Advertisement
Guest User

Untitled

a guest
Jul 21st, 2017
70
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 69.12 KB | None | 0 0
  1. 0021:Ret KERNEL32.LocalFree() retval=00000000 ret=5f8078da
  2. 0021:Call KERNEL32.LocalAlloc(00000040,00000114) ret=5f805fef
  3. 0021:Ret KERNEL32.LocalAlloc() retval=024fcc18 ret=5f805fef
  4. 0021:Call KERNEL32.LocalAlloc(00000040,00000010) ret=5f805fef
  5. 0021:Ret KERNEL32.LocalAlloc() retval=001343e8 ret=5f805fef
  6. 0021:Call KERNEL32.LocalAlloc(00000000,00000018) ret=5f805fd0
  7. 0021:Ret KERNEL32.LocalAlloc() retval=024f6818 ret=5f805fd0
  8. 0021:Call ntdll.memset(024f6818,00000000,00000018) ret=5f805eff
  9. 0021:Ret ntdll.memset() retval=024f6818 ret=5f805eff
  10. 0021:Call KERNEL32.LocalAlloc(00000040,0000104c) ret=5f805fef
  11. 0021:Ret KERNEL32.LocalAlloc() retval=001a9c68 ret=5f805fef
  12. 0021:Call KERNEL32.LocalAlloc(00000040,00000010) ret=5f805fef
  13. 0021:Ret KERNEL32.LocalAlloc() retval=00131ec0 ret=5f805fef
  14. 0021:Call KERNEL32.LocalAlloc(00000000,00000020) ret=5f805fd0
  15. 0021:Ret KERNEL32.LocalAlloc() retval=001349c0 ret=5f805fd0
  16. 0021:Call ntdll.memset(001349c0,00000000,00000020) ret=5f805eff
  17. 0021:Ret ntdll.memset() retval=001349c0 ret=5f805eff
  18. 0021:Call KERNEL32.CloseHandle(fffffffe) ret=5f807b6b
  19. 0021:Ret KERNEL32.CloseHandle() retval=00000000 ret=5f807b6b
  20. 0021:Call gdi32.DeleteObject(00000bf0) ret=5f803f39
  21. 0021:Ret gdi32.DeleteObject() retval=00000001 ret=5f803f39
  22. 0021:Call gdi32.DeleteObject(00000bf4) ret=5f803f39
  23. 0021:Ret gdi32.DeleteObject() retval=00000001 ret=5f803f39
  24. 0021:Call gdi32.DeleteObject(00000bf8) ret=5f803f39
  25. 0021:Ret gdi32.DeleteObject() retval=00000001 ret=5f803f39
  26. 0021:Call gdi32.DeleteObject(00000bfc) ret=5f803f39
  27. 0021:Ret gdi32.DeleteObject() retval=00000001 ret=5f803f39
  28. 0021:Call gdi32.DeleteObject(00000c00) ret=5f803f39
  29. 0021:Ret gdi32.DeleteObject() retval=00000001 ret=5f803f39
  30. 0021:Call gdi32.DeleteObject(00000c04) ret=5f803f39
  31. 0021:Ret gdi32.DeleteObject() retval=00000001 ret=5f803f39
  32. 0021:Call gdi32.DeleteObject(00000c08) ret=5f803f39
  33. 0021:Ret gdi32.DeleteObject() retval=00000001 ret=5f803f39
  34. 0021:Call gdi32.DeleteObject(00000c0c) ret=5f803f39
  35. 0021:Ret gdi32.DeleteObject() retval=00000001 ret=5f803f39
  36. 0021:Call gdi32.DeleteObject(00000c10) ret=5f803f39
  37. 0021:Ret gdi32.DeleteObject() retval=00000001 ret=5f803f39
  38. 0021:Call KERNEL32.LocalFree(001a9c68) ret=5f8078da
  39. 0021:Ret KERNEL32.LocalFree() retval=00000000 ret=5f8078da
  40. 0021:Call KERNEL32.LocalFree(024fcc18) ret=5f8078da
  41. 0021:Ret KERNEL32.LocalFree() retval=00000000 ret=5f8078da
  42. 0021:Call msvcrt.free(001a9348) ret=5f806df8
  43. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,001a9348) ret=7e4146c6
  44. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  45. 0021:Ret msvcrt.free() retval=00000001 ret=5f806df8
  46. 0021:Call ntdll.RtlDeleteCriticalSection(5f8c8950) ret=5f81137c
  47. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=5f81137c
  48. 0021:Call ntdll.RtlDeleteCriticalSection(5f8c87f8) ret=5f81139a
  49. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=5f81139a
  50. 0021:Call ntdll.RtlDeleteCriticalSection(5f8c8810) ret=5f81139a
  51. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=5f81139a
  52. 0021:Call ntdll.RtlDeleteCriticalSection(5f8c88a0) ret=5f81139a
  53. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=5f81139a
  54. 0021:Call ntdll.RtlDeleteCriticalSection(5f8c8918) ret=5f81139a
  55. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=5f81139a
  56. 0021:Call ntdll.RtlDeleteCriticalSection(5f8c8930) ret=5f81139a
  57. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=5f81139a
  58. 0021:Call KERNEL32.GetModuleHandleA(5f8a3bd8 "MSVCRT40.DLL") ret=5f806b66
  59. 0021:Ret KERNEL32.GetModuleHandleA() retval=7dba0000 ret=5f806b66
  60. 0021:Call KERNEL32.FreeLibrary(7dba0000) ret=5f806b6d
  61. 0021:Ret KERNEL32.FreeLibrary() retval=00000001 ret=5f806b6d
  62. 0021:Call KERNEL32.TlsFree(00000009) ret=5f810bf9
  63. 0021:Ret KERNEL32.TlsFree() retval=00000001 ret=5f810bf9
  64. 0021:Call KERNEL32.GlobalHandle(001a8cf0) ret=5f810c07
  65. 0021:Ret KERNEL32.GlobalHandle() retval=001a8b6a ret=5f810c07
  66. 0021:Call KERNEL32.GlobalUnlock(001a8b6a) ret=5f810c10
  67. 0021:Ret KERNEL32.GlobalUnlock() retval=00000000 ret=5f810c10
  68. 0021:Call KERNEL32.GlobalFree(001a8b6a) ret=5f810c17
  69. 0021:Ret KERNEL32.GlobalFree() retval=00000000 ret=5f810c17
  70. 0021:Call ntdll.RtlDeleteCriticalSection(5f8c6b10) ret=5f810c21
  71. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=5f810c21
  72. 0021:Call KERNEL32.GlobalHandle(001a95d8) ret=5f810c07
  73. 0021:Ret KERNEL32.GlobalHandle() retval=001a9142 ret=5f810c07
  74. 0021:Call KERNEL32.GlobalUnlock(001a9142) ret=5f810c10
  75. 0021:Ret KERNEL32.GlobalUnlock() retval=00000000 ret=5f810c10
  76. 0021:Call KERNEL32.GlobalFree(001a9142) ret=5f810c17
  77. 0021:Ret KERNEL32.GlobalFree() retval=00000000 ret=5f810c17
  78. 0021:Call ntdll.RtlDeleteCriticalSection(5f8c6b48) ret=5f810c21
  79. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=5f810c21
  80. 0021:Ret PE DLL (proc=0x5f806c44,module=0x5f800000 L"MFC40.DLL",reason=PROCESS_DETACH,res=(nil)) retval=1
  81. 0021:Call PE DLL (proc=0x7dbb5470,module=0x7dba0000 L"msvcrt40.dll",reason=PROCESS_DETACH,res=(nil))
  82. 0021:Ret PE DLL (proc=0x7dbb5470,module=0x7dba0000 L"msvcrt40.dll",reason=PROCESS_DETACH,res=(nil)) retval=1
  83. 0021:Ret KERNEL32.FreeLibrary() retval=00000001 ret=7eaa22ed
  84. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,024fca18) ret=7eaa2310
  85. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaa2310
  86. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,024fc9f0) ret=7eaa2330
  87. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaa2330
  88. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,024fc728) ret=7eaa2866
  89. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaa2866
  90. 0021:Ret ole32.CoFreeUnusedLibraries() retval=00000000 ret=66019433
  91. 0021:Call ole32.OleUninitialize() ret=66019094
  92. 0021:Call KERNEL32.GetModuleHandleW(7eb4fd40 L"ole32") ret=7ea9df73
  93. 0021:Ret KERNEL32.GetModuleHandleW() retval=7ea90000 ret=7ea9df73
  94. 0021:Call KERNEL32.GlobalFree(00130b22) ret=7eabf22b
  95. 0021:Ret KERNEL32.GlobalFree() retval=00000000 ret=7eabf22b
  96. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00134150) ret=7eabf20b
  97. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eabf20b
  98. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ea9dfdf
  99. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea9dfdf
  100. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00134130) ret=7ea9dfff
  101. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea9dfff
  102. 0021:Call user32.DestroyWindow(00010076) ret=7eaa41cd
  103. 0021:Call window proc 0x7eaa3de0 (hwnd=0x10076,msg=WM_DESTROY,wp=00000000,lp=00000000)
  104. 0021:Call user32.DefWindowProcW(00010076,00000002,00000000,00000000) ret=7ed22e6a
  105. 0021:Ret user32.DefWindowProcW() retval=00000000 ret=7ed22e6a
  106. 0021:Ret window proc 0x7eaa3de0 (hwnd=0x10076,msg=WM_DESTROY,wp=00000000,lp=00000000) retval=00000000
  107. 0021:Call window proc 0x7eaa3de0 (hwnd=0x10076,msg=WM_NCDESTROY,wp=00000000,lp=00000000)
  108. 0021:Call user32.DefWindowProcW(00010076,00000082,00000000,00000000) ret=7ed22e6a
  109. 0021:Ret user32.DefWindowProcW() retval=00000000 ret=7ed22e6a
  110. 0021:Ret window proc 0x7eaa3de0 (hwnd=0x10076,msg=WM_NCDESTROY,wp=00000000,lp=00000000) retval=00000000
  111. 0021:Ret user32.DestroyWindow() retval=00000001 ret=7eaa41cd
  112. 0021:Call rpcrt4.RpcServerUnregisterIf(0013f6f4,00000000,00000001) ret=7eada6fe
  113. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0013f740) ret=7ea4a3a9
  114. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea4a3a9
  115. 0021:Ret rpcrt4.RpcServerUnregisterIf() retval=00000000 ret=7eada6fe
  116. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0013f6e8) ret=7eada730
  117. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eada730
  118. 0021:Call rpcrt4.NdrCStdStubBuffer_Release(0013f5d0,7eb72e10) ret=7eb4d377
  119. 0021:Call rpcrt4.CStdStubBuffer_Disconnect(0013f5d0) ret=7ea1d37f
  120. 0021:Ret rpcrt4.CStdStubBuffer_Disconnect() retval=00000002 ret=7ea1d37f
  121. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0013f5d0) ret=7ea1d3ad
  122. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea1d3ad
  123. 0021:Ret rpcrt4.NdrCStdStubBuffer_Release() retval=00000000 ret=7eb4d377
  124. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0013f6d0) ret=7ead6209
  125. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ead6209
  126. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0013f690) ret=7eaf192d
  127. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaf192d
  128. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7eabf9a8
  129. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eabf9a8
  130. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0013f3d8) ret=7eaf0bcd
  131. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaf0bcd
  132. 0021:Call ntdll.RtlDeleteCriticalSection(0013f600) ret=7eaf1aa1
  133. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7eaf1aa1
  134. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0013f5f0) ret=7eaf1ac1
  135. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaf1ac1
