MZ@ !L!This program cannot be run in DOS mode. $Pv7ddddHdo-ddo=ddo,ddo+ddo4ddo*ddo/ddRichdPEd[J"  D+b@oȹd X.text `__TEXT! `.dataԗ@.pdata@@.rsrc@@.reloc`@B+[J([J2[J?[JLntdll.dllKERNEL32.dllapilogen.dllamxread.dllPdx@)xx@8+@8t@8d.@8@8"@8$@8@8(@84@84(@8'@8@8.@8&&&"&!&"&jx~x Tx@xpx0xxx1x0xxxxExxpxxx xxjxxx#xPxx &xPxFxPxpxxx:xxx Zxx!x@xxPx0xPx ?x0x ?xx?x4:xxPxPxxx[J%4( ++Failed to allocate memory to store strings in array[HepStoreMultiStringInArray]0x%lx Failed to retrieve default for value %ls[HepRetrieveConfigDWORDValue][HepRetrieveConfigStringValue]0x%lx Failed to retrieve data for value %ls[HepInitializeConfigFlagValue]0x%lx Failed to open machine-wide settings key[HepInitializeConfigurationInfo]0x%lx Unable to open executable settings key; using machine-wide defaultsLogApiNamesOnly0x%lx Failed to initialize config value for 'log api names only'LogApisRecursively0x%lx Failed to initialize config value for 'log apis recursively'EnableSequentialLog0x%lx Failed to initialize config value for 'enable sequential log'EnableManifestSignatureCheckMaximumLogFileSize0x%lx Failed to initialize config value for 'maximum log file size'IncludeModules0x%lx Failed to initialize config value for 'include modules'IncludeApis0x%lx Failed to initialize config value for 'include APIs'ExcludeApis0x%lx Failed to initialize config value for 'exclude APIs'LogFileName0x%lx Failed to initialize config value for 'log file name'0x%lx Failed to store 'include modules' in array0x%lx Failed to store 'include APIs' in array0x%lx Failed to store 'exclude APIs' in array0x%08X Failed to store running executable path in buffer[HepWriteProcessData]%d Failed to write process data to log file0x%08X Failed to store manifest path in buffer[HepWriteManifestData]%d Failed to store manifest data in log file%d Log engine uninitialize failed.[HepUninitialize]Failed to get image name for module %p[HepIsManifestAvailable]Failed to trim image name '%hs' for module %p0x%08X Failed to set parameter index[HepLoadParametersForFunction]0x%08X Failed to retrieve parameter information0x%08X Failed to allocate memory for parameter information0x%08X Failed to add member to parameter array0x%08X Failed to add parameter to parameter array0x%08X Failed to set group identifier[HepLoadFunctionsForManifest]0x%08X Failed to set table to function table0x%08X Failed to properly read manifest0x%08X Failed to retrieve function