a;kernel32.FindClose | |
| 681fd;kernel32.GetFileAttributesA | |
| 4b9dd;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a41a1b10 -> "C:\Windows\AppPatch\DBC6FEA6B4MK.sdb" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0x0000000000000003 = 3 | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 681fd;kernel32.GetFileAttributesA | |
| 4b9dd;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a41a1a10 -> "C:\Windows\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0x0000000000000003 = 3 | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 6d27b;kernel32.SetFilePointer | |
| 59bad;kernel32.SetEndOfFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 3747d;kernel32.ReadFile | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 3747d;kernel32.ReadFile | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 3747d;kernel32.ReadFile | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 3747d;kernel32.ReadFile | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 3747d;kernel32.ReadFile | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 3747d;kernel32.ReadFile | |
| 3747d;kernel32.ReadFile | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 3747d;kernel32.ReadFile | |
| 3747d;kernel32.ReadFile | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 6a961;kernel32.WriteFile | |
| 3747d;kernel32.ReadFile | |
| 45984;kernel32.CloseHandle | |
| 45984;kernel32.CloseHandle | |
| 30dcd;kernel32.DeleteFileA | |
| 681fd;kernel32.GetFileAttributesA | |
| 4b9dd;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a41a1a10 -> "C:\Windows\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0x0000000000000003 = 3 | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 45984;kernel32.CloseHandle | |
| 681fd;kernel32.GetFileAttributesA | |
| 4b9dd;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a41a1a10 -> "C:\Windows\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0x0000000000000003 = 3 | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 45984;kernel32.CloseHandle | |
| 681fd;kernel32.GetFileAttributesA | |
| 4b9dd;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a41a1a10 -> "C:\Windows\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0x0000000000000003 = 3 | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 45984;kernel32.CloseHandle | |
| 681fd;kernel32.GetFileAttributesA | |
| 4b9dd;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a41a1a10 -> "C:\Windows\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0x0000000000000003 = 3 | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 45984;kernel32.CloseHandle | |
| 681fd;kernel32.GetFileAttributesA | |
| 4b9dd;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a41a1a10 -> "C:\Windows\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0x0000000000000003 = 3 | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 6d27b;kernel32.SetFilePointer | |
| 6d27b;kernel32.SetFilePointer | |
| 3747d;kernel32.ReadFile | |
| 3747d;kernel32.ReadFile | |
| 3747d;kernel32.ReadFile | |
| 6d274;kernel32.VirtualAlloc | |
| 56a06;kernel32.VirtualFree | |
| 45984;kernel32.CloseHandle | |
| 3b7a1;kernel32.VirtualAlloc | |
| 3a77e;kernel32.GetModuleHandleA | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f36e0000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bea08 -> "SysFreeString" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f36e0000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bea18 -> "SysReAllocStringLen" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f36e0000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bea2e -> "SysAllocStringLen" | |
| 3a77e;kernel32.GetModuleHandleA | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bea50 -> "Sleep" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bea58 -> "VirtualFree" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bea66 -> "VirtualAlloc" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bea76 -> "VirtualQuery" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bea86 -> "QueryPerformanceCounter" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beaa0 -> "GetTickCount" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beab0 -> "GetSystemInfo" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beac0 -> "GetVersion" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beace -> "SetThreadLocale" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beae0 -> "WideCharToMultiByte" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beaf6 -> "MultiByteToWideChar" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beb0c -> "GetACP" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beb16 -> "GetStartupInfoW" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beb28 -> "GetProcAddress" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beb3a -> "GetModuleHandleW" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beb4e -> "GetCommandLineW" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beb60 -> "FreeLibrary" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beb6e -> "UnhandledExceptionFilter" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beb8a -> "RtlUnwindEx" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beb98 -> "RtlUnwind" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beba4 -> "RaiseException" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bebb6 -> "ExitProcess" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bebc4 -> "GetCurrentThreadId" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bebda -> "DeleteCriticalSection" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bebf2 -> "InitializeCriticalSection" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bec0e -> "WriteFile" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bec1a -> "GetStdHandle" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bec2a -> "CloseHandle" | |