  136. 0021:Call oleaut32.DllCanUnloadNow() ret=7eaa2880
  137. 0021:Ret oleaut32.DllCanUnloadNow() retval=00000001 ret=7eaa2880
  138. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0013f478) ret=7eaa42ca
  139. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaa42ca
  140. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00169cc0) ret=7eaa42ca
  141. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaa42ca
  142. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,001aeaa0) ret=7eaa42ca
  143. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaa42ca
  144. 0021:Call ntdll.RtlDeleteCriticalSection(00133c1c) ret=7eaa42ea
  145. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7eaa42ea
  146. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00133bf8) ret=7eaa430a
  147. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaa430a
  148. 0021:Call ntdll.RtlDeleteCriticalSection(00133bb0) ret=7eacbedc
  149. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7eacbedc
  150. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00133ba0) ret=7eacbf04
  151. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eacbf04
  152. 0021:Call rpcrt4.RpcBindingFree(0033fcb0) ret=7eacbf33
  153. 0021:Call KERNEL32.FlushFileBuffers(0000005c) ret=7ea504d9
  154. 0021:Ret KERNEL32.FlushFileBuffers() retval=00000001 ret=7ea504d9
  155. 0021:Call KERNEL32.CloseHandle(0000005c) ret=7ea504e7
  156. 0021:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ea504e7
  157. 0021:Call KERNEL32.CloseHandle(000000a0) ret=7ea50503
  158. 002b:Ret KERNEL32.ReadFile() retval=00000000 ret=7ed6f5dd
  159. 002b:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed629c6
  160. 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed629c6
  161. 002b:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed64697
  162. 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed64697
  163. 002b:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed72c46
  164. 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed72c46
  165. 002b:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed629c6
  166. 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed629c6
  167. 002b:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed64d85
  168. 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed64d85
  169. 002b:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed64a43
  170. 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed64a43
  171. 002b:Call ntdll.RtlFreeHeap(00110000,00000000,00117938) ret=7ed67b34
  172. 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed67b34
  173. 002b:Call KERNEL32.FlushFileBuffers(00000034) ret=7ed6f4d9
  174. 002b:Ret KERNEL32.FlushFileBuffers() retval=00000001 ret=7ed6f4d9
  175. 002b:Call KERNEL32.CloseHandle(00000034) ret=7ed6f4e7
  176. 0021:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ea50503
  177. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,001446b0) ret=7ea3c576
  178. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea3c576
  179. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00144698) ret=7e002b:Ca0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea3c576
  180. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ea517d1
  181. 002b:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed6f5002002b:Call ntdll.RtlFreeHeap(00110000,00000000,001176c8) ret=7ed5b5002002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5b5002002b:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed5b5002002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5b5002002b:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed707002002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed7070021:Call ntdll.RtlFreeHeap(00110000,00000000,001445d0) ret=7ea3a790
  182. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea3a790
  183. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,001445b8) ret=7ea3a7b3
  184. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea3a7b3
  185. 0021:Call ntdll.RtlDeleteCriticalSection(00144560) ret=7ea3002b:0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7002b:Ret0021:Call ntdll.RtlFreeHeap(00110000,00000000,00144002b:Call ntdll.Rt0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7002b:Ret0021:Call ntdll.RtlFreeHeap(00110000,00000000,00144002b:Call ntdll.Rt0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea3c576
  186. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00144500) ret=7ea3c576
  187. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea3c576
  188. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,001444e8) ret002b:Call 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea3c576
  189. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret002b:Call 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea3ed2d
  190. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00144498) ret002b:Call 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea3ed6b
  191. 0021:Ret rpcrt4.RpcBindingFree() retval=00000000 ret=7eacb002b0021:Ret ole32.OleUninitialize() retval=00000000 ret=66019094
  192. 0021:Call KERNEL32.HeapDestroy(01ac8000) ret=660190bd
  193. 002b:Call ntdll.RtlFreeHeap(00110000,00000000,00117830) ret=7ed5dd6b
  194. 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5dd6b
  195. 002b:Call ntdll.RtlFreeHeap(00110000,00000000,00117630) ret=7ed7081e
  196. 0021:Ret KERNEL32.HeapDestroy() retval=00000001 ret=660190bd
  197. 0021:Call KERNEL32.FreeLibrary(7eb80000) ret=6603793a
  198. 0021:Ret KERNEL32.FreeLibrary() retval=00000001 ret=6603793a
  199. 0021:Call KERNEL32.FreeLibrary(7e930000) ret=660194c3
  200. 0021:Ret KERNEL32.FreeLibrary() retval=00000001 ret=660194c3
  201. 0021:Call KERNEL32.ReleaseSemaphore(00000040,00000001,00000000) ret=6002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed714db
  202. 002b:Ret PE DLL (proc=0x7ed75050,module=0x7ed30000 L"rpcrt4.dll",reason=THREAD_DETACH,res=(nil)) retval=1
  203. 0021:Ret KERNEL32.ReleaseSemaphore() retval=00000001 ret=660194fa
  204. 0021:Call KERNEL32.GetCurrentThreadId() ret=660195d1
  205. 0021:Ret KERNEL32.GetCurrentThreadId() retval=00000021 ret=660195d1
  206. 0021:Call ntdll.RtlFreeHeap(00cf0000,00000000,00cf0240) ret=660195f3
  207. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=660195f3
  208. 0021:Call ntdll.RtlFreeHeap(00cf0000,00000000,00cf0138) ret=66019626
  209. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=66019626
  210. 0021:Call KERNEL32.ExitProcess(00000000) ret=6600de50
  211. 0021:Call PE DLL (proc=0x7ca92ba0,module=0x7ca80000 L"wsock32.dll",reason=PROCESS_DETACH,res=0x1)
  212. 0021:Ret PE DLL (proc=0x7ca92ba0,module=0x7ca80000 L"wsock32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  213. 0021:Call PE DLL (proc=0x7ca496c0,module=0x7ca30000 L"iphlpapi.dll",reason=PROCESS_DETACH,res=0x1)
  214. 0021:Ret PE DLL (proc=0x7ca496c0,module=0x7ca30000 L"iphlpapi.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  215. 0021:Call PE DLL (proc=0x7ca77ad0,module=0x7ca60000 L"ws2_32.dll",reason=PROCESS_DETACH,res=0x1)
  216. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ca6574d
  217. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ca6574d
  218. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,024fe6b8) ret=7ca65770
  219. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ca65770
  220. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ca65793
  221. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ca65793
  222. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,024fe8e0) ret=7ca657c8
  223. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ca657c8
  224. 0021:Ret PE DLL (proc=0x7ca77ad0,module=0x7ca60000 L"ws2_32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  225. 0021:Call PE DLL (proc=0x7db85b10,module=0x7db30000 L"windowscodecs.dll",reason=PROCESS_DETACH,res=0x1)
  226. 0021:Ret PE DLL (proc=0x7db85b10,module=0x7db30000 L"windowscodecs.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  227. 0021:Call PE DLL (proc=0x7e053360,module=0x7dfb0000 L"comctl32.dll",reason=PROCESS_DETACH,res=0x1)
  228. 0021:Call user32.UnregisterClassW(0033fb02 L"SysAnimate32",00000000) ret=7dfbf677
  229. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7dfbf677
  230. 0021:Call user32.UnregisterClassW(0033fb02 L"ComboBoxEx32",00000000) ret=7dfc5497
  231. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7dfc5497
  232. 0021:Call user32.UnregisterClassW(0033faf8 L"SysDateTimePick32",00000000) ret=7dfcde25
  233. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7dfcde25
  234. 0021:Call user32.UnregisterClassW(0033fafe L"flatsb_class32",00000000) ret=7dfd10b3
  235. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7dfd10b3
  236. 0021:Call user32.UnregisterClassW(0033fb04 L"SysHeader32",00000000) ret=7dfd5b81
  237. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7dfd5b81
  238. 0021:Call user32.UnregisterClassW(0033fafc L"msctls_hotkey32",00000000) ret=7dfd6ee9
  239. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7dfd6ee9
  240. 0021:Call user32.UnregisterClassW(0033fafe L"SysIPAddress32",00000000) ret=7dfe0b83
  241. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7dfe0b83
  242. 0021:Call user32.UnregisterClassW(0033fb00 L"SysListView32",00000000) ret=7dffbe8d
  243. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7dffbe8d
  244. 0021:Call user32.UnregisterClassW(0033fb00 L"SysMonthCal32",00000000) ret=7e0035bd
  245. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7e0035bd