informationNameUnknownFailed to allocate memory to store function0x%lx Failed to convert Unicode function name '%ls' to AnsiExcluding function '%ls' for security reasons0x%lx Failed to load parameter information for function '%ls'0x%lx Failed to add function to array for function '%ls'0x%08X Failed to set current type member index[HepLoadMembersForType]0x%08X Failed to retrieve type member information0x%08X Failed to allocate memory to store type member0x%08X Failed to add type member to type member array[HepLoadTypeTableForManifest]0x%08X Failed to set table to type table0x%08X Failed to retrieve type information for manifest %ls0x%08X Failed to allocate memory to store type information0x%08X Failed to load members for type0x%08X Failed to add type to types array0x%08X Failed to reset read buffer0x%08X Failed to open manifest file %ls[HepLoadManifest]0x%08X Failed to retrieve signature for manifest file %ls0x%lx Failed to load type table for manifest file %ls0x%lx Failed to load functions for manifest file %ls0x%lx Failed to initialize configuration info[HepInitialize]0x%lx Failed to retrieve installed manifests0x%lx Failed to load installed manifests0x%lx Failed to build loaded module listHook engine initialized successfullyNo manifest files are currently loaded[HeGetLoadedManifestInfo]0x%08X Failed to determine allocation sizeFailed to allocate memory for manifest array0x%lx Failed to duplicate manifest file path '%ls'Failed to allocate storage for parameter data[HepAllocateParameterData]Failed to allocate memory to store empty UDT information[HepCaptureSingleParameter]Failed to allocate memory to store UDT informationInvalid parameter information stored for function %hs[HepPackageParameterInfo]Failed to allocate memory to store parameter information for function %hsTlsGetValueGetProcAddressFreeLibraryFreeLibraryAndExitThreadLoadLibraryALoadLibraryWLoadLibraryExALoadLibraryExWLdrLoadDllLdrGetProcedureAddressDosDateTimeToFileTimeGetFullPathNameAGetFullPathNameWGetSystemDirectoryWGetDiskFreeSpaceExWVirtualQueryVirtualQueryExkernel32.dllkernelbase.dlladvapi32.dllFailed to extract file name from %ls[HepIsFunctionExcluded]!Failed to set up string for module %lsFailed to find module for base address '0x%p'[HepFindStublet]Skipping loaded module '%ls', imported module '%ls'[HepPatchModuleImports]Patching imports for module '%ls'Failed to find stublet node for ordinal '%ld'Failed to