| 3a77e;kernel32.GetModuleHandleA | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bec46 -> "GetProcAddress" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bec58 -> "RaiseException" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bec6a -> "LoadLibraryA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bec7a -> "GetLastError" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bec8a -> "TlsSetValue" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bec98 -> "TlsGetValue" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beca6 -> "TlsFree" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42becb0 -> "TlsAlloc" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42becbc -> "LocalFree" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42becc8 -> "LocalAlloc" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42becd6 -> "FreeLibrary" | |
| 3a77e;kernel32.GetModuleHandleA | |
| 5c995;kernel32.LoadLibraryA | |
| Arg[0] = ptr 0x000000d1a42bece2 -> "version.dll" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f1ad0000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42becf0 -> "VerQueryValueA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f1ad0000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bed02 -> "GetFileVersionInfoSizeA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f1ad0000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bed1c -> "GetFileVersionInfoA" | |
| 3a77e;kernel32.GetModuleHandleA | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bed40 -> "WriteProcessMemory" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bed56 -> "WriteFile" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bed62 -> "WaitForSingleObject" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bed78 -> "VirtualQuery" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bed88 -> "VirtualFree" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bed96 -> "VirtualAllocEx" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beda8 -> "VirtualAlloc" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bedb8 -> "TerminateProcess" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bedcc -> "Sleep" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bedd4 -> "SetUnhandledExceptionFilter" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bedf2 -> "SetThreadPriority" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bee06 -> "SetPriorityClass" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bee1a -> "SetFileTime" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bee28 -> "SetFilePointer" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bee3a -> "SetFileAttributesA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bee50 -> "SetEndOfFile" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bee60 -> "ResumeThread" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bee70 -> "ReleaseMutex" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bee80 -> "ReadFile" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bee8c -> "OpenProcess" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bee9a -> "OpenMutexA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beea8 -> "OpenFileMappingA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beebc -> "MoveFileA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beec8 -> "MapViewOfFile" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beed8 -> "LocalFree" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beee4 -> "LoadLibraryA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beef4 -> "LoadLibraryW" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bef04 -> "InitializeCriticalSection" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bef20 -> "HeapFree" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bef2c -> "HeapAlloc" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bef38 -> "GetVolumeInformationA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bef50 -> "GetVersionExW" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bef60 -> "GetProcessHeap" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bef72 -> "GetProcAddress" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bef84 -> "GetModuleHandleA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bef98 -> "GetModuleHandleW" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42befac -> "GetModuleFileNameA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42befc2 -> "GetLastError" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42befd2 -> "GetFullPathNameA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42befe6 -> "GetFileTime" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42beff4 -> "GetFileAttributesA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf00a -> "GetCurrentThreadId" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf020 -> "GetCurrentProcessId" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf036 -> "GetCurrentProcess" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf04a -> "FreeLibrary" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf058 -> "FindNextFileA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf068 -> "FindFirstFileA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf07a -> "FindClose" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf086 -> "ExpandEnvironmentStringsA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf0a2 -> "ExitThread" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf0b0 -> "DeviceIoControl" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf0c2 -> "DeleteFileA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf0d0 -> "DeleteCriticalSection" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf0e8 -> "CreateThread" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf0f8 -> "CreateProcessA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf10a -> "CreateMutexA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf11a -> "CreateFileMappingA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf130 -> "CreateFileA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf13e -> "CopyFileA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf14a -> "CompareStringA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf15c -> "CloseHandle" | |
| 3a77e;kernel32.GetModuleHandleA | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf178 -> "SetSecurityDescriptorDacl" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf194 -> "RegSetValueExA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf1a6 -> "RegQueryValueExA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf1ba -> "RegQueryInfoKeyA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf1ce -> "RegOpenKeyExA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf1de -> "RegFlushKey" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf1ec -> "RegEnumValueA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf1fc -> "RegEnumKeyA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf20a -> "RegEnumKeyExA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf21a -> "RegDeleteValueA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf22c -> "RegDeleteKeyA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf23c -> "RegCreateKeyExA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf24e -> "RegCloseKey" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf25c -> "OpenProcessToken" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf270 -> "LookupPrivilegeValueA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf288 -> "InitializeSecurityDescriptor" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf2a8 -> "AdjustTokenPrivileges" | |
| 3a77e;kernel32.GetModuleHandleA | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf2ce -> "BuildExplicitAccessWithNameA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf2ee -> "SetNamedSecurityInfoA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf306 -> "GetNamedSecurityInfoA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf31e -> "SetEntriesInAclA" | |
| 3a77e;kernel32.GetModuleHandleA | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf340 -> "StartServiceW" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf350 -> "OpenServiceA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf360 -> "OpenSCManagerA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf372 -> "OpenSCManagerW" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf384 -> "DeleteService" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf394 -> "CreateServiceA" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf3a6 -> "ControlService" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5060000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf3b8 -> "CloseServiceHandle" | |
| 3a77e;kernel32.GetModuleHandleA | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5d60000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf3d8 -> "RtlInitUnicodeString" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5d60000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf3f0 -> "ZwUnloadDriver" | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5d60000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42bf402 -> "ZwLoadDriver" | |
| 669f4;kernel32.GetModuleHandleW | |
| 397c5;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000000040e22e -> L"RtlAddFunctionTable" | |
| Arg[3] = 0x0000000000000013 = 19 | |
| 397c5;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000000040e22e -> L"RtlAddFunctionTable" | |
| Arg[3] = 0x0000000000000013 = 19 | |
| 3aefc;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a41a8d60 -> "RtlAddFunctionTable" | |
| e202;kernel32.RtlAddFunctionTable | |
| 5da90;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x000000d1a4280000 -> "MZP" | |
| Arg[1] = 0x0000000000000400 = 1024 | |
| Arg[2] = 0x0000000000000004 = 4 | |
| Arg[3] = ptr 0x000000d19111f43c -> {\x00\x00\x00\x00\x00\x00(\xa4} | |
| 48d31;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x000000d1a4281000 -> {\x08\x10(\xa4\xd1\x00\x00\x00} | |
| Arg[1] = 0x0000000000030000 = 196608 | |
| Arg[2] = 0x0000000000000020 = 32 | |
| Arg[3] = ptr 0x000000d19111f43c -> L"@" | |
| 48d31;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x000000d1a42b1000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[1] = 0x0000000000006000 = 24576 | |
| Arg[2] = 0x0000000000000004 = 4 | |
| Arg[3] = ptr 0x000000d19111f43c -> L"@" | |
| 48d31;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x000000d1a42be000 -> {\xc8\xe0\x03\x00\x00\x00\x00\x00} | |