  246. 0021:Call user32.UnregisterClassW(0033fb00 L"NativeFontCtl",00000000) ret=7e00393d
  247. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7e00393d
  248. 0021:Call user32.UnregisterClassW(0033fb0a L"SysPager",00000000) ret=7e0067df
  249. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7e0067df
  250. 0021:Call user32.UnregisterClassW(0033faf8 L"msctls_progress32",00000000) ret=7e007fa5
  251. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7e007fa5
  252. 0021:Call user32.UnregisterClassW(0033fb00 L"ReBarWindow32",00000000) ret=7e0190dd
  253. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7e0190dd
  254. 0021:Call user32.UnregisterClassW(0033faf6 L"msctls_statusbar32",00000000) ret=7e01c68b
  255. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7e01c68b
  256. 0021:Call user32.UnregisterClassW(0033fb0c L"SysLink",00000000) ret=7e020ef9
  257. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7e020ef9
  258. 0021:Call user32.UnregisterClassW(0033fafc L"SysTabControl32",00000000) ret=7e027ee9
  259. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7e027ee9
  260. 0021:Call user32.UnregisterClassW(0033fafc L"ToolbarWindow32",00000000) ret=7e03ab49
  261. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7e03ab49
  262. 0021:Call user32.DestroyIcon(000100ba) ret=7e03fab0
  263. 0021:Ret user32.DestroyIcon() retval=00000001 ret=7e03fab0
  264. 0021:Call user32.DestroyIcon(000100bc) ret=7e03fac1
  265. 0021:Ret user32.DestroyIcon() retval=00000001 ret=7e03fac1
  266. 0021:Call user32.DestroyIcon(000100be) ret=7e03fad2
  267. 0021:Ret user32.DestroyIcon() retval=00000001 ret=7e03fad2
  268. 0021:Call user32.UnregisterClassW(0033fafa L"tooltips_class32",00000000) ret=7e03fb4e
  269. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7e03fb4e
  270. 0021:Call user32.UnregisterClassW(0033faf8 L"msctls_trackbar32",00000000) ret=7e043aa5
  271. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7e043aa5
  272. 0021:Call user32.UnregisterClassW(0033fb00 L"SysTreeView32",00000000) ret=7e050ccd
  273. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7e050ccd
  274. 0021:Call user32.UnregisterClassW(0033fafc L"msctls_updown32",00000000) ret=7e053219
  275. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7e053219
  276. 0021:Call gdi32.DeleteObject(000005b0) ret=7dfc99c5
  277. 0021:Ret gdi32.DeleteObject() retval=00000001 ret=7dfc99c5
  278. 0021:Call gdi32.DeleteObject(000005a8) ret=7dfc99dc
  279. 0021:Ret gdi32.DeleteObject() retval=00000001 ret=7dfc99dc
  280. 0021:Call KERNEL32.GlobalDeleteAtom(0000c016) ret=7dfc99f8
  281. 0021:Ret KERNEL32.GlobalDeleteAtom() retval=00000000 ret=7dfc99f8
  282. 0021:Call KERNEL32.FreeLibrary(7df40000) ret=7e053341
  283. 0021:Ret KERNEL32.FreeLibrary() retval=00000001 ret=7e053341
  284. 0021:Ret PE DLL (proc=0x7e053360,module=0x7dfb0000 L"comctl32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  285. 0021:Call PE DLL (proc=0x7df5aa90,module=0x7df40000 L"uxtheme.dll",reason=PROCESS_DETACH,res=0x1)
  286. 0021:Ret PE DLL (proc=0x7df5aa90,module=0x7df40000 L"uxtheme.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  287. 0021:Call PE DLL (proc=0x7e0e3840,module=0x7e0b0000 L"shlwapi.dll",reason=PROCESS_DETACH,res=0x1)
  288. 0021:Call KERNEL32.TlsFree(00000006) ret=7e0d5ea2
  289. 0021:Ret KERNEL32.TlsFree() retval=00000001 ret=7e0d5ea2
  290. 0021:Ret PE DLL (proc=0x7e0e3840,module=0x7e0b0000 L"shlwapi.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  291. 0021:Call PE DLL (proc=0x7e440c70,module=0x7e3f0000 L"msvcrt.dll",reason=PROCESS_DETACH,res=0x1)
  292. 0021:Call ntdll.RtlDeleteCriticalSection(7e467f00) ret=7e418140
  293. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7e418140
  294. 0021:Call ntdll.RtlDeleteCriticalSection(7e467f38) ret=7e418140
  295. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7e418140
  296. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4146c6
  297. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  298. 0021:Call KERNEL32.CloseHandle(0000013b) ret=7e40d666
  299. 0021:Ret KERNEL32.CloseHandle() retval=00000001 ret=7e40d666
  300. 0021:Call KERNEL32.GetStdHandle(fffffff6) ret=7e40d6ce
  301. 0021:Ret KERNEL32.GetStdHandle() retval=0000000f ret=7e40d6ce
  302. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4146c6
  303. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  304. 0021:Call KERNEL32.CloseHandle(0000013c) ret=7e40d666
  305. 0021:Ret KERNEL32.CloseHandle() retval=00000001 ret=7e40d666
  306. 0021:Call KERNEL32.GetStdHandle(fffffff5) ret=7e40d83c
  307. 0021:Ret KERNEL32.GetStdHandle() retval=00000010 ret=7e40d83c
  308. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4146c6
  309. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  310. 0021:Call KERNEL32.CloseHandle(00000140) ret=7e40d666
  311. 0021:Ret KERNEL32.CloseHandle() retval=00000001 ret=7e40d666
  312. 0021:Call KERNEL32.GetStdHandle(fffffff4) ret=7e40d7f4
  313. 0021:Ret KERNEL32.GetStdHandle() retval=00000014 ret=7e40d7f4
  314. 0021:Call ntdll.RtlDeleteCriticalSection(7e465a80) ret=7e4114bb
  315. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7e4114bb
  316. 0021:Call KERNEL32.CloseHandle(00000147) ret=7e3fffd3
  317. 0021:Ret KERNEL32.CloseHandle() retval=00000001 ret=7e3fffd3
  318. 0021:Call KERNEL32.CloseHandle(ffffffff) ret=7e3fffe4
  319. 0021:Ret KERNEL32.CloseHandle() retval=00000000 ret=7e3fffe4
  320. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,001538f8) ret=7e4048d7
  321. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4048d7
  322. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00154710) ret=7e4048ff
  323. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4048ff
  324. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00152ae0) ret=7e404927
  325. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e404927
  326. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e40494f
  327. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e40494f
  328. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151dd0) ret=7e404977
  329. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e404977
  330. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151ee0) ret=7e40499f
  331. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e40499f
  332. 0021:Call KERNEL32.SetConsoleCtrlHandler(7e409f70,00000000) ret=7e40b048
  333. 0021:Ret KERNEL32.SetConsoleCtrlHandler() retval=00000001 ret=7e40b048
  334. 0021:Call KERNEL32.SetUnhandledExceptionFilter(00000000) ret=7e40b057
  335. 0021:Ret KERNEL32.SetUnhandledExceptionFilter() retval=7e409fd0 ret=7e40b057
  336. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e418447
  337. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e418447
  338. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e41846a
  339. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e41846a
  340. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e41848d
  341. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e41848d
  342. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4184b0
  343. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4184b0
  344. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4184d3
  345. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4184d3
  346. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,001515c8) ret=7e4184fe
  347. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4184fe
  348. 0021:Call KERNEL32.TlsFree(00000005) ret=7e41850b
  349. 0021:Ret KERNEL32.TlsFree() retval=00000001 ret=7e41850b
  350. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151b50) ret=7e4146c6
  351. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  352. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4146c6
  353. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  354. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151b68) ret=7e4146c6
  355. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  356. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4146c6
  357. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  358. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151c28) ret=7e4146c6
  359. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  360. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4146c6
  361. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  362. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151c88) ret=7e4146c6
  363. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  364. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4146c6
  365. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  366. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151ca0) ret=7e4146c6
  367. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  368. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4146c6
  369. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  370. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151c40) ret=7e4146c6
  371. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  372. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151c58) ret=7e4146c6
  373. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  374. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151c70) ret=7e4146c6
  375. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  376. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151b80) ret=7e4146c6
  377. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  378. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151b98) ret=7e4146c6