find stublet node for function '%hs'No manifest for module '%ls'[HepSearchAndStoreManifestInfoForModule]msvcrt.dllamxread.dllapihex86.dllapihex64.dllapilogen.dllapphelp.dllverifier.dllvfcore.dllvfbasics.dllModule unload called on NULL ModuleHandle[HepHandleModuleUnload]Module unload occurring for module at base address 0x%08XModule unload occurring for module name '%ls'Invalid arguments[HepHookGetProcAddress]Invalid argument[HepHookLdrGetProcedureAddress]Failed to allocate memory for hooks[HepGetHookAPIs]kernel32.dllntdll.dllLdrUnloadDllRtlExitUserProcess\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\APITracingInstalledManifests &fJ2aNtQueryVirtualMemory failed on stack 0x%x Status 0x%x HepResetStackOverflowNtQueryVirtualMemory failed on stack base 0x%x Status 0x%x NtQueryVirtualMemory failed on stack commit base 0x%x Status 0x%x NtQuerySystemInformation failed Status 0x%x Bad guard page 0x%x base 0x%x NtFreeVirtualMemory on 0x%x failed Status 0x%x NtAllocateVirtualMemory on 0x%x failed Status 0x%x NtProtectVirtualMemory on 0x%x failed Status 0x%x 0x%08X EtwEventRegister failed HepLogManifestMismatchEvent0x%08X EtwEventWrite failed Failed to allocate storage for function/parameter data[HepAllocateFunctionParameterData][HepGenericStubletIn]%d Log engine initialization failed.0x%lx Failed to allocate memory for stublet node[HepAllocateStubletNode]Failed to allocate stublet[HepGenerateAndInitializeStubletNode]Generating stublets for module '%ls' to patch imports for '%ls'[HepGenerateStubletsForModule]Failed to find stublet node for function name '%hs'Failed to generate stublet node for function name '%hs'[HepHandleModuleLoad]Failed to find loaded in module list for base '0x%p'Failed to find stublet for '%hs' in module '%ls'[HepGetProcAddressInternal]Failed to find stublet for '%d' in module '%ls'Module not found in module list for procedure name '%hs'Module not found in module list for ordinal '%d'[FAIL] [WARN] [INFO] [XXXX] Failed to allocate memory for path[AmxpExtractFileNameNoExtension]Failed to get exe name[AmxpFormatLogFileName]log%ls_%ld_%02hu%02hu%02hu_%02hu%02hu%02hu.