| Arg[1] = 0x0000000000002000 = 8192 | |
| Arg[2] = 0x0000000000000004 = 4 | |
| Arg[3] = ptr 0x000000d19111f43c -> L"@" | |
| 48d31;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x000000d1a42c0000 -> {\x01\x00\x00\x00\xa0\x00\x04\x00} | |
| Arg[1] = 0x0000000000001000 = 4096 | |
| Arg[2] = 0x0000000000000004 = 4 | |
| Arg[3] = ptr 0x000000d19111f43c -> L"@" | |
| 48d31;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x000000d1a42c1000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[1] = 0x0000000000001000 = 4096 | |
| Arg[2] = 0x0000000000000002 = 2 | |
| Arg[3] = ptr 0x000000d19111f43c -> L"@" | |
| 48d31;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x000000d1a42c2000 -> "Embarcadero Delphi for Win64 compiler version 29.0 (22.0.19908.869)" | |
| Arg[1] = 0x0000000000001000 = 4096 | |
| Arg[2] = 0x0000000000000002 = 2 | |
| Arg[3] = ptr 0x000000d19111f43c -> L"@" | |
| 48d31;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x000000d1a42c3000 -> {\x00\x00\x04\x00\x0c\x00\x00\x00} | |
| Arg[1] = 0x0000000000002000 = 8192 | |
| Arg[2] = 0x0000000000000002 = 2 | |
| Arg[3] = ptr 0x000000d19111f43c -> L"@" | |
| 48d31;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x000000d1a42c5000 -> {\x90(\x00\x00\xcc(\x00\x00} | |
| Arg[1] = 0x0000000000003000 = 12288 | |
| Arg[2] = 0x0000000000000002 = 2 | |
| Arg[3] = ptr 0x000000d19111f43c -> L"@" | |
| 48d31;kernel32.VirtualProtect | |
| Arg[0] = ptr 0x000000d1a42c8000 -> {\x00\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[1] = 0x0000000000001000 = 4096 | |
| Arg[2] = 0x0000000000000002 = 2 | |
| Arg[3] = ptr 0x000000d19111f43c -> L"@" | |
| 3b7a1;kernel32.VirtualAlloc | |
| 51fb5;kernel32.GetModuleFileNameA | |
| 3b7a1;kernel32.VirtualAlloc | |
| e67a;called: ?? [d1a42b0000+360] | |
| > d1a4282000+6d0;kernel32.GetCurrentThreadId | |
| > d1a428a000+9a0;kernel32.TlsAlloc | |
| > d1a428a000+980;kernel32.LocalAlloc | |
| > d1a428a000+9d0;kernel32.TlsSetValue | |
| > d1a428a000+9c0;kernel32.TlsGetValue | |
| > d1a4282000+7b0;kernel32.SetThreadLocale | |
| > d1a4282000+6b0;ntdll.RtlInitializeCriticalSection | |
| > d1a4282000+810;kernel32.GetVersion | |
| > d1a4282000+750;kernel32.GetModuleHandleW | |
| > d1a4282000+760;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a428a14e -> "GetThreadPreferredUILanguages" | |
| > d1a4282000+750;kernel32.GetModuleHandleW | |
| > d1a4282000+760;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a428a16c -> "SetThreadPreferredUILanguages" | |
| > d1a4282000+750;kernel32.GetModuleHandleW | |
| > d1a4282000+760;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a428a18a -> "GetThreadUILanguage" | |
| > d1a4282000+820;kernel32.GetSystemInfo | |
| > d1a4282000+740;kernel32.GetCommandLineW | |
| > d1a4282000+770;kernel32.GetStartupInfoW | |
| > d1a4282000+780;kernel32.GetACP | |
| > d1a4282000+6d0;kernel32.GetCurrentThreadId | |
| > d1a4282000+810;kernel32.GetVersion | |
| > d1a428c000+1b0;kernel32.GetVersionExW | |
| > d1a4282000+840;kernel32.QueryPerformanceCounter | |
| > d1a428c000+b0;kernel32.GetModuleHandleW | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a429477a -> L"SetProcessDEPPolicy" | |
| Arg[3] = 0x0000000000000013 = 19 | |
| > d1a4282000+8d0;kernel32.VirtualAlloc | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a429477a -> L"SetProcessDEPPolicy" | |
| Arg[3] = 0x0000000000000013 = 19 | |
| > d1a428c000+e0;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a4488d00 -> "SetProcessDEPPolicy" | |
| > d1a4294000+6b9;kernel32.SetProcessDEPPolicy | |
| > d1a428c000+b0;kernel32.GetModuleHandleW | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42947b6 -> L"NtSetInformationProcess" | |
| Arg[3] = 0x0000000000000017 = 23 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42947b6 -> L"NtSetInformationProcess" | |
| Arg[3] = 0x0000000000000017 = 23 | |
| > d1a428c000+e0;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f5d60000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a4488d00 -> "NtSetInformationProcess" | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a4294000+74b;ntdll.ZwSetInformationProcess | |
| > d1a428c000+310;kernel32.SetUnhandledExceptionFilter | |
| > d1a428c000+c0;kernel32.GetModuleHandleA | |
| > d1a428c000+e0;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a42909f1 -> "GetVersionExA" | |
| > d1a4290000+9d5;kernel32.GetVersionExA | |
| > d1a428c000+50;kernel32.GetCurrentThreadId | |
| > d1a428c000+1f0;ntdll.RtlInitializeCriticalSection | |
| > d1a428c000+1f0;ntdll.RtlInitializeCriticalSection | |
| > d1a428c000+1f0;ntdll.RtlInitializeCriticalSection | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a428c000+250;kernel32.OpenFileMappingA | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a4296ec0 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111eebc -> {\xd1\x00\x00\x00\xc0\xef\x11\x91} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428c000+250;kernel32.OpenFileMappingA | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a4296ec0 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111eebc -> {\xd1\x00\x00\x00\xc0\xef\x11\x91} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428c000+250;kernel32.OpenFileMappingA | |
| > d1a428b000+e00;advapi32.InitializeSecurityDescriptor | |
| > d1a428b000+ef0;advapi32.SetSecurityDescriptorDacl | |
| > d1a428b000+f40;kernel32.CreateFileMappingA | |