  379. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  380. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151bb0) ret=7e4146c6
  381. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  382. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151bc8) ret=7e4146c6
  383. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  384. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151be0) ret=7e4146c6
  385. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  386. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151bf8) ret=7e4146c6
  387. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  388. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151c10) ret=7e4146c6
  389. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  390. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4146c6
  391. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  392. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4146c6
  393. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  394. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4146c6
  395. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  396. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0014ec10) ret=7e4146c6
  397. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  398. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4146c6
  399. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  400. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7e4146c6
  401. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  402. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151940) ret=7e4146c6
  403. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  404. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151a48) ret=7e4146c6
  405. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  406. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151638) ret=7e4146c6
  407. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  408. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00151718) ret=7e4146c6
  409. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  410. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0014e9a8) ret=7e4146c6
  411. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e4146c6
  412. 0021:Ret PE DLL (proc=0x7e440c70,module=0x7e3f0000 L"msvcrt.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  413. 0021:Call PE DLL (proc=0x66001ad8,module=0x66000000 L"MSVBVM60.DLL",reason=PROCESS_DETACH,res=0x1)
  414. 0021:Call KERNEL32.GetCurrentThreadId() ret=66003528
  415. 0021:Ret KERNEL32.GetCurrentThreadId() retval=00000021 ret=66003528
  416. 0021:Call KERNEL32.GetCurrentThreadId() ret=66003528
  417. 0021:Ret KERNEL32.GetCurrentThreadId() retval=00000021 ret=66003528
  418. 0021:Call KERNEL32.TlsFree(00000003) ret=660036d1
  419. 0021:Ret KERNEL32.TlsFree() retval=00000001 ret=660036d1
  420. 0021:Call KERNEL32.HeapDestroy(00cf0000) ret=66003709
  421. 0021:Ret KERNEL32.HeapDestroy() retval=00000001 ret=66003709
  422. 0021:Call ntdll.RtlDeleteCriticalSection(6610ec34) ret=66019641
  423. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66019641
  424. 0021:Call ntdll.RtlDeleteCriticalSection(6610e664) ret=6600388d
  425. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=6600388d
  426. 0021:Call ntdll.RtlDeleteCriticalSection(6610e644) ret=660038aa
  427. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=660038aa
  428. 0021:Call ntdll.RtlDeleteCriticalSection(6610e59c) ret=660038c7
  429. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=660038c7
  430. 0021:Call KERNEL32.CloseHandle(00000038) ret=66003952
  431. 0021:Ret KERNEL32.CloseHandle() retval=00000001 ret=66003952
  432. 0021:Call ntdll.RtlDeleteCriticalSection(6610e564) ret=6600396a
  433. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=6600396a
  434. 0021:Call ntdll.RtlDeleteCriticalSection(6610e544) ret=66003977
  435. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003977
  436. 0021:Call ntdll.RtlDeleteCriticalSection(6610e524) ret=66003984
  437. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003984
  438. 0021:Call ntdll.RtlDeleteCriticalSection(6610e4fc) ret=660038fe
  439. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=660038fe
  440. 0021:Call ntdll.RtlDeleteCriticalSection(6610e4dc) ret=6600390d
  441. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=6600390d
  442. 0021:Call ntdll.RtlDeleteCriticalSection(6610e4bc) ret=6600391a
  443. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=6600391a
  444. 0021:Call ntdll.RtlDeleteCriticalSection(6610e49c) ret=66003927
  445. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003927
  446. 0021:Call KERNEL32.InitializeCriticalSection(008f0ec0) ret=66001f4a
  447. 0021:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=66001f4a
  448. 0021:Call KERNEL32.InitializeCriticalSection(008f0ee0) ret=66001f4a
  449. 0021:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=66001f4a
  450. 0021:Call KERNEL32.InitializeCriticalSection(008f0f00) ret=66001f4a
  451. 0021:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=66001f4a
  452. 0021:Call KERNEL32.InitializeCriticalSection(008f0f20) ret=66001f4a
  453. 0021:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=66001f4a
  454. 0021:Call ntdll.RtlDeleteCriticalSection(007d8ec8) ret=66003c1a
  455. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003c1a
  456. 0021:Call ntdll.RtlFreeHeap(007d8000,00000000,007d8e50) ret=6600275a
  457. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=6600275a
  458. 0021:Call ntdll.RtlDeleteCriticalSection(008f0ec0) ret=66003ca4
  459. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003ca4
  460. 0021:Call ntdll.RtlDeleteCriticalSection(008f0d80) ret=66003ca4
  461. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003ca4
  462. 0021:Call ntdll.RtlDeleteCriticalSection(008f0d60) ret=66003ca4
  463. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003ca4
  464. 0021:Call ntdll.RtlDeleteCriticalSection(008f0da0) ret=66003ca4
  465. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003ca4
  466. 0021:Call ntdll.RtlDeleteCriticalSection(008f0180) ret=66003ca4
  467. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003ca4
  468. 0021:Call ntdll.RtlDeleteCriticalSection(008f0ee0) ret=66003ca4
  469. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003ca4
  470. 0021:Call ntdll.RtlDeleteCriticalSection(008f0f00) ret=66003ca4
  471. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003ca4
  472. 0021:Call ntdll.RtlDeleteCriticalSection(008f0f20) ret=66003ca4
  473. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003ca4
  474. 0021:Call ntdll.RtlDeleteCriticalSection(6610c148) ret=66003c64
  475. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003c64
  476. 0021:Call ntdll.RtlDeleteCriticalSection(6610c160) ret=66003c6d
  477. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003c6d
  478. 0021:Call ntdll.RtlDeleteCriticalSection(6610c130) ret=66003c75
  479. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003c75
  480. 0021:Call ntdll.RtlDeleteCriticalSection(6610c118) ret=66003c7e
  481. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=66003c7e
  482. 0021:Call KERNEL32.TlsFree(00000002) ret=66003c32
  483. 0021:Ret KERNEL32.TlsFree() retval=00000001 ret=66003c32
  484. 0021:Call KERNEL32.VirtualFree(008f0000,00000000,00008000) ret=66003d0c
  485. 0021:Ret KERNEL32.VirtualFree() retval=00000001 ret=66003d0c
  486. 0021:Call KERNEL32.HeapDestroy(007d8000) ret=66003d22
  487. 0021:Ret KERNEL32.HeapDestroy() retval=00000001 ret=66003d22
  488. 0021:Ret PE DLL (proc=0x66001ad8,module=0x66000000 L"MSVBVM60.DLL",reason=PROCESS_DETACH,res=0x1) retval=1
  489. 0021:Call PE DLL (proc=0x7e9d62c0,module=0x7e930000 L"oleaut32.dll",reason=PROCESS_DETACH,res=0x1)
  490. 0021:Call KERNEL32.FreeLibrary(7db30000) ret=7e9d62a1
  491. 0021:Ret KERNEL32.FreeLibrary() retval=00000001 ret=7e9d62a1
  492. 0021:Ret PE DLL (proc=0x7e9d62c0,module=0x7e930000 L"oleaut32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  493. 0021:Call PE DLL (proc=0x7eb4d440,module=0x7ea90000 L"ole32.dll",reason=PROCESS_DETACH,res=0x1)
  494. 0021:Call user32.UnregisterClassW(7eb51600 L"OleMainThreadWndClass 0x######## ",7ea90000) ret=7eaaaa0e
  495. 0021:Ret user32.UnregisterClassW() retval=00000001 ret=7eaaaa0e
  496. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0013f588) ret=7eaaaa7a
  497. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaaaa7a
  498. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0013f560) ret=7eaaaa9a
  499. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaaaa9a
  500. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0019dc08) ret=7eaaaa7a
  501. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaaaa7a
  502. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0016a3f8) ret=7eaaaa9a
  503. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaaaa9a
  504. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,001aeac0) ret=7eaaaa7a
  505. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaaaa7a
  506. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,001aec40) ret=7eaaaa9a
  507. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7eaaaa9a
  508. 0021:Ret PE DLL (proc=0x7eb4d440,module=0x7ea90000 L"ole32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  509. 0021:Call PE DLL (proc=0x7ea56050,module=0x7ea10000 L"rpcrt4.dll",reason=PROCESS_DETACH,res=0x1)
  510. 0021:Call KERNEL32.WaitForSingleObject(00000054,ffffffff) ret=7ea46dcc
  511. 0021:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7ea46dcc