%lsFailed to allocate mem for log file nameFailed to format log file nameSettingsLogFileDirectory0x%lx Failed to initialize the heap[AmxpInitializeDebug]0x%lx Failed to get registry values0x%lx Failed to get log file directory0x%lx Failed to initialize debug logEnableDebugOutputDebugOutputLevelEnableLogOutputLogOutputLevelDebug level from registry: %ld[AmxInitializeDebugValuesFromRegistry]Log setting unavailableInvalid debug log setting in registryDebug log setting: %ldLog level from registry: %ld[AmxInitializeDebugLog]Failed to allocate mem for log file%ls\%lsFailed to format log file pathFailed to convert DOS to NT path0x%lx Failed to create log fileRSDS2BA#ˋapihex64.pdbHHUAUHHXHpHxL` LpIE3LLdII+HHHw-LAIIYINl NHIItHՅ~5AHL;t'ML+A HIADJuIIՅ~4AIM;t&MM+A HIADJuIHՅ~4AII;t&LM+A HIADJuIIH;vHH;sHHՅ~H;wHI;w HHՅ~HH;v HHՅH;rKAHH;t,LL+fffffA HIADJuH;nHfHH;sHH;vHHՅtH;rHI;v HHՅtIHH+I+H;|&L;sNl JII;LI;sJ\ NIL;LL$8H$0H$(H$ L$HA]]H;UWATH H\$@Ht$HLl$PLiMHHHIL;wDHHAԅHOHH;vAHH;t!H+ HIDJuHH;wLl$PHt$HH\$@H A\_]H\$Hl$VATAUH LIE3ILHAMf9H|$@fE;)t'fffH3IffHM IfE;)uH >HuIDúII$Hu4LHHaH|$@H\$HHl$PH A]A\^HVfD;s.MDfI$HHI3IfIHHJuf]AfE(AHH H%@SH L۬H =3MtHt3H =HLMtHt3H =HLMtHt3rH k=HLMtHt3KH D=HmLnMtHt3$H =HNLOMtHt3H <H/L0MtHt3HH [@SUVWATHpHޥH3HD$`LHHL$8III3 Ht[3LL$HDGHD$HHD$PfD$XD$ZHD$0HT$8HD$(Hˉ|$0D$ x |$Lu|$T؅3LL$HHT$8HD$HHD$PfD$XD$ZHD$0AHD$(ID$0D$ rx|$Lt$ |$T؅y"LH0D˹Hl$ ^>HL$`H3CoHpA\_^][H\$Hl$Ht$WH@HHHL$0IIIHtHT$0LH9cy8HT$0LH%c؅y"LdHDȹH|$ ^H\$PHl$XHt$`H@_HSHf HhHx3HHHxHx+HD$0LD$@H$D$@0H|$HHD$PD$X@H|$`H|$hH$HHI$yLOHxOD5]L$H yHH$Ld$pfy LaH2DȹH\H$L%L$HHMĉ$؅y"LgHDȹLd$ \$uf Ψy LGHD˹c\L%oL$HHMĉ$z؅y"LHDȹLd$ \$uf Ly L5H&D˹[L%]L$HHMĉ$؅y"LcHDȹLd$ [$uf ʧy L#HD˹_[L%KL$HHMĉ$v؅y"LH DȹLd$ ["$uf FH$HExu f!$L$LHH؅y LHDȹZ>$L L+HH͉؅y L-HDȹQZL ULFHH؅y LFHWDȹZL &L_HHt؅y L_HDȹYtL LxHH5؅y LxHDȹY5L֥HH zE؅y LxHDȹTYLHyH J؅y LpHYDȹYLZHAH ؅yL`HDȹXxftH L A ftH ϤL AͤftH L XALd$pHt HH$H|$xHt HH$y+HĐ[@SH@3HD$ HD$(5W؅y LLHmDȹW3LD$0HD$0HD$8eH%0HH`HAHPHHf؅3H KHD$ HD$(؅4 b؅yLHDȹfKvHL$PH;tRH;MI;'H\$XHl$`Ht$hH0A]A\_H\$Hl$Ht$WH0HxHHu VH-H5lH H-vH-gH5XH5ILdH]LHH@HHHH;vH!LH (A@TH %W<eH%0LHH`HAHPHHHL$ tGtHL$(3c؅u O=t+%A3H ߈DBhQ؅y LDH؅y L-H+؅y L+؅LHoDȋ}<H=H;taH ]LGhHMtHt3DHghHHHFH?HHAH HtL3H H;uKHh HHH;uH 3H  LWH ;3H\$@Hl$HHt$PH0_H\$Hl$Ht$WATAVH033HH!HL5I;@vtHHI;uHHHt#L)HA;H:HHuL&HH:ZH=^LI;t\GvtHW`MĹDȅx IH?HGhLHzHD$ :Ht,HD uHL#HDb:3H\$PHl$XHt$`H0A^A\_HtiH\$Ht$WH HtDw?t"HYH;tHKfH#HHuH Ht L3ٰH\$0Ht$8H _H\$Ht$WH HHIE3HCHH<HtH+H;vAWOHSHH;vH@HSDx0H HCL HI;vHJHHHI;wHI HCH\$0Ht$8AH _H\$Ht$WH Hz?HHH9yt|HHH@H8HHuTH9{LHHBKHH{HKHtIIHHHuLMtH Ht3H33H\$0Ht$8H _@SH H HHu*@8HHu(L̿HH-83A@HLHH [H\$WH@DE3AH$D8D$pf,D$x.