| > d1a428c000+230;kernel32.MapViewOfFile | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a4296ec0 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111ef0c -> {\xf9\x7f\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a4296ec0 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111ef0c -> {\x00\x00\x00\x000\x8dH\xa4} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428b000+e00;advapi32.InitializeSecurityDescriptor | |
| > d1a428b000+ef0;advapi32.SetSecurityDescriptorDacl | |
| > d1a428b000+f50;kernel32.CreateMutexA | |
| Arg[0] = ptr 0x000000d19111f058 -> {\x18\x00\x00\x00\xd1\x00\x00\x00} | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a447a6e0 -> "Global\06D6BC92SLG_MutexLock" | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a428f990 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111ee1c -> {\xd1\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a447a6a0 -> "%SystemRoot%\AppPatch\TK06D6BC92MS.sdb" | |
| Arg[1] = ptr 0x000000d19111ee8c -> {\xd1\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a428f990 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111ee1c -> {\xd1\x00\x00\x00&\x00'\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a447a720 -> "%SystemRoot%\AppPatch\RC06D6BC92MS.sdb" | |
| Arg[1] = ptr 0x000000d19111ee8c -> {\xd1\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a428f990 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111ee1c -> {\xd1\x00\x00\x00&\x00'\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a447a7a0 -> "%SystemRoot%\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = ptr 0x000000d19111ee8c -> {\xd1\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+380;kernel32.WaitForSingleObject | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a4282000+860;oleaut32.SysAllocStringLen | |
| > d1a4282000+860;oleaut32.SysAllocStringLen | |
| > d1a4282000+860;oleaut32.SysAllocStringLen | |
| > d1a4282000+880;oleaut32.SysFreeString | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1911dcbb8 -> L"{}" | |
| Arg[3] = 0x0000000000000002 = 2 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1911dcbb8 -> L"{}" | |
| Arg[3] = 0x0000000000000002 = 2 | |
| > d1a4282000+880;oleaut32.SysFreeString | |
| > d1a4282000+880;oleaut32.SysFreeString | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a4296ec0 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111ee5c -> {\xd1\x00\x00\x00\x02\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428c000+290;kernel32.ReleaseMutex | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a4488e80 -> "\\.\dump_06D6BC92" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0 | |
| > d1a428c000+40;kernel32.GetCurrentProcessId | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a4488e80 -> "\\.\dump_06D6BC92" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0 | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a42a17b0 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111ee5c -> {\xd1\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a447a6a0 -> "%SystemRoot%\AppPatch\TK06D6BC92MS.sdb" | |
| Arg[1] = ptr 0x000000d19111eecc -> {\xd1\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a447a720 -> "C:\Windows\AppPatch\TK06D6BC92MS.sdb" | |
| Arg[1] = ptr 0x000000d19111ee8c -> {\xd1\x00\x00\x00\xe8\xbb+\xa4} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+80;kernel32.GetFullPathNameA | |
| > d1a428c000+60;kernel32.GetFileAttributesA | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a447a860 -> "C:\Windows\AppPatch\TK06D6BC92MS.sdb" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0x0000000000000003 = 3 | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a447a720 -> "C:\Windows\AppPatch\TK06D6BC92MS.sdb" | |
| Arg[1] = ptr 0x000000d19111ecac -> {\x00\x00\x00\x00`\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+80;kernel32.GetFullPathNameA | |
| > d1a428b000+e00;advapi32.InitializeSecurityDescriptor | |
| > d1a428b000+ef0;advapi32.SetSecurityDescriptorDacl | |
| > d1a428b000+f50;kernel32.CreateMutexA | |
| Arg[0] = ptr 0x000000d19111ee70 -> {\x18\x00\x00\x00\xd1\x00\x00\x00} | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a4488df0 -> "Global\A9D00CDA_Lock" | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+380;kernel32.WaitForSingleObject | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+390;kernel32.WriteFile | |
| > d1a428c000+390;kernel32.WriteFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2b0;kernel32.SetEndOfFile | |
| > d1a428c000+290;kernel32.ReleaseMutex | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2b0;kernel32.SetEndOfFile | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a42a17b0 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111ee5c -> {\xd1\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a447a7a0 -> "%SystemRoot%\AppPatch\RC06D6BC92MS.sdb" | |
| Arg[1] = ptr 0x000000d19111eecc -> {\xd1\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a447a8a0 -> "C:\Windows\AppPatch\RC06D6BC92MS.sdb" | |
| Arg[1] = ptr 0x000000d19111ee8c -> {\xd1\x00\x00\x00\xe8\xbb+\xa4} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+80;kernel32.GetFullPathNameA | |
| > d1a428c000+60;kernel32.GetFileAttributesA | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a447a960 -> "C:\Windows\AppPatch\RC06D6BC92MS.sdb" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0x0000000000000003 = 3 | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a447a8a0 -> "C:\Windows\AppPatch\RC06D6BC92MS.sdb" | |