  512. 0021:Call KERNEL32.SetEvent(00000048) ret=7ea4c314
  513. 0022:Ret KERNEL32.WaitForMultipleObjectsEx() retval=00000000 ret=7ea5138f
  514. 0022:Call ntdll.RtlFreeHeap(00110000,00000000,0013f7a8) ret=7ea4bc46
  515. 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea4bc46
  516. 0022:Call KERNEL32.FlushFileBuffers(0000004c) ret=7ea504d9
  517. 0021:Ret KERNEL32.SetEvent() retval=00000001 ret=7ea4c314
  518. 0021:Call KERNEL32.WaitForSingleObject(00000058,ffffffff) ret=7ea46dea
  519. 0022:Ret KERNEL32.FlushFileBuffers() retval=00000001 ret=7ea504d9
  520. 0022:Call KERNEL32.CloseHandle(0000004c) ret=7ea504e7
  521. 0022:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ea504e7
  522. 0022:Call KERNEL32.CloseHandle(00000050) ret=7ea50503
  523. 0022:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ea50503
  524. 0022:Call KERNEL32.SetEvent(00000058) ret=7ea46f63
  525. 0022:Ret KERNEL32.SetEvent() retval=00000001 ret=7ea46f63
  526. 0021:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7ea46dea
  527. 0021:Call KERNEL32.ReleaseMutex(00000054) ret=7ea46df8
  528. 0021:Ret KERNEL32.ReleaseMutex() retval=00000001 ret=7ea46df8
  529. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0013f438) ret=7ea3c576
  530. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea3c576
  531. 0021:Call ntdll.RtlDeleteCriticalSection(0013f408) ret=7ea49706
  532. 0021:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7ea49706
  533. 0021:Call KERNEL32.CloseHandle(00000054) ret=7ea49714
  534. 0021:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ea49714
  535. 0021:Call KERNEL32.CloseHandle(00000058) ret=7ea49722
  536. 0021:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ea49722
  537. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,0013f3f0) ret=7ea49753
  538. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ea49753
  539. 0021:Ret PE DLL (proc=0x7ea56050,module=0x7ea10000 L"rpcrt4.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  540. 0021:Call PE DLL (proc=0x7ed28910,module=0x7ec90000 L"user32.dll",reason=PROCESS_DETACH,res=0x1)
  541. 0021:Ret PE DLL (proc=0x7ed28910,module=0x7ec90000 L"user32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  542. 0021:Call PE DLL (proc=0x7e79ba10,module=0x7e730000 L"winex11.drv",reason=PROCESS_DETACH,res=0x1)
  543. 0021:Ret PE DLL (proc=0x7e79ba10,module=0x7e730000 L"winex11.drv",reason=PROCESS_DETACH,res=0x1) retval=1
  544. 0021:Call PE DLL (proc=0x7e58fef0,module=0x7e580000 L"imm32.dll",reason=PROCESS_DETACH,res=0x1)
  545. 0021:Call winex11.drv.ImeSelect(001356d0,00000000) ret=7e58dfe8
  546. 0021:Ret winex11.drv.ImeSelect() retval=00000001 ret=7e58dfe8
  547. 0021:Call user32.GetKeyboardLayout(00000000) ret=7e58dff7
  548. 0021:Ret user32.GetKeyboardLayout() retval=00000000 ret=7e58dff7
  549. 0021:Call user32.SendMessageW(00000000,00000285,00000000,00000000) ret=7e58e019
  550. 0021:Ret user32.SendMessageW() retval=00000000 ret=7e58e019
  551. 0021:Call user32.DestroyWindow(00000000) ret=7e58e038
  552. 0021:Ret user32.DestroyWindow() retval=00000000 ret=7e58e038
  553. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00135ac0) ret=7e58df96
  554. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e58df96
  555. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00135d60) ret=7e58df96
  556. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e58df96
  557. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00135e00) ret=7e58df96
  558. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e58df96
  559. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00135e30) ret=7e58df96
  560. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e58df96
  561. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00135b38) ret=7e58df96
  562. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e58df96
  563. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,001356d0) ret=7e58e0ad
  564. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e58e0ad
  565. 0021:Call user32.DestroyWindow(00000000) ret=7e58e17c
  566. 0021:Ret user32.DestroyWindow() retval=00000000 ret=7e58e17c
  567. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00135358) ret=7e58e19c
  568. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e58e19c
  569. 0021:Call winex11.drv.ImeDestroy(00000001) ret=7e58e26c
  570. 0021:Ret winex11.drv.ImeDestroy() retval=00000001 ret=7e58e26c
  571. 0021:Call KERNEL32.FreeLibrary(7e730000) ret=7e58e27a
  572. 0021:Ret KERNEL32.FreeLibrary() retval=00000001 ret=7e58e27a
  573. 0021:Call ntdll.RtlFreeHeap(00110000,00000000,00135370) ret=7e58e29a
  574. 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e58e29a
  575. 0021:Call KERNEL32.TlsFree(00000000) ret=7e58e2b5
  576. 0021:Ret KERNEL32.TlsFree() retval=00000001 ret=7e58e2b5
  577. 0021:Ret PE DLL (proc=0x7e58fef0,module=0x7e580000 L"imm32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  578. 0021:Call PE DLL (proc=0x7eb88ee0,module=0x7eb80000 L"version.dll",reason=PROCESS_DETACH,res=0x1)
  579. 0021:Ret PE DLL (proc=0x7eb88ee0,module=0x7eb80000 L"version.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  580. 0021:Call PE DLL (proc=0x7ec50560,module=0x7ebf0000 L"gdi32.dll",reason=PROCESS_DETACH,res=0x1)
  581. 0021:Ret PE DLL (proc=0x7ec50560,module=0x7ebf0000 L"gdi32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  582. 0021:Call PE DLL (proc=0x7ebd6300,module=0x7eba0000 L"advapi32.dll",reason=PROCESS_DETACH,res=0x1)
  583. 0021:Ret PE DLL (proc=0x7ebd6300,module=0x7eba0000 L"advapi32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  584. 0021:Call PE DLL (proc=0x7b8790f0,module=0x7b810000 L"KERNEL32.dll",reason=PROCESS_DETACH,res=0x1)
  585. 0021:Ret PE DLL (proc=0x7b8790f0,module=0x7b810000 L"KERNEL32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  586. 0021:Call PE DLL (proc=0x7bc88ea0,module=0x7bc10000 L"ntdll.dll",reason=PROCESS_DETACH,res=0x1)
  587. 0021:Ret PE DLL (proc=0x7bc88ea0,module=0x7bc10000 L"ntdll.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  588. 001f:Ret user32.GetMessageW() retval=00000001 ret=7ed95eb3
  589. 001f:Call user32.DispatchMessageW(0033f6b8) ret=7ed95e90
  590. 001f:Call window proc 0x7ed958d0 (hwnd=0x20030,msg=WM_CLOSE,wp=00000000,lp=00000000)
  591. 001f:Call user32.PostQuitMessage(00000000) ret=7ed9599c
  592. 001f:Ret user32.PostQuitMessage() retval=00000000 ret=7ed9599c
  593. 001f:Ret window proc 0x7ed958d0 (hwnd=0x20030,msg=WM_CLOSE,wp=00000000,lp=00000000) retval=00000000
  594. 001f:Ret user32.DispatchMessageW() retval=00000000 ret=7ed95e90
  595. 001f:Call user32.GetMessageW(0033f6b8,00000000,00000000,00000000) ret=7ed95eb3
  596. 001f:Ret user32.GetMessageW() retval=00000000 ret=7ed95eb3
  597. 001f:Call KERNEL32.ExitProcess(00000000) ret=7ed95ed3
  598. 001f:Call PE DLL (proc=0x7e5714f0,module=0x7e4f0000 L"shell32.dll",reason=PROCESS_DETACH,res=0x1)
  599. 001f:Call comctl32.DPA_DestroyCallback(0013a488,7e51c3e0,00000000) ret=7e51d62c
  600. 001f:Call ntdll.RtlFreeHeap(00110000,00000000,0013c9c8) ret=7e51c419
  601. 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e51c419
  602. 001f:Call KERNEL32.GetProcAddress(7e270000,7e596fc2 "CoTaskMemFree") ret=7e571411
  603. 001f:Ret KERNEL32.GetProcAddress() retval=7e279e70 ret=7e571411
  604. 001f:Call ole32.CoTaskMemFree(0013d4c0) ret=7e5351d9
  605. 001f:Call ntdll.RtlFreeHeap(00110000,00000000,0013d4c0) ret=7e2a59a8
  606. 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e2a59a8
  607. 001f:Ret ole32.CoTaskMemFree() retval=00000000 ret=7e5351d9
  608. 001f:Call ntdll.RtlFreeHeap(00110000,00000000,0013ca30) ret=7e51c419
  609. 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e51c419
  610. 001f:Call ole32.CoTaskMemFree(0013ca10) ret=7e5351d9
  611. 001f:Call ntdll.RtlFreeHeap(00110000,00000000,0013ca10) ret=7e2a59a8
  612. 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e2a59a8
  613. 001f:Ret ole32.CoTaskMemFree() retval=00000000 ret=7e5351d9
  614. 001f:Call ntdll.RtlFreeHeap(00110000,00000000,0013b098) ret=7e3b524a
  615. 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e3b524a
  616. 001f:Call ntdll.RtlFreeHeap(00110000,00000000,0013a488) ret=7e3b5268
  617. 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e3b5268
  618. 001f:Ret comctl32.DPA_DestroyCallback() retval=00000001 ret=7e51d62c
  619. 001f:Call comctl32.ImageList_Destroy(0013b510) ret=7e51d649
  620. 001f:Call gdi32.DeleteObject(00000510) ret=7e3be17d
  621. 001f:Ret gdi32.DeleteObject() retval=00000001 ret=7e3be17d
  622. 001f:Call gdi32.DeleteObject(00000514) ret=7e3be18f
  623. 001f:Ret gdi32.DeleteObject() retval=00000001 ret=7e3be18f
  624. 001f:Call gdi32.DeleteDC(000002e0) ret=7e3be1a1
  625. 001f:Ret gdi32.DeleteDC() retval=00000001 ret=7e3be1a1
  626. 001f:Call gdi32.DeleteDC(000002ec) ret=7e3be1b3
  627. 001f:Ret gdi32.DeleteDC() retval=00000001 ret=7e3be1b3
  628. 001f:Call gdi32.DeleteObject(00000308) ret=7e3be1c5
  629. 001f:Ret gdi32.DeleteObject() retval=00000001 ret=7e3be1c5
  630. 001f:Call gdi32.DeleteObject(00000314) ret=7e3be1d7
  631. 001f:Ret gdi32.DeleteObject() retval=00000001 ret=7e3be1d7
  632. 001f:Call ntdll.RtlFreeHeap(00110000,00000000,0013bb10) ret=7e3be203
  633. 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e3be203
  634. 001f:Call ntdll.RtlFreeHeap(00110000,00000000,0013b510) ret=7e3be223
  635. 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e3be223
  636. 001f:Ret comctl32.ImageList_Destroy() retval=00000001 ret=7e51d649