Ƈ/E:6I;-H I;!HL$(LHL$0E:0Hu*E:tLJ(OLJ(fOAtCHHT$(LHT$0DD$ E:tAvot0t$ ot$ IT$HL$ A,0ۅADHtuHL$@H3+H$(t$PH`A]A\_^]H\$Ht$WH03ۋD$ UeH%0Hp`HD$@H*;t\$ ǃwHT$@3ܐӋ\$ ؋H\$HHt$PH0_H(eH%0HH`HH(HHXHhHpHx ATH z3ILx'7HHcIy{~%s;}كH\$0Hl$8Ht$@H|$HH A\Ë@UHHl$0HHHH_H3H$HHT$0HUHUHUHEHD$(0Ht$ LM8E3HHŏy#D$ LMLHéNCHU@HUHEHD$(Ht$ LM8E3Hxy%D$ LMLHveX sTHM@H]PHHEHD$(Ht$ LM8E3HHy$D$ LLzHSE3EA@HUp3َy DLHbExHE HHHH#MH+HMHEH;s%HD$ LLtHH;vBH+HM(ALE(HUHy D$ LMLHHQD$(D$ LM E3HUHӍy"D$ LML0H DHE0HD$ ALE HUH y D$ LML"HçAHH3'HHHH]HHVHHXHhHxH|H3DHH+HHHw1L fAHHHQHt HHHHHPXHHHXLB(HA(L+fffB +uHu~2AHH;t$LL+DA HIADJuHHPXHHHXLB(HA(L+B +uHu~0AHH;t"LL+A HIADJuHHPXHHHXLB(HA(L+B +uHu~0AHH;t"LL+A HIADJuLLߐI;vKIL;sBHHPXIHHXLB(HA(L+fB +uHu~I;wD@IL;w7HHPXIHHXLB(HA(L+B +uHu~IL;v0HHPXIHHXLB(HA(L+B +uHuM;rLAIM;t-MM+ffffffA HIADJuI;III;sMIL;vDHHPXIHHXLB(HA(L+fffB +uHutI;r=@IL;v0HHPXIHHXLB(HA(L+B +uHutHII+H+H;|&I;sHt LHL;IL;sLT HHI;IzH$H$H$ H^@SLHH;H|$HyfDLLI;wGDIHPXIHHXLJ(HA(L+B +uHuMOIM;vAIM;t)M+fffffA HIADJuIL;jH|$[HHPXHHHXLB(HA(L+B: u Hu3LI[Ik ATAUAVHpeH%0=IDphMLH=XIs5 ^I{Hu7EAPIK3&HMH|$ HA(HD$XANfD$h@t D$jIy@u;Hu~8u GDHO.LLƲI>HEHHHuHO,HHt_@H  f;r'H;r H;rH 1HtL3!H HdžHO͆HHuH$H$eH%0L\$pI[0Ik8DphIIA^A]A\H\$Hl$Ht$H|$ ATAUAVHp=KHAHyDP4MHMIHT=UG3AD5 uHWLpL LLfffIl$PL|$0Ll$8HD$@HL$HHT$PLD$XLL$`LT$hL\$pHHD$ H~3H|$0HH$/~HMH$H$A t8H$AHtH$H$}H r3IL$HHcA<t[H|HtQWtJG tCH4Ht;tHcRI;tfDLLHItHI;uM$$HH HؒLL LL,M;Ll$(L$H$H$H$H$H }IH >IH$H3HA^A]A\@SH HH kQH|$0H=_QH;tfH9YHH H;uey*L&HGDȹH|$0H [+H QH;tH9YHt3H H;uL"HL˹vH|$0H [A\uHPH;tCXtC\uHkHH;u=tH|$0H [H\$Hl$Ht$ ATH0AHHE3y3H @PH9PH|$@HH;t@H9_Ht2H?H;uHLMLHHLUIv@H;tH9YHt(H H;uLHL˹DM#ILH;tH9YHtAH H;uMMHGPLMLԗHPAKHT$ HHQ(HAL I;s*LfLMtM+HANICXD9P0tHI;rMH;tH9YHt9H H;uMMufHGPLHHHDHL$ AKc^HQ(HAL I;s'LLMtM+HANICX9p0tHI;rMMcPLHDι~H|$@IH\$HHl$PHt$XH0A\H 7H6H\$WH Hz?HHH9yu 3H\$8H _H yHt$0HIHI@LBxHHtpHKLHH;H{HBHHSHtfIHIHHAuLMtH Ht3wH3Ht$03H\$8H _Ht$0H\$8H _HxH=uiE3HT$03EA@vxYDL$8DD$HHd$(Hd$ 3ҍJ]wHfHu$eH%0HH`HA0HIHu?3HxH(LH Hu3 vH(LD$LL$ SUVWH8HFH3H$ 3H9-u 9-U; v ; AL$xHL$ Hv;HcH;$H|$ DH$3HHHt|  t D @l !=ub;wZ˃t%tt H H H ܔH ˔%tHtH ՔtHL$ t=ub;wZHvHGH=sD< Dc%*c%c%c%b%b%b%b%b%rb%^b%Jb%6b%"b%b%Rb%a%a%a%b@SH EHLAALtA@McPLHcL#IcJHCHHKAt AHLL3IH [H(MA8HIH(%fc%bcHHXHhHpHx ATH MQ8HMAHIHHII\LDDUAA#AfDDEtLMHHsH\$0Hl$8Ht$@H|$HH A\%b%bffHxHl$ H|$(Ht$0HHHLLfEXfM`fUhf]pLU8LE@LMHHM8HLU@LHAH+HHAHH $HT$LD$LL$~EX~M`~Uh~]pAfEXHM8HLLMH~EXHu0H}(HHm Hx@UH0Hj0H3Ɂ8H0]@UH HH8t 8t3H ]Sdt Tp`0  4 p0خP!|!t|0!