| Arg[1] = ptr 0x000000d19111ecac -> {\x00\x00\x00\x00`\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+80;kernel32.GetFullPathNameA | |
| > d1a428b000+e00;advapi32.InitializeSecurityDescriptor | |
| > d1a428b000+ef0;advapi32.SetSecurityDescriptorDacl | |
| > d1a428b000+f50;kernel32.CreateMutexA | |
| Arg[0] = ptr 0x000000d19111ee70 -> {\x18\x00\x00\x00\xd1\x00\x00\x00} | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a4488eb0 -> "Global\4EC86138_Lock" | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+380;kernel32.WaitForSingleObject | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+390;kernel32.WriteFile | |
| > d1a428c000+390;kernel32.WriteFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2b0;kernel32.SetEndOfFile | |
| > d1a428c000+290;kernel32.ReleaseMutex | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2b0;kernel32.SetEndOfFile | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a42a17b0 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111ee5c -> {\xd1\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a447a920 -> "%SystemRoot%\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = ptr 0x000000d19111eecc -> {\xd1\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a447a9e0 -> "C:\Windows\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = ptr 0x000000d19111ee8c -> {\xd1\x00\x00\x00\xe8\xbb+\xa4} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+80;kernel32.GetFullPathNameA | |
| > d1a428c000+60;kernel32.GetFileAttributesA | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a447aaa0 -> "C:\Windows\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0x0000000000000003 = 3 | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a447a9e0 -> "C:\Windows\AppPatch\DB06D6BC92MK.sdb" | |
| Arg[1] = ptr 0x000000d19111ecac -> {\x00\x00\x00\x00`\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+80;kernel32.GetFullPathNameA | |
| > d1a428b000+e00;advapi32.InitializeSecurityDescriptor | |
| > d1a428b000+ef0;advapi32.SetSecurityDescriptorDacl | |
| > d1a428b000+f50;kernel32.CreateMutexA | |
| Arg[0] = ptr 0x000000d19111ee70 -> {\x18\x00\x00\x00\xd1\x00\x00\x00} | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a4488f10 -> "Global\C9808ADE_Lock" | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2b0;kernel32.SetEndOfFile | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a4488e80 -> "\\.\dump_06D6BC92" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0 | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a4488e80 -> "\\.\dump_06D6BC92" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0 | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a4488e80 -> "\\.\dump_06D6BC92" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0 | |
| > d1a428c000+370;kernel32.VirtualQuery | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a42ab370 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111ef0c -> {\xd1\x00\x00\x00\x11\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428b000+e00;advapi32.InitializeSecurityDescriptor | |
| > d1a428b000+ef0;advapi32.SetSecurityDescriptorDacl | |
| > d1a428b000+f50;kernel32.CreateMutexA | |
| Arg[0] = ptr 0x000000d19111f058 -> {\x18\x00\x00\x00\xd1\x00\x00\x00} | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a446c160 -> "Global\06D6BC92ExpDriver" | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+df0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+b0;kernel32.GetModuleHandleW | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a429087a -> L"Wow64DisableWow64FsRedirection" | |
| Arg[3] = 0x000000000000001e = 30 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a429087a -> L"Wow64DisableWow64FsRedirection" | |
| Arg[3] = 0x000000000000001e = 30 | |
| > d1a428c000+e0;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a447a920 -> "Wow64DisableWow64FsRedirection" | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42908b8 -> L"Wow64RevertWow64FsRedirection" | |
| Arg[3] = 0x000000000000001d = 29 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42908b8 -> L"Wow64RevertWow64FsRedirection" | |
| Arg[3] = 0x000000000000001d = 29 | |
| > d1a428c000+e0;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a447a920 -> "Wow64RevertWow64FsRedirection" | |
| > d1a4290000+919;kernel32.Wow64DisableWow64FsRedirection | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a42a6d54 -> "%SystemRoot%\System32\drivers\" | |
| Arg[1] = ptr 0x000000d19111e98c -> {\x00\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+0;kernel32.FindFirstFileA | |
| Arg[0] = ptr 0x000000d1a447aa60 -> "C:\Windows\System32\drivers\*.sys" | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428b000+ff0;kernel32.FindClose | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a428b000+ec0;advapi32.RegQueryInfoKeyA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e70;advapi32.RegEnumKeyExA | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a42a7578 -> "%SystemRoot%\System32\drivers\" | |
| Arg[1] = ptr 0x000000d19111ec6c -> {\xd1\x00\x00\x00\x84r*\xa4} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+0;kernel32.FindFirstFileA | |
| Arg[0] = ptr 0x000000d1a447ad60 -> "C:\Windows\System32\drivers\*.sys" | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a42a75c0 -> L"360" | |
| Arg[3] = 0x0000000000000003 = 3 | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428b000+ff0;kernel32.FindClose | |