  637. 001f:Call comctl32.ImageList_Destroy(0013bf68) ret=7e51d662
  638. 001f:Call gdi32.DeleteObject(000005ac) ret=7e3be17d
  639. 001f:Ret gdi32.DeleteObject() retval=00000001 ret=7e3be17d
  640. 001f:Call gdi32.DeleteObject(000005b0) ret=7e3be18f
  641. 001f:Ret gdi32.DeleteObject() retval=00000001 ret=7e3be18f
  642. 001f:Call gdi32.DeleteDC(00000318) ret=7e3be1a1
  643. 001f:Ret gdi32.DeleteDC() retval=00000001 ret=7e3be1a1
  644. 001f:Call gdi32.DeleteDC(00000324) ret=7e3be1b3
  645. 001f:Ret gdi32.DeleteDC() retval=00000001 ret=7e3be1b3
  646. 001f:Call gdi32.DeleteObject(00000340) ret=7e3be1c5
  647. 001f:Ret gdi32.DeleteObject() retval=00000001 ret=7e3be1c5
  648. 001f:Call gdi32.DeleteObject(0000034c) ret=7e3be1d7
  649. 001f:Ret gdi32.DeleteObject() retval=00000001 ret=7e3be1d7
  650. 001f:Call ntdll.RtlFreeHeap(00110000,00000000,0013c570) ret=7e3be203
  651. 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e3be203
  652. 001f:Call ntdll.RtlFreeHeap(00110000,00000000,0013bf68) ret=7e3be223
  653. 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7e3be223
  654. 001f:Ret comctl32.ImageList_Destroy() retval=00000001 ret=7e51d662
  655. 001f:Call ntdll.RtlDeleteCriticalSection(7e6df3a0) ret=7e51d67e
  656. 001f:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7e51d67e
  657. 001f:Call ntdll.RtlDeleteCriticalSection(7e6df248) ret=7e509600
  658. 001f:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7e509600
  659. 001f:Call KERNEL32.FreeLibrary(7e270000) ret=7e5714d1
  660. 001f:Ret KERNEL32.FreeLibrary() retval=00000001 ret=7e5714d1
  661. 001f:Ret PE DLL (proc=0x7e5714f0,module=0x7e4f0000 L"shell32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  662. 001f:Call PE DLL (proc=0x7e333440,module=0x7e270000 L"ole32.dll",reason=PROCESS_DETACH,res=0x1)
  663. 001f:Call user32.UnregisterClassW(7e337600 L"OleMainThreadWndClass 0x######## ",7e270000) ret=7e290a0e
  664. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e290a0e
  665. 001f:Ret PE DLL (proc=0x7e333440,module=0x7e270000 L"ole32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  666. 001f:Call PE DLL (proc=0x7e43a360,module=0x7e3a0000 L"comctl32.dll",reason=PROCESS_DETACH,res=0x1)
  667. 001f:Call user32.UnregisterClassW(0033f1e2 L"SysAnimate32",00000000) ret=7e3a6677
  668. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e3a6677
  669. 001f:Call user32.UnregisterClassW(0033f1e2 L"ComboBoxEx32",00000000) ret=7e3ac497
  670. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e3ac497
  671. 001f:Call user32.UnregisterClassW(0033f1d8 L"SysDateTimePick32",00000000) ret=7e3b4e25
  672. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e3b4e25
  673. 001f:Call user32.UnregisterClassW(0033f1de L"flatsb_class32",00000000) ret=7e3b80b3
  674. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e3b80b3
  675. 001f:Call user32.UnregisterClassW(0033f1e4 L"SysHeader32",00000000) ret=7e3bcb81
  676. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e3bcb81
  677. 001f:Call user32.UnregisterClassW(0033f1dc L"msctls_hotkey32",00000000) ret=7e3bdee9
  678. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e3bdee9
  679. 001f:Call user32.UnregisterClassW(0033f1de L"SysIPAddress32",00000000) ret=7e3c7b83
  680. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e3c7b83
  681. 001f:Call user32.UnregisterClassW(0033f1e0 L"SysListView32",00000000) ret=7e3e2e8d
  682. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e3e2e8d
  683. 001f:Call user32.UnregisterClassW(0033f1e0 L"SysMonthCal32",00000000) ret=7e3ea5bd
  684. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e3ea5bd
  685. 001f:Call user32.UnregisterClassW(0033f1e0 L"NativeFontCtl",00000000) ret=7e3ea93d
  686. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e3ea93d
  687. 001f:Call user32.UnregisterClassW(0033f1ea L"SysPager",00000000) ret=7e3ed7df
  688. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e3ed7df
  689. 001f:Call user32.UnregisterClassW(0033f1d8 L"msctls_progress32",00000000) ret=7e3eefa5
  690. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e3eefa5
  691. 001f:Call user32.UnregisterClassW(0033f1e0 L"ReBarWindow32",00000000) ret=7e4000dd
  692. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e4000dd
  693. 001f:Call user32.UnregisterClassW(0033f1d6 L"msctls_statusbar32",00000000) ret=7e40368b
  694. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e40368b
  695. 001f:Call user32.UnregisterClassW(0033f1ec L"SysLink",00000000) ret=7e407ef9
  696. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e407ef9
  697. 001f:Call user32.UnregisterClassW(0033f1dc L"SysTabControl32",00000000) ret=7e40eee9
  698. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e40eee9
  699. 001f:Call user32.UnregisterClassW(0033f1dc L"ToolbarWindow32",00000000) ret=7e421b49
  700. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e421b49
  701. 001f:Call user32.DestroyIcon(0005003c) ret=7e426ab0
  702. 001f:Ret user32.DestroyIcon() retval=00000001 ret=7e426ab0
  703. 001f:Call user32.DestroyIcon(0001003e) ret=7e426ac1
  704. 001f:Ret user32.DestroyIcon() retval=00000001 ret=7e426ac1
  705. 001f:Call user32.DestroyIcon(00010040) ret=7e426ad2
  706. 001f:Ret user32.DestroyIcon() retval=00000001 ret=7e426ad2
  707. 001f:Call user32.UnregisterClassW(0033f1da L"tooltips_class32",00000000) ret=7e426b4e
  708. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e426b4e
  709. 001f:Call user32.UnregisterClassW(0033f1d8 L"msctls_trackbar32",00000000) ret=7e42aaa5
  710. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e42aaa5
  711. 001f:Call user32.UnregisterClassW(0033f1e0 L"SysTreeView32",00000000) ret=7e437ccd
  712. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e437ccd
  713. 001f:Call user32.UnregisterClassW(0033f1dc L"msctls_updown32",00000000) ret=7e43a219
  714. 001f:Ret user32.UnregisterClassW() retval=00000001 ret=7e43a219
  715. 001f:Call gdi32.DeleteObject(00000270) ret=7e3b09c5
  716. 001f:Ret gdi32.DeleteObject() retval=00000001 ret=7e3b09c5
  717. 001f:Call gdi32.DeleteObject(00000268) ret=7e3b09dc
  718. 001f:Ret gdi32.DeleteObject() retval=00000001 ret=7e3b09dc
  719. 001f:Call KERNEL32.GlobalDeleteAtom(0000c016) ret=7e3b09f8
  720. 001f:Ret KERNEL32.GlobalDeleteAtom() retval=00000000 ret=7e3b09f8
  721. 001f:Call KERNEL32.FreeLibrary(7e360000) ret=7e43a341
  722. 001f:Ret KERNEL32.FreeLibrary() retval=00000001 ret=7e43a341
  723. 001f:Ret PE DLL (proc=0x7e43a360,module=0x7e3a0000 L"comctl32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  724. 001f:Call PE DLL (proc=0x7e379a90,module=0x7e360000 L"uxtheme.dll",reason=PROCESS_DETACH,res=0x1)
  725. 001f:Ret PE DLL (proc=0x7e379a90,module=0x7e360000 L"uxtheme.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  726. 001f:Call PE DLL (proc=0x7e4ca840,module=0x7e490000 L"shlwapi.dll",reason=PROCESS_DETACH,res=0x1)
  727. 001f:Call KERNEL32.TlsFree(00000002) ret=7e4bcea2
  728. 001f:Ret KERNEL32.TlsFree() retval=00000001 ret=7e4bcea2
  729. 001f:Ret PE DLL (proc=0x7e4ca840,module=0x7e490000 L"shlwapi.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  730. 001f:Call PE DLL (proc=0x7ec34910,module=0x7eb90000 L"user32.dll",reason=PROCESS_DETACH,res=0x1)
  731. 001f:Ret PE DLL (proc=0x7ec34910,module=0x7eb90000 L"user32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  732. 001f:Call PE DLL (proc=0x7e966a10,module=0x7e8f0000 L"winex11.drv",reason=PROCESS_DETACH,res=0x1)
  733. 001f:Ret PE DLL (proc=0x7e966a10,module=0x7e8f0000 L"winex11.drv",reason=PROCESS_DETACH,res=0x1) retval=1
  734. 001f:Call PE DLL (proc=0x7e75aef0,module=0x7e750000 L"imm32.dll",reason=PROCESS_DETACH,res=0x1)
  735. 001f:Call KERNEL32.TlsFree(00000000) ret=7e7592b5
  736. 001f:Ret KERNEL32.TlsFree() retval=00000001 ret=7e7592b5
  737. 001f:Ret PE DLL (proc=0x7e75aef0,module=0x7e750000 L"imm32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  738. 001f:Call PE DLL (proc=0x7eaf0ee0,module=0x7eae0000 L"version.dll",reason=PROCESS_DETACH,res=0x1)
  739. 001f:Ret PE DLL (proc=0x7eaf0ee0,module=0x7eae0000 L"version.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  740. 001f:Call PE DLL (proc=0x7eb5c560,module=0x7eb00000 L"gdi32.dll",reason=PROCESS_DETACH,res=0x1)
  741. 001f:Ret PE DLL (proc=0x7eb5c560,module=0x7eb00000 L"gdi32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  742. 001f:Call PE DLL (proc=0x7ed6a050,module=0x7ed20000 L"rpcrt4.dll",reason=PROCESS_DETACH,res=0x1)
  743. 001f:Ret PE DLL (proc=0x7ed6a050,module=0x7ed20000 L"rpcrt4.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  744. 001f:Call PE DLL (proc=0x7ecfe300,module=0x7ecc0000 L"advapi32.dll",reason=PROCESS_DETACH,res=0x1)
  745. 001f:Ret PE DLL (proc=0x7ecfe300,module=0x7ecc0000 L"advapi32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  746. 001f:Call PE DLL (proc=0x7b8790f0,module=0x7b810000 L"KERNEL32.dll",reason=PROCESS_DETACH,res=0x1)
  747. 001f:Ret PE DLL (proc=0x7b8790f0,module=0x7b810000 L"KERNEL32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  748. 001f:Call PE DLL (proc=0x7bc88ea0,module=0x7bc10000 L"ntdll.dll",reason=PROCESS_DETACH,res=0x1)
  749. 001f:Ret PE DLL (proc=0x7bc88ea0,module=0x7bc10000 L"ntdll.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  750. 0012:Call PE DLL (proc=0x7eccd050,module=0x7ec80000 L"rpcrt4.dll",reason=PROCESS_DETACH,res=0x1)
  751. 001a:Ret PE DLL (proc=0x7ed14050,module=0x7ecd0000 L"rpcrt4.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  752. 0012:Ret PE DLL (proc=0x7eccd050,module=0x7ec80000 L"rpcrt4.dll",reason=PROCESS_DETACH,res=0x1) re001a:Re0012:Call PE DLL (proc=0x7ed0a470,module=0x7ecf0000 L"ntoskrnl.exe",reason=PROCESS_DETACH,res=0x1)