Ѓ!  tT4Ѓ` d 4R pM~~~d4 p4d42pb!78H! d 478H2 p P!05G5! ć td405G5PBp ` P 00d T 4Rp'p ` P 0خ !d O!d O  4 2p  t4RP4 5#t"d!4 3 P(<İ< Bapp d 4 R p4T 4 R p `  4 2p 2 0dee2P  4 rpcKdKd d T 4 Rp+ T745. p `خ`) 48. p`Pخ`) dNTM4LJpخ@$dK4JH pخ0 p`P0خ`!88!t88!t88T 4 2 `  0 dT 4 rpd 4R p$ h4 p`Pخ@  4 2p4 p ` P% 46. p`Pخ`dT42pd T 4 rp  d Rpd4 p!!td T 4 R!̎X!nn ]t XdPT+ 4̎X 4 pخ@ d T 42pd 4R p dT4rp, d4 pخtd42!<=!==p!==\!==H!==H!d==\!t==p!T<=  0 4W TpخdT4p% 4! p`Pخ tdT4 tdT4!<!td<T4  T 4 2 p ` T4 p ` d T 4 Rpr0!@̸!t4@̸ `PخP 0خ!N,!( ( tdT4N, خd T 4RpBd42 p!t͕!͕!t͕20 t dT4280fȺP6 bVBzpdP> "tؿ $¿$ lTؾ|j^N4½jBRdr *:TJ2ؼ̼>x__chkstkO_wcsicmpRtlInitUnicodeStringNtCloseHRtlFreeAnsiString_RtlRemoveVectoredExceptionHandlerORtlFreeUnicodeStringRtlUnicodeStringToAnsiString_RtlAddVectoredExceptionHandlerRtlInitializeSListHeadRtlDuplicateUnicodeStringRtlInterlockedPushListSListRtlInterlockedPopEntrySList-RtlQueryDepthSListRtlInterlockedPushEntrySList|NtProtectVirtualMemoryRtlInitString[NtOpenKeyNtQueryValueKeyRtlNtStatusToDosErrorRtlCreateUnicodeStringFromAsciizRtlImageDirectoryEntryToDataRtlTryEnterCriticalSectionNtDelayExecutionRtlLeaveCriticalSectionNtAllocateVirtualMemory'NtFreeVirtualMemoryNtQueryVirtualMemoryNtQuerySystemInformation7EtwEventRegister9EtwEventWrite8EtwEventUnregisterNtTerminateProcessRtlUnhandledExceptionFilterRtlVirtualUnwindRtlLookupFunctionEntry{RtlCaptureContextntdll.dllCreateDirectoryWGetLastErrorKERNEL32.dllLeWriteProcessDataLeWriteManifestDataLeWriteExceptionDataLeUninitializeLeTraceFunctionCallLeInitializeapilogen.dll>AmxSetCurrentStdFnParamByIndexAmxGetStdFnParamInformation@AmxSetGroupByIDAAmxSetTableByOID:AmxIsEOF<AmxReadAmxGetStdFnInformation=AmxResetBuffer?AmxSetCurrentTypeMemberByIndex-AmxGetTypeMemberInformation(AmxGetTypeInformation;AmxOpenManifest AmxGetSignatureAmxCloseManifestamxread.dllRtlCreateHeapeRtlAllocateHeapJRtlFreeHeapJ_vsnprintfwcsrchr)RtlExpandEnvironmentStrings_URtlSystemTimeToLocalTimeRtlTimeToTimeFieldsL_vsnwprintfRtlInitializeCriticalSectionRtlDosPathNameToNtPathName_UNtCreateFileRtlEnterCriticalSection1NtWriteFileOutputDebugStringA__C_specific_handler{memcpymemsetzmemcmp[J2 D`0_GjPo4D?Kd|apihex64.dllGetHookAPIsHeFreeLoadedManifestInfoHeGetLoadedManifestInfoHeGetOriginalAddressForFunctionNameHeGetStubletFunctionAddressHeGetStubletPatchInFunctionAddressHeIsFunctionExcludedHeIsModuleExcludedFromPatchingNotifyShimsffIͫgE#MA2-+] f05G5G57d77T78H88,88888Y9Y9m9Ĵm99Դ99Ĵ9:;H<P<<<===p==\==H=B4BB$BBBBBBBDD+DXDDXD)E`0EEdEE`FFGGGHHJpJVJ\JJKPKANHN1QL8QVVX(X@[H[z\\)_D0_```aa`aZb``bbbtd|deijehphij$k,kkklXlnhnHoDPo