| > d1a4282000+840;kernel32.QueryPerformanceCounter | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a428b000+ed0;advapi32.RegQueryValueExA | |
| > d1a428b000+ed0;advapi32.RegQueryValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a428b000+ec0;advapi32.RegQueryInfoKeyA | |
| > d1a428b000+e90;advapi32.RegEnumValueA | |
| > d1a428b000+e60;advapi32.RegDeleteValueA | |
| > d1a428b000+e50;advapi32.RegDeleteKeyA | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a42a9d48 -> "%SystemRoot%\System32\drivers\" | |
| Arg[1] = ptr 0x000000d19111ee5c -> {\xd1\x00\x00\x00P\x8eH\xa4} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a42a8e38 -> "%SystemRoot%\System32\drivers\" | |
| Arg[1] = ptr 0x000000d19111ec6c -> {\x00\x00\x00\x00\x06\x02\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+0;kernel32.FindFirstFileA | |
| Arg[0] = ptr 0x000000d1a447a920 -> "C:\Windows\System32\drivers\*.sys" | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428c000+10;kernel32.FindNextFileA | |
| > d1a428b000+ff0;kernel32.FindClose | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a448a1d0 -> "\\.\dump_06D6BC92" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0 | |
| > d1a428c000+c0;kernel32.GetModuleHandleA | |
| > d1a428c000+e0;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a4290a61 -> "GetVersionExA" | |
| > d1a4290000+a45;kernel32.GetVersionExA | |
| > d1a428c000+380;kernel32.WaitForSingleObject | |
| > d1a428c000+380;kernel32.WaitForSingleObject | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2b0;kernel32.SetEndOfFile | |
| > d1a428c000+290;kernel32.ReleaseMutex | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+2d0;kernel32.SetFilePointer | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+280;kernel32.ReadFile | |
| > d1a428c000+290;kernel32.ReleaseMutex | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a4473500 -> "C:\Windows\System32\drivers\dump_BASICDISPLAY.sys" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0 | |
| > d1a428c000+390;kernel32.WriteFile | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a448a320 -> L"FltMgr" | |
| Arg[3] = 0x0000000000000008 = 8 | |
| > d1a4282000+7a0;kernel32.WideCharToMultiByte | |
| Arg[0] = 0x00000000000004e2 = 1250 | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a448a320 -> L"FltMgr" | |
| Arg[3] = 0x0000000000000008 = 8 | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a428b000+e40;advapi32.RegCreateKeyExA | |
| > d1a428b000+ee0;advapi32.RegSetValueExA | |
| > d1a428b000+ea0;advapi32.RegFlushKey | |
| > d1a428b000+e30;advapi32.RegCloseKey | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a42a7000+e50;ntdll.RtlInitUnicodeString | |
| > d1a42a7000+e30;ntdll.NtLoadDriver | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a448a320 -> "\\.\dump_06D6BC92" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0 | |
| > d1a428b000+fc0;kernel32.DeviceIoControl | |
| Arg[0] = 0x00000000000000c8 = 200 | |
| Arg[1] = 0x0000000000222c80 = 2239616 | |
| Arg[2] = ptr 0x000000d19111ef0c -> {0\xc2\xc7\xb6L\x83*\xa4} | |
| Arg[3] = 0x0000000000000004 = 4 | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a4282000+860;oleaut32.SysAllocStringLen | |
| > d1a428b000+fc0;kernel32.DeviceIoControl | |
| Arg[0] = 0x00000000000000c8 = 200 | |
| Arg[1] = 0x0000000000222e18 = 2240024 | |
| Arg[2] = ptr 0x000000d1911dc728 -> L"654344236" | |
| Arg[3] = 0x0000000000000012 = 18 | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a4282000+880;oleaut32.SysFreeString | |
| > d1a428c000+c0;kernel32.GetModuleHandleA | |
| > d1a428c000+e0;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a4290a61 -> "GetVersionExA" | |
| > d1a4290000+a45;kernel32.GetVersionExA | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a42a7000+e50;ntdll.RtlInitUnicodeString | |
| > d1a42a7000+e40;ntdll.NtUnloadDriver | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a428b000+eb0;advapi32.RegOpenKeyExA | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a448a2f0 -> "\\.\dump_06D6BC92" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0 | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a4282000+860;oleaut32.SysAllocStringLen | |
| > d1a428b000+fc0;kernel32.DeviceIoControl | |
| Arg[0] = 0x000000000000012c = 300 | |
| Arg[1] = 0x00000000002227f0 = 2238448 | |
| Arg[2] = ptr 0x000000d1911de188 -> L"dump_06D6BC92" | |
| Arg[3] = 0x000000000000001a = 26 | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a4282000+860;oleaut32.SysAllocStringLen | |
| > d1a428b000+fc0;kernel32.DeviceIoControl | |
| Arg[0] = 0x000000000000012c = 300 | |
| Arg[1] = 0x00000000002220c0 = 2236608 | |
| Arg[2] = ptr 0x000000d1911de588 -> L"dump_06D6BC92" | |
| Arg[3] = 0x000000000000001a = 26 | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a4282000+880;oleaut32.SysFreeString | |
| > d1a4282000+880;oleaut32.SysFreeString | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a448a350 -> "\\.\dump_06D6BC92" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0 | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a4282000+860;oleaut32.SysAllocStringLen | |
| > d1a428b000+fc0;kernel32.DeviceIoControl | |
| Arg[0] = 0x000000000000012c = 300 | |
| Arg[1] = 0x00000000002227ec = 2238444 | |
| Arg[2] = ptr 0x000000d1911dda78 -> L"dump_BASICDISPLAY.sys" | |
| Arg[3] = 0x000000000000002a = 42 | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a4282000+860;oleaut32.SysAllocStringLen | |
| > d1a428b000+fc0;kernel32.DeviceIoControl | |
| Arg[0] = 0x000000000000012c = 300 | |
| Arg[1] = 0x000000000022209c = 2236572 | |
| Arg[2] = ptr 0x000000d1911dd7f8 -> L"dump_BASICDISPLAY.sys" | |
| Arg[3] = 0x000000000000002a = 42 | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a4282000+880;oleaut32.SysFreeString | |
| > d1a4282000+880;oleaut32.SysFreeString | |
| > d1a428b000+fb0;kernel32.DeleteFileA | |
| > d1a4290000+919;kernel32.Wow64DisableWow64FsRedirection | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a42a8b40 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111ed5c -> {\x00\x00\x00\x00\xf8\x02\x1d\x91} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428c000+260;kernel32.OpenMutexA | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a42a92ac -> "%SystemRoot%\System32\" | |
| Arg[1] = ptr 0x000000d19111edcc -> {\xd1\x00\x00\x00\xc0\x88\x03\xf3} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+c0;kernel32.GetModuleHandleA | |
| > d1a428c000+e0;kernel32.GetProcAddress | |
| Arg[0] = ptr 0x00007ff9f3950000 -> {MZ\x90\x00\x03\x00\x00\x00} | |
| Arg[1] = ptr 0x000000d1a4290a61 -> "GetVersionExA" | |
| > d1a4290000+a45;kernel32.GetVersionExA | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a42a92ac -> "%SystemRoot%\System32\" | |
| Arg[1] = ptr 0x000000d19111edcc -> {\xd1\x00\x00\x00<\xee\x11\x91} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428b000+f30;kernel32.CreateFileA | |
| Arg[0] = ptr 0x000000d1a448a3b0 -> "\\.\dump_06D6BC92" | |
| Arg[1] = 0x00000000c0000000 = 3221225472 | |
| Arg[2] = 0 | |
| > d1a4282000+790;kernel32.MultiByteToWideChar | |
| > d1a4282000+860;oleaut32.SysAllocStringLen | |
| > d1a428b000+fc0;kernel32.DeviceIoControl | |
| Arg[0] = 0x000000000000012c = 300 | |
| Arg[1] = 0x0000000000222e38 = 2240056 | |
| Arg[2] = ptr 0x000000d1911e09e8 -> L"Ms06D6BC92App|C:\Windows\System32\Ms06D6BC92App.dll|" | |
| Arg[3] = 0x0000000000000068 = 104 | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a4282000+880;oleaut32.SysFreeString | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a42a8b40 -> "%SystemDrive%\" | |
| Arg[1] = ptr 0x000000d19111ed5c -> {\x00\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428c000+1c0;kernel32.GetVolumeInformationA | |
| > d1a428b000+e00;advapi32.InitializeSecurityDescriptor | |
| > d1a428b000+ef0;advapi32.SetSecurityDescriptorDacl | |
| > d1a428b000+f50;kernel32.CreateMutexA | |
| Arg[0] = ptr 0x000000d19111eea8 -> {\x18\x00\x00\x00\xd1\x00\x00\x00} | |
| Arg[1] = 0 | |
| Arg[2] = ptr 0x000000d1a446c220 -> "Global\06D6BC92CSS" | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a4290000+968;kernel32.Wow64RevertWow64FsRedirection | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a44735f0 -> "%SystemRoot%\System32\drivers\dump_06D6BC92.sys" | |
| Arg[1] = ptr 0x000000d19111ee5c -> {\x00\x00\x00\x00\x00\x00\x00\x00} | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428b000+fe0;kernel32.ExpandEnvironmentStringsA | |
| Arg[0] = ptr 0x000000d1a447ad60 -> "%SystemRoot%\system32\Ms06D6BC92App.dll" | |
| Arg[1] = ptr 0x000000d19111ee5c -> "C:\Windows\System32\'" | |
| Arg[2] = 0x0000000000000104 = 260 | |
| > d1a428b000+f20;kernel32.CopyFileA | |
| > d1a4290000+968;kernel32.Wow64RevertWow64FsRedirection | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428b000+e20;advapi32.OpenProcessToken | |
| > d1a428b000+e10;advapi32.LookupPrivilegeValueA | |
| > d1a428b000+de0;advapi32.AdjustTokenPrivileges | |
| > d1a428c000+90;kernel32.GetLastError | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a428c000+310;kernel32.SetUnhandledExceptionFilter | |
| > d1a428c000+370;kernel32.VirtualQuery | |
| > d1a428c000+200;kernel32.LoadLibraryA | |
| Arg[0] = ptr 0x000000d1a42f0000 -> "C:\Users\tester\Desktop\winupdate64.dll" | |
| > d1a428c000+30;kernel32.GetCurrentProcess | |
| > d1a428c000+2f0;kernel32.SetPriorityClass | |
| > d1a428b000+f90;kernel32.CreateThread | |
| > d1a428c000+300;kernel32.SetThreadPriority | |
| > d1a428c000+2a0;kernel32.ResumeThread | |
| > d1a428b000+f00;kernel32.CloseHandle | |
| > d1a42b0000+428;winupdate64.[ + 59005]* | |
| 30dcd;ntdll.[RtlActivateActivationContextUnsafeFast+114]* | |
| cc2b6;CPUID:1 | |
| 39993;kernel32.GetCurrentThreadId | |
| 44400;kernel32.LocalAlloc | |
| 50e36;kernel32.TlsSetValue | |
| 39993;kernel32.GetCurrentThreadId | |
| 30dcd;ntdll.[RtlActivateActivationContextUnsafeFast+114]* | |
| cc2b6;CPUID:1 | |
| 39993;kernel32.GetCurrentThreadId | |
| 44400;kernel32.LocalAlloc | |
| 50e36;kernel32.TlsSetValue | |
| 39993;kernel32.GetCurrentThreadId | |
| 30dcd;ntdll.[RtlActivateActivationContextUnsafeFast+114]* | |
| > d1a4290000+919;kernel32.Wow64DisableWow64FsRedirection | |
| cc2b6;CPUID:1 | |
| 39993;kernel32.GetCurrentThreadId | |
| 66289;ntdll.RtlDeleteCriticalSection | |
| 6987c;ntdll.RtlDeleteCriticalSection | |
| 6987c;ntdll.RtlDeleteCriticalSection | |
| 58d68;kernel32.TlsGetValue | |
| 58d68;kernel32.TlsGetValue | |
| 56c3c;ntdll.RtlDeleteCriticalSection | |
| 56a06;kernel32.VirtualFree | |
| 35f53;kernel32.TlsGetValue | |
| 6a9a2;kernel32.LocalFree | |
| 50e36;kernel32.TlsSetValue | |
| 5c0f6;kernel32.TlsFree | |
| cdb3d;kernel32.LocalFree | |
| cc62d;ntdll.[RtlActivateActivationContextUnsafeFast+114]* |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sample: https://www.virustotal.com/gui/file/8c9bb3fbc765dc317f74d2240d5c72b0e194f1b9054d9e29e5f7e365c14c4681/detection
NuggetPhantom (from #PurpleFoxEK)
DllMainof the component (namedwinupdate64.log)