  753. 001a:Call PE DLL (proc=0x7b8790f0,module=0x7b810000 L"KERNEL32.dll",reason=PROCESS_DETACH,res=0x1)
  754. 001a:Ret PE DLL (proc=0x7b8790f0,module=0x7b810000 L"KERNEL32.dll",reaso0012:Ret ntdll.RtlRemoveVectoredEx001a:Call PE DLL (proc=0x7bc88ea0,module=0x7bc0012:Ret PE DLL (proc=0x7ed0a470,module=0x7ecf000001a:Ret PE DLL (proc=0x7bc88ea0,module=0x7bc10000 L"ntdl0012:Call PE DLL (proc=0x7ed76300,module=0x7ed40000 L"advapi32.dll",reason=PROCESS_DETACH,res=0x1)
  755. 0012:Ret PE DLL (proc=0x7ed76300,module=0x7ed40000 L"advapi32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  756. 0012:Call PE DLL (proc=0x7b8790f0,module=0x7b810000 L"KERNEL32.dll",reason=PROCESS_DETACH,res=0x1)
  757. 0028:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7eda194f
  758. 0028:Call rpcrt4.RpcMgmtStopServerListening(00000000) ret=7eda195e
  759. 0028:Call KERNEL32.WaitForSingleObject(0000003c,ffffffff) ret=7ed65dcc
  760. 000f:Ret KERNEL32.WaitForSingleObjectEx() retval=00000000 ret=7ed9a61c
  761. 000f:Call KERNEL32.CloseHandle(00000070) ret=7ed9a694
  762. 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed9a694
  763. 000f:Call advapi32.RegCloseKey(0000001c) ret=7ed9c7c0
  764. 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7ed9c7c0
  765. 0028:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7ed000f:R0028:Call KERNEL32.SetEvent(00000028) ret=7ed6b314
  766. 000f:Call ntdll.RtlFreeHeap(00110000,00000000,001150b0) ret=7ed9c7ee
  767. 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed9c7ee
  768. 000f:Call KERNEL32.ExitProcess(00000000) ret=7eda4297
  769. 000f:Call PE DLL (proc=0x7ed6b050,module=0x7ed20000 L"rpcrt4.dll",reason=PROCESS_DETACH,res=0x1)
  770. 000f:Call KERNEL32.WaitForSingleObject(0000002c,ffffffff) ret=7ed5bdcc
  771. 0029:Ret KERNEL32.WaitForMultipleObjectsEx() retval=00000000 ret=7ed7038f
  772. 0029:Call ntdll.RtlFreeHeap(00110000,00000000,00117280) ret=7ed6ac46
  773. 0029:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed6ac46
  774. 0029:Call KERNEL32.FlushFileBuffers(00000050) ret=7ed6f4d9
  775. 0028:Ret KERNEL32.SetEvent() retval=00000001 ret=7ed6b314
  776. 0028:Call KERNEL32.WaitForSingleObject(00000040,ffffffff) ret=7ed65dea
  777. 001c:Ret KERNEL32.ReadFile() retval=00000000 ret=7ed655dd
  778. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed589c6
  779. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed589c6
  780. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed5a697
  781. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5a697
  782. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed68c46
  783. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed68c46
  784. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed589c6
  785. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed589c6
  786. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed5ad85
  787. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5ad85
  788. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed5aa43
  789. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5aa43
  790. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00118828) ret=7ed5db34
  791. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5db34
  792. 001c:Call KERNEL32.FlushFileBuffers(00000044) ret=7ed654d9
  793. 000f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7ed5bdcc
  794. 000f:Call KERNEL32.SetEvent(00000020) ret=7ed61314
  795. 0029:Ret KERNEL32.FlushFileBuffers() retval=00000001 ret=7ed6f4d9
  796. 0029:Call KERNEL32.CloseHandle(00000050) ret=7ed6f4e7
  797. 0014:Ret KERNEL32.ReadFile() retval=00000000 ret=7ed655dd
  798. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed589c6
  799. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed589c6
  800. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed5a697
  801. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5a697
  802. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed68c46
  803. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed68c46
  804. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed589c6
  805. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed589c6
  806. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed5ad85
  807. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5ad85
  808. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed5aa43
  809. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5aa43
  810. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,001182d8) ret=7ed5db34
  811. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5db34
  812. 0014:Call KERNEL32.FlushFileBuffers(00000024) ret=7ed654d9
  813. 0010:Ret KERNEL32.WaitForMultipleObjectsEx() retval=00000000 ret=7ed6638f
  814. 0010:Call ntdll.RtlFreeHeap(00110000,00000000,00117d70) ret=7ed60c46
  815. 0010:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed60c46
  816. 0010:Call KERNEL32.FlushFileBuffers(0000006c) ret=7ed654d9
  817. 001c:Ret KERNEL32.FlushFileBuffers() retval=00000001 ret=7ed654d9
  818. 001c:Call KERNEL32.CloseHandle(00000044) ret=7ed654e7
  819. 000f:Ret KERNEL32.SetEvent() retval=00000001 ret=7ed61314
  820. 000f:Call KERNEL32.WaitForSingleObject(00000030,ffffffff) ret=7ed5bdea
  821. 0014:Ret KERNEL32.FlushFileBuffers() retval=00000001 ret=7ed654d9
  822. 0014:Call KERNEL32.CloseHandle(00000024) ret=7ed654e7
  823. 0010:Ret KERNEL32.FlushFileBuffers() retval=00000001 ret=7ed654d9
  824. 001c:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed654e7
  825. 001c:Call KERNEL32.CloseHandle(0000004c) ret=7ed65503
  826. 0014:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed654e7
  827. 001c:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed65503
  828. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00117f08) ret=7ed51576
  829. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed51576
  830. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed51576
  831. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed51576
  832. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed667d1
  833. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed667d1
  834. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00118810) ret=7ed97497
  835. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed97497
  836. 001c:Call ntdll.RtlDeleteResource(001187b4) ret=7ed4f098
  837. 0014:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed65503
  838. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00118068) ret=7ed51576
  839. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed51576
  840. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed51576
  841. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed51576
  842. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed667d1
  843. 001c:Ret ntdll.RtlDeleteResource() retval=00000000 ret=7ed0014:C001c:Call ntdll.RtlFreeHeap(00110000,00000000,00118790) ret=7ed0014:R001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed0014:C001c:Call ntdll.RtlFreeHeap(00110000,00000000,00118968) ret=7ed97497
  844. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed97497
  845. 001c:Call ntdll.RtlDeleteResource(0011890c) ret=7ed4f098
  846. 0014:Ret ntdll.RtlDeleteResource() retval=00000000 ret=7ed4f098
  847. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00118348) ret=7ed4f0b8
  848. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed4f0b8
  849. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,001183d8) ret=7ed97497
  850. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed97497
  851. 0014:Call ntdll.RtlDeleteResource(0011842c) ret=7ed4f098
  852. 0029:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed6f503
  853. 0029:Call KERNEL32.FlushFileBuffers(0000002c) ret=7ed6f4d9
  854. 001c:Ret ntdll.RtlDeleteResource() retval=00000000 ret=7ed4f098
  855. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,001188e8) ret=7ed4f0b8
  856. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed4f0b8
  857. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed4f74a
  858. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed4f74a
  859. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00118740) ret=7ed4f76d
  860. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed4f76d
  861. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed4f790
  862. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed4f790
  863. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00118728) ret=7ed4f7b3
  864. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed4f7b3
  865. 001c:Call ntdll.RtlDeleteCriticalSection(001186d0) ret=7ed4f7c1
  866. 001c:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7ed4f7c1
  867. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,001186a0) ret=7ed4f7e1
  868. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed4f7e1
  869. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,001185f8) ret=7ed51576
  870. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed51576
  871. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed51576
  872. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed51576
  873. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,001185e0) ret=7ed51576
  874. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed51576
  875. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed53d2d
  876. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed53d2d
  877. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00118650) ret=7ed53d6b
  878. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed53d6b
  879. 001c:Call ntdll.RtlFreeHeap(00110000,00000000,00118488) ret=7ed6681e
  880. 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed6681e
  881. 0010:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed654e7
  882. 0010:Call KERNEL32.CloseHandle(00000074) ret=7ed65503
  883. 0029:Ret KERNEL32.FlushFileBuffers() retval=00000001 ret=7ed6f4d9
  884. 0029:Call KERNEL32.CloseHandle(0000002c) ret=7ed6f4e7
  885. 0014:Ret ntdll.RtlDeleteResource() retval=00000000 ret=7ed4f098
  886. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00118408) ret=7ed4f0b8
  887. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed4f0b8
  888. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed4f74a
  889. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed4f74a
  890. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,001182c0) ret=7ed4f76d
  891. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed4f76d
  892. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed4f790
  893. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed4f790
  894. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,001182a8) ret=7ed4f7b3
  895. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed4f7b3
  896. 0014:Call ntdll.RtlDeleteCriticalSection(00118250) ret=7ed4f7c1
  897. 0014:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7ed4f7c1
  898. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00118220) ret=7ed4f7e1
  899. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed4f7e1
  900. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00118178) ret=7ed51576
  901. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed51576
  902. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed51576
  903. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed51576
  904. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00118160) ret=7ed51576
  905. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed51576
  906. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00000000) ret=7ed53d2d
  907. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed53d2d
  908. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,001181d0) ret=7ed53d6b
  909. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed53d6b
  910. 0014:Call ntdll.RtlFreeHeap(00110000,00000000,00117fd0) ret=7ed6681e
  911. 0014:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed6681e
  912. 0010:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed65503
  913. 0010:Call KERNEL32.SetEvent(00000030) ret=7ed5bf63
  914. 0010:Ret KERNEL32.SetEvent() retval=00000001 ret=7ed5bf63
  915. 000f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7ed5bdea
  916. 000f:Call KERNEL32.ReleaseMutex(0000002c) ret=7ed5bdf8
  917. 000f:Ret KERNEL32.ReleaseMutex() retval=00000001 ret=7ed5bdf8
  918. 000f:Call ntdll.RtlFreeHeap(00110000,00000000,00117dd0) ret=7ed51576
  919. 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed51576
  920. 000f:Call ntdll.RtlDeleteCriticalSection(00117da0) ret=7ed5e706
  921. 000f:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7ed5e706
  922. 000f:Call KERNEL32.CloseHandle(0000002c) ret=7ed5e714
  923. 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed5e714
  924. 000f:Call KERNEL32.CloseHandle(00000030) ret=7ed5e722
  925. 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed5e722
  926. 000f:Call ntdll.RtlFreeHeap(00110000,00000000,00117d88) ret=7ed5e753
  927. 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5e753
  928. 000f:Ret PE DLL (proc=0x7ed6b050,module=0x7ed20000 L"rpcrt4.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  929. 000f:Call PE DLL (proc=0x7ecff300,module=0x7ecc0000 L"advapi32.dll",reason=PROCESS_DETACH,res=0x1)
  930. 000f:Ret PE DLL (proc=0x7ecff300,module=0x7ecc0000 L"advapi32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  931. 000f:Call PE DLL (proc=0x7b8790f0,module=0x7b810000 L"KERNEL32.dll",reason=PROCESS_DETACH,res=0x1)
  932. 000f:Ret PE DLL (proc=0x7b8790f0,module=0x7b810000 L"KERNEL32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  933. 000f:Call PE DLL (proc=0x7bc88ea0,module=0x7bc10000 L"ntdll.dll",reason=PROCESS_DETACH,res=0x1)
  934. 000f:Ret PE DLL (proc=0x7bc88ea0,module=0x7bc10000 L"ntdll.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  935. 0029:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed6f4e7
  936. 0029:Call KERNEL32.CloseHandle(00000030) ret=7ed6f503
  937. 0029:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed6f503
  938. 0029:Call KERNEL32.SetEvent(00000040) ret=7ed65f63
  939. 0028:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7ed65dea
  940. 0028:Call KERNEL32.ReleaseMutex(0000003c) ret=7ed65df8
  941. 0028:Ret KERNEL32.ReleaseMutex() retval=00000001 ret=7ed65df8
  942. 0028:Call KERNEL32.WaitForSingleObject(00000044,ffffffff) ret=7ed65dcc
  943. 0028:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7ed65dcc
  944. 0028:Call KERNEL32.SetEvent(00000018) ret=7ed6b314
  945. 0028:Ret KERNEL32.SetEvent() retval=00000001 ret=7ed6b314
  946. 0028:Call KERNEL32.WaitForSingleObject(00000048,ffffffff) ret=7ed65dea
  947. 0029:Ret KERNEL32.SetEvent() retval=00000001 ret=7ed65f63
  948. 0029:Call PE DLL (proc=0x7ed75050,module=0x7ed30000 L"rpcrt4.dll",rea002a:Ret ntdll.RtlFreeHeap()0029:Ret PE DLL (proc=0x7ed75002a:Call KERNEL32.FlushFileBuffers(00000020) ret=7ed6f4d9
  949. 002a:Ret KERNEL32.FlushFileBuffers() retval=00000001 ret=7ed6f4d9
  950. 002a:Call KERNEL32.CloseHandle(00000020) ret=7ed6f4e7
  951. 002a:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed6f4e7
  952. 002a:Call KERNEL32.CloseHandle(00000024) ret=7ed6f503
  953. 002a:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed6f503
  954. 002a:Call KERNEL32.SetEvent(00000048) ret=7ed65f63
  955. 0028:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7ed65dea
  956. 0028:Call KERNEL32.ReleaseMutex(00000044) ret=7ed65df8
  957. 002a:Ret KERNEL32.SetEvent() retval=00000001 ret=7ed65f63
  958. 002a:Call PE DLL (proc=0x7ed75050,module=0x7ed30000 L"rpcrt4.dll",reason=THREAD_DETACH,res=(nil))
  959. 002a:Ret PE DLL (proc=0x7ed75050,module=0x7ed30000 L"rpcrt4.dll",reason=THREAD_DETACH,res=(nil)) retval=1
  960. 0028:Ret KERNEL32.ReleaseMutex() retval=00000001 ret=7ed65df8
  961. 0028:Ret rpcrt4.RpcMgmtStopServerListening() retval=00000000 ret=7eda195e
  962. 0028:Call rpcrt4.RpcServerUnregisterIf(7eda6d00,00000000,00000001) ret=7eda197b
  963. 0028:Call ntdll.RtlFreeHeap(00110000,00000000,00115148) ret=7ed693a9
  964. 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed693a9
  965. 0028:Ret rpcrt4.RpcServerUnregisterIf() retval=00000000 ret=7eda197b
  966. 0028:Call rpcrt4.RpcServerUnregisterIf(7eda6d80,00000000,00000001) ret=7eda1998
  967. 0028:Call ntdll.RtlFreeHeap(00110000,00000000,00115190) ret=7ed693a9
  968. 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed693a9
  969. 0028:Ret rpcrt4.RpcServerUnregisterIf() retval=00000000 ret=7eda1998
  970. 0028:Call KERNEL32.CloseHandle(0000004c) ret=7eda19a9
  971. 0028:Ret KERNEL32.CloseHandle() retval=00000001 ret=7eda19a9
  972. 0028:Call KERNEL32.ExitProcess(00000000) ret=7eda5067
  973. 0028:Call PE DLL (proc=0x7ed75050,module=0x7ed30000 L"rpcrt4.dll",reason=PROCESS_DETACH,res=0x1)
  974. 0028:Call ntdll.RtlFreeHeap(00110000,00000000,00117418) ret=7ed5b576
  975. 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5b576
  976. 0028:Call ntdll.RtlDeleteCriticalSection(001173e8) ret=7ed68706
  977. 0028:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7ed68706
  978. 0028:Call KERNEL32.CloseHandle(0000003c) ret=7ed68714
  979. 0028:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed68714
  980. 0028:Call KERNEL32.CloseHandle(00000040) ret=7ed68722
  981. 0028:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed68722
  982. 0028:Call ntdll.RtlFreeHeap(00110000,00000000,001173d0) ret=7ed68753
  983. 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed68753
  984. 0028:Call ntdll.RtlFreeHeap(00110000,00000000,001172e0) ret=7ed5b576
  985. 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed5b576
  986. 0028:Call ntdll.RtlDeleteCriticalSection(001172b0) ret=7ed68706
  987. 0028:Ret ntdll.RtlDeleteCriticalSection() retval=00000000 ret=7ed68706
  988. 0028:Call KERNEL32.CloseHandle(00000044) ret=7ed68714
  989. 0028:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed68714
  990. 0028:Call KERNEL32.CloseHandle(00000048) ret=7ed68722
  991. 0028:Ret KERNEL32.CloseHandle() retval=00000001 ret=7ed68722
  992. 0028:Call ntdll.RtlFreeHeap(00110000,00000000,00117298) ret=7ed68753
  993. 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7ed68753
  994. 0028:Ret PE DLL (proc=0x7ed75050,module=0x7ed30000 L"rpcrt4.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  995. 0028:Call PE DLL (proc=0x7ed09300,module=0x7ecd0000 L"advapi32.dll",reason=PROCESS_DETACH,res=0x1)
  996. 0028:Ret PE DLL (proc=0x7ed09300,module=0x7ecd0000 L"advapi32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  997. 0028:Call PE DLL (proc=0x7b8790f0,module=0x7b810000 L"KERNEL32.dll",reason=PROCESS_DETACH,res=0x1)
  998. 0028:Ret PE DLL (proc=0x7b8790f0,module=0x7b810000 L"KERNEL32.dll",reason=PROCESS_DETACH,res=0x1) retval=1
  999. 0028:Call PE DLL (proc=0x7bc88ea0,module=0x7bc10000 L"ntdll.dll",reason=PROCESS_DETACH,res=0x1)
  1000. 0028:Ret PE DLL (proc=0x7bc88ea0,module=0x7bc10000 L"ntdll.dll",reason=PROCESS_DETACH,res=0x1) retval=1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement