# Flog Txt Version 1 # Analyzer Version: 1.11.0 # Analyzer Build Date: Sep 19 2016 10:58:19 # Log Creation Date: 13.10.2016 14:42 Process: id = "1" image_name = "explorer pro.exe" filename = "c:\\users\\dssdpmx042\\desktop\\explorer pro.exe" page_root = "0x7f17e3e0" os_pid = "0x514" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\DSsDPMx042\\Desktop\\Explorer Pro.exe\" " cur_dir = "C:\\Users\\DSsDPMx042\\Desktop\\" Region: id = 133 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 134 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 135 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 136 start_va = 0x400000 end_va = 0x7aafff entry_point = 0x400000 region_type = mapped_file name = "Explorer Pro.exe" filename = "\\Users\\DSsDPMx042\\Desktop\\Explorer Pro.exe" Region: id = 137 start_va = 0x77440000 end_va = 0x7757bfff entry_point = 0x77440000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 138 start_va = 0x77680000 end_va = 0x77680fff entry_point = 0x77680000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 139 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 140 start_va = 0x7ffd6000 end_va = 0x7ffd6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd6000" filename = "" Region: id = 141 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 142 start_va = 0x2d0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 143 start_va = 0x756d0000 end_va = 0x75719fff entry_point = 0x756d7de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 144 start_va = 0x76d90000 end_va = 0x76e63fff entry_point = 0x76ddbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 145 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 146 start_va = 0x140000 end_va = 0x1a6fff entry_point = 0x140000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 147 start_va = 0x6fb40000 end_va = 0x6fbc3fff entry_point = 0x6fb419a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" Region: id = 148 start_va = 0x75a00000 end_va = 0x75aa0fff entry_point = 0x75a32433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 149 start_va = 0x75ad0000 end_va = 0x75ae8fff entry_point = 0x75ad4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 150 start_va = 0x76b10000 end_va = 0x76b5dfff entry_point = 0x76b19c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 151 start_va = 0x76b60000 end_va = 0x76c0bfff entry_point = 0x76b6a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 152 start_va = 0x76d80000 end_va = 0x76d89fff entry_point = 0x76d8136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 153 start_va = 0x772b0000 end_va = 0x7734cfff entry_point = 0x772e3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 154 start_va = 0x77350000 end_va = 0x773effff entry_point = 0x773649e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 155 start_va = 0x775a0000 end_va = 0x77668fff entry_point = 0x775bd711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 156 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 157 start_va = 0x1b0000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 158 start_va = 0x2a0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 159 start_va = 0x76f70000 end_va = 0x7703bfff entry_point = 0x76f7168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 160 start_va = 0x77580000 end_va = 0x7759efff entry_point = 0x77581355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 161 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 162 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 163 start_va = 0x290000 end_va = 0x291fff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 164 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 165 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 166 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 167 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 168 start_va = 0x7b0000 end_va = 0x8b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 169 start_va = 0x8c0000 end_va = 0x14bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 170 start_va = 0x14c0000 end_va = 0x15b8fff entry_point = 0x0 region_type = private name = "private_0x00000000014c0000" filename = "" Region: id = 171 start_va = 0x1670000 end_va = 0x167ffff entry_point = 0x0 region_type = private name = "private_0x0000000001670000" filename = "" Region: id = 172 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 173 start_va = 0x70d50000 end_va = 0x70d81fff entry_point = 0x70d537f1 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" Region: id = 174 start_va = 0x15c0000 end_va = 0x15cffff entry_point = 0x0 region_type = private name = "private_0x00000000015c0000" filename = "" Region: id = 175 start_va = 0x1680000 end_va = 0x177ffff entry_point = 0x0 region_type = private name = "private_0x0000000001680000" filename = "" Region: id = 176 start_va = 0x1780000 end_va = 0x187ffff entry_point = 0x0 region_type = private name = "private_0x0000000001780000" filename = "" Region: id = 177 start_va = 0x1880000 end_va = 0x197ffff entry_point = 0x0 region_type = private name = "private_0x0000000001880000" filename = "" Region: id = 178 start_va = 0x1980000 end_va = 0x1a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001980000" filename = "" Region: id = 179 start_va = 0x1a80000 end_va = 0x1b7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a80000" filename = "" Region: id = 180 start_va = 0x1b80000 end_va = 0x1c7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b80000" filename = "" Region: id = 181 start_va = 0x1c80000 end_va = 0x1d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 182 start_va = 0x1d80000 end_va = 0x1e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 183 start_va = 0x1e80000 end_va = 0x1f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 184 start_va = 0x1f80000 end_va = 0x207ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 185 start_va = 0x2080000 end_va = 0x217ffff entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 186 start_va = 0x2180000 end_va = 0x227ffff entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 187 start_va = 0x2280000 end_va = 0x237ffff entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 188 start_va = 0x2380000 end_va = 0x247ffff entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 189 start_va = 0x2480000 end_va = 0x257ffff entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 190 start_va = 0x2580000 end_va = 0x267ffff entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 191 start_va = 0x2680000 end_va = 0x277ffff entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 192 start_va = 0x2780000 end_va = 0x287ffff entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 193 start_va = 0x2880000 end_va = 0x297ffff entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 194 start_va = 0x2980000 end_va = 0x2a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 195 start_va = 0x2a80000 end_va = 0x2b7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 196 start_va = 0x2b80000 end_va = 0x2c7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b80000" filename = "" Region: id = 197 start_va = 0x2c80000 end_va = 0x2d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c80000" filename = "" Region: id = 198 start_va = 0x2d80000 end_va = 0x2e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d80000" filename = "" Region: id = 199 start_va = 0x2e80000 end_va = 0x2f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e80000" filename = "" Region: id = 200 start_va = 0x7ffa3000 end_va = 0x7ffa3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa3000" filename = "" Region: id = 201 start_va = 0x7ffa4000 end_va = 0x7ffa4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa4000" filename = "" Region: id = 202 start_va = 0x7ffa5000 end_va = 0x7ffa5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa5000" filename = "" Region: id = 203 start_va = 0x7ffa6000 end_va = 0x7ffa6fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa6000" filename = "" Region: id = 204 start_va = 0x7ffa7000 end_va = 0x7ffa7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa7000" filename = "" Region: id = 205 start_va = 0x7ffa8000 end_va = 0x7ffa8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa8000" filename = "" Region: id = 206 start_va = 0x7ffa9000 end_va = 0x7ffa9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa9000" filename = "" Region: id = 207 start_va = 0x7ffaa000 end_va = 0x7ffaafff entry_point = 0x0 region_type = private name = "private_0x000000007ffaa000" filename = "" Region: id = 208 start_va = 0x7ffab000 end_va = 0x7ffabfff entry_point = 0x0 region_type = private name = "private_0x000000007ffab000" filename = "" Region: id = 209 start_va = 0x7ffac000 end_va = 0x7ffacfff entry_point = 0x0 region_type = private name = "private_0x000000007ffac000" filename = "" Region: id = 210 start_va = 0x7ffad000 end_va = 0x7ffadfff entry_point = 0x0 region_type = private name = "private_0x000000007ffad000" filename = "" Region: id = 211 start_va = 0x7ffae000 end_va = 0x7ffaefff entry_point = 0x0 region_type = private name = "private_0x000000007ffae000" filename = "" Region: id = 212 start_va = 0x7ffaf000 end_va = 0x7ffaffff entry_point = 0x0 region_type = private name = "private_0x000000007ffaf000" filename = "" Region: id = 213 start_va = 0x7ffd3000 end_va = 0x7ffd3fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd3000" filename = "" Region: id = 214 start_va = 0x7ffd4000 end_va = 0x7ffd4fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd4000" filename = "" Region: id = 215 start_va = 0x7ffd5000 end_va = 0x7ffd5fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd5000" filename = "" Region: id = 216 start_va = 0x7ffd7000 end_va = 0x7ffd7fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd7000" filename = "" Region: id = 217 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 218 start_va = 0x7ffd9000 end_va = 0x7ffd9fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd9000" filename = "" Region: id = 219 start_va = 0x7ffda000 end_va = 0x7ffdafff entry_point = 0x0 region_type = private name = "private_0x000000007ffda000" filename = "" Region: id = 220 start_va = 0x7ffdb000 end_va = 0x7ffdbfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdb000" filename = "" Region: id = 221 start_va = 0x7ffdc000 end_va = 0x7ffdcfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdc000" filename = "" Region: id = 222 start_va = 0x7ffdd000 end_va = 0x7ffddfff entry_point = 0x0 region_type = private name = "private_0x000000007ffdd000" filename = "" Region: id = 223 start_va = 0x7ffde000 end_va = 0x7ffdefff entry_point = 0x0 region_type = private name = "private_0x000000007ffde000" filename = "" Region: id = 224 start_va = 0x2f80000 end_va = 0x324efff entry_point = 0x2f80000 region_type = mapped_file name = "SortDefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" Region: id = 225 start_va = 0x3250000 end_va = 0x365ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003250000" filename = "" Region: id = 226 start_va = 0x3660000 end_va = 0x3a6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003660000" filename = "" Region: id = 227 start_va = 0x15c0000 end_va = 0x15cffff entry_point = 0x0 region_type = private name = "private_0x00000000015c0000" filename = "" Region: id = 228 start_va = 0x15c0000 end_va = 0x15c0fff entry_point = 0x0 region_type = private name = "private_0x00000000015c0000" filename = "" Region: id = 229 start_va = 0x76740000 end_va = 0x767cefff entry_point = 0x76743fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" Region: id = 230 start_va = 0x76c10000 end_va = 0x76d6bfff entry_point = 0x76c5ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" Region: id = 231 start_va = 0x72490000 end_va = 0x724a1fff entry_point = 0x72491200 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" Region: id = 232 start_va = 0x74ae0000 end_va = 0x74ae8fff entry_point = 0x74ae1220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" Region: id = 233 start_va = 0x759a0000 end_va = 0x759f6fff entry_point = 0x759b9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" Region: id = 234 start_va = 0x75af0000 end_va = 0x76739fff entry_point = 0x75b71601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" Region: id = 235 start_va = 0x75600000 end_va = 0x7560bfff entry_point = 0x7560238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" Region: id = 236 start_va = 0x75770000 end_va = 0x7588cfff entry_point = 0x7577158a region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" Region: id = 237 start_va = 0x76830000 end_va = 0x76965fff entry_point = 0x76831b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" Region: id = 238 start_va = 0x76e70000 end_va = 0x76f64fff entry_point = 0x76e71865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" Region: id = 239 start_va = 0x770b0000 end_va = 0x772aafff entry_point = 0x770b22d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" Region: id = 240 start_va = 0x73b50000 end_va = 0x73b5efff entry_point = 0x73b512a1 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" Region: id = 241 start_va = 0x73b60000 end_va = 0x73b68fff entry_point = 0x73b615a6 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" Region: id = 242 start_va = 0x73b70000 end_va = 0x73b80fff entry_point = 0x73b71300 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" Region: id = 243 start_va = 0x75430000 end_va = 0x75448fff entry_point = 0x75431319 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" Region: id = 244 start_va = 0x72730000 end_va = 0x72736fff entry_point = 0x72731120 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\System32\\wsock32.dll" Region: id = 245 start_va = 0x76d70000 end_va = 0x76d75fff entry_point = 0x76d71782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" Region: id = 246 start_va = 0x77070000 end_va = 0x770a4fff entry_point = 0x7707145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" Region: id = 247 start_va = 0x3330000 end_va = 0x336ffff entry_point = 0x0 region_type = private name = "private_0x0000000003330000" filename = "" Region: id = 248 start_va = 0x72650000 end_va = 0x72670fff entry_point = 0x72662e54 region_type = mapped_file name = "msvfw32.dll" filename = "\\Windows\\System32\\msvfw32.dll" Region: id = 249 start_va = 0x72710000 end_va = 0x72722fff entry_point = 0x7271dcd8 region_type = mapped_file name = "avicap32.dll" filename = "\\Windows\\System32\\avicap32.dll" Region: id = 250 start_va = 0x15d0000 end_va = 0x15d6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015d0000" filename = "" Region: id = 251 start_va = 0x15e0000 end_va = 0x15e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015e0000" filename = "" Region: id = 252 start_va = 0x15f0000 end_va = 0x15f1fff entry_point = 0x15f0000 region_type = mapped_file name = "msvfw32.dll.mui" filename = "\\Windows\\System32\\en-US\\msvfw32.dll.mui" Region: id = 253 start_va = 0x1600000 end_va = 0x1601fff entry_point = 0x1600000 region_type = mapped_file name = "avicap32.dll.mui" filename = "\\Windows\\System32\\en-US\\avicap32.dll.mui" Region: id = 254 start_va = 0x1610000 end_va = 0x1640fff entry_point = 0x0 region_type = private name = "private_0x0000000001610000" filename = "" Region: id = 255 start_va = 0x1650000 end_va = 0x1650fff entry_point = 0x0 region_type = private name = "private_0x0000000001650000" filename = "" Region: id = 256 start_va = 0x1660000 end_va = 0x166ffff entry_point = 0x0 region_type = private name = "private_0x0000000001660000" filename = "" Region: id = 257 start_va = 0x1660000 end_va = 0x1660fff entry_point = 0x0 region_type = private name = "private_0x0000000001660000" filename = "" Region: id = 258 start_va = 0x3250000 end_va = 0x326afff entry_point = 0x0 region_type = private name = "private_0x0000000003250000" filename = "" Region: id = 259 start_va = 0x3270000 end_va = 0x3271fff entry_point = 0x0 region_type = private name = "private_0x0000000003270000" filename = "" Region: id = 260 start_va = 0x3280000 end_va = 0x328ffff entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 261 start_va = 0x3290000 end_va = 0x3290fff entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 262 start_va = 0x32a0000 end_va = 0x32a0fff entry_point = 0x0 region_type = private name = "private_0x00000000032a0000" filename = "" Region: id = 263 start_va = 0x32b0000 end_va = 0x32b0fff entry_point = 0x0 region_type = private name = "private_0x00000000032b0000" filename = "" Region: id = 264 start_va = 0x32c0000 end_va = 0x32c1fff entry_point = 0x0 region_type = private name = "private_0x00000000032c0000" filename = "" Region: id = 265 start_va = 0x32d0000 end_va = 0x32d1fff entry_point = 0x0 region_type = private name = "private_0x00000000032d0000" filename = "" Region: id = 266 start_va = 0x32e0000 end_va = 0x32e1fff entry_point = 0x0 region_type = private name = "private_0x00000000032e0000" filename = "" Region: id = 267 start_va = 0x32f0000 end_va = 0x32f0fff entry_point = 0x0 region_type = private name = "private_0x00000000032f0000" filename = "" Region: id = 268 start_va = 0x3300000 end_va = 0x3300fff entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 269 start_va = 0x3310000 end_va = 0x3310fff entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 270 start_va = 0x3320000 end_va = 0x3320fff entry_point = 0x0 region_type = private name = "private_0x0000000003320000" filename = "" Region: id = 271 start_va = 0x3370000 end_va = 0x346ffff entry_point = 0x0 region_type = private name = "private_0x0000000003370000" filename = "" Region: id = 272 start_va = 0x3470000 end_va = 0x3470fff entry_point = 0x0 region_type = private name = "private_0x0000000003470000" filename = "" Region: id = 273 start_va = 0x3480000 end_va = 0x3480fff entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 274 start_va = 0x3490000 end_va = 0x3490fff entry_point = 0x0 region_type = private name = "private_0x0000000003490000" filename = "" Region: id = 275 start_va = 0x34a0000 end_va = 0x34a0fff entry_point = 0x0 region_type = private name = "private_0x00000000034a0000" filename = "" Region: id = 276 start_va = 0x34b0000 end_va = 0x34b0fff entry_point = 0x0 region_type = private name = "private_0x00000000034b0000" filename = "" Region: id = 277 start_va = 0x34c0000 end_va = 0x34c0fff entry_point = 0x0 region_type = private name = "private_0x00000000034c0000" filename = "" Region: id = 278 start_va = 0x34d0000 end_va = 0x34d0fff entry_point = 0x0 region_type = private name = "private_0x00000000034d0000" filename = "" Region: id = 279 start_va = 0x34e0000 end_va = 0x34e0fff entry_point = 0x0 region_type = private name = "private_0x00000000034e0000" filename = "" Region: id = 280 start_va = 0x34f0000 end_va = 0x34f1fff entry_point = 0x0 region_type = private name = "private_0x00000000034f0000" filename = "" Region: id = 281 start_va = 0x3500000 end_va = 0x3500fff entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 282 start_va = 0x3510000 end_va = 0x3510fff entry_point = 0x0 region_type = private name = "private_0x0000000003510000" filename = "" Region: id = 283 start_va = 0x3520000 end_va = 0x3520fff entry_point = 0x0 region_type = private name = "private_0x0000000003520000" filename = "" Region: id = 284 start_va = 0x3530000 end_va = 0x3531fff entry_point = 0x0 region_type = private name = "private_0x0000000003530000" filename = "" Region: id = 285 start_va = 0x3540000 end_va = 0x3540fff entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 286 start_va = 0x3550000 end_va = 0x3550fff entry_point = 0x0 region_type = private name = "private_0x0000000003550000" filename = "" Region: id = 287 start_va = 0x3560000 end_va = 0x3560fff entry_point = 0x0 region_type = private name = "private_0x0000000003560000" filename = "" Region: id = 288 start_va = 0x3570000 end_va = 0x3570fff entry_point = 0x0 region_type = private name = "private_0x0000000003570000" filename = "" Region: id = 289 start_va = 0x3580000 end_va = 0x3580fff entry_point = 0x0 region_type = private name = "private_0x0000000003580000" filename = "" Region: id = 290 start_va = 0x3590000 end_va = 0x3590fff entry_point = 0x0 region_type = private name = "private_0x0000000003590000" filename = "" Region: id = 291 start_va = 0x35a0000 end_va = 0x35a0fff entry_point = 0x0 region_type = private name = "private_0x00000000035a0000" filename = "" Region: id = 292 start_va = 0x35b0000 end_va = 0x35b0fff entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 293 start_va = 0x35c0000 end_va = 0x35c0fff entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 294 start_va = 0x35d0000 end_va = 0x35d0fff entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 295 start_va = 0x35e0000 end_va = 0x35e0fff entry_point = 0x0 region_type = private name = "private_0x00000000035e0000" filename = "" Region: id = 296 start_va = 0x35f0000 end_va = 0x35f0fff entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 297 start_va = 0x3600000 end_va = 0x3600fff entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 298 start_va = 0x3610000 end_va = 0x3610fff entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 299 start_va = 0x3620000 end_va = 0x3620fff entry_point = 0x0 region_type = private name = "private_0x0000000003620000" filename = "" Region: id = 300 start_va = 0x3630000 end_va = 0x3630fff entry_point = 0x0 region_type = private name = "private_0x0000000003630000" filename = "" Region: id = 301 start_va = 0x3640000 end_va = 0x3640fff entry_point = 0x0 region_type = private name = "private_0x0000000003640000" filename = "" Region: id = 302 start_va = 0x3650000 end_va = 0x3650fff entry_point = 0x0 region_type = private name = "private_0x0000000003650000" filename = "" Region: id = 303 start_va = 0x3660000 end_va = 0x3660fff entry_point = 0x0 region_type = private name = "private_0x0000000003660000" filename = "" Region: id = 304 start_va = 0x3670000 end_va = 0x3670fff entry_point = 0x0 region_type = private name = "private_0x0000000003670000" filename = "" Region: id = 305 start_va = 0x3680000 end_va = 0x3680fff entry_point = 0x0 region_type = private name = "private_0x0000000003680000" filename = "" Region: id = 306 start_va = 0x3690000 end_va = 0x3690fff entry_point = 0x0 region_type = private name = "private_0x0000000003690000" filename = "" Region: id = 307 start_va = 0x36a0000 end_va = 0x36a0fff entry_point = 0x0 region_type = private name = "private_0x00000000036a0000" filename = "" Region: id = 308 start_va = 0x36b0000 end_va = 0x36b0fff entry_point = 0x0 region_type = private name = "private_0x00000000036b0000" filename = "" Region: id = 309 start_va = 0x36c0000 end_va = 0x36c0fff entry_point = 0x0 region_type = private name = "private_0x00000000036c0000" filename = "" Region: id = 310 start_va = 0x36d0000 end_va = 0x36d0fff entry_point = 0x0 region_type = private name = "private_0x00000000036d0000" filename = "" Region: id = 311 start_va = 0x36e0000 end_va = 0x36e0fff entry_point = 0x0 region_type = private name = "private_0x00000000036e0000" filename = "" Region: id = 312 start_va = 0x36f0000 end_va = 0x36f0fff entry_point = 0x0 region_type = private name = "private_0x00000000036f0000" filename = "" Region: id = 313 start_va = 0x3700000 end_va = 0x3700fff entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 314 start_va = 0x3710000 end_va = 0x3710fff entry_point = 0x0 region_type = private name = "private_0x0000000003710000" filename = "" Region: id = 315 start_va = 0x3720000 end_va = 0x3720fff entry_point = 0x0 region_type = private name = "private_0x0000000003720000" filename = "" Region: id = 316 start_va = 0x3730000 end_va = 0x3730fff entry_point = 0x0 region_type = private name = "private_0x0000000003730000" filename = "" Region: id = 317 start_va = 0x3740000 end_va = 0x3740fff entry_point = 0x0 region_type = private name = "private_0x0000000003740000" filename = "" Region: id = 318 start_va = 0x3750000 end_va = 0x3750fff entry_point = 0x0 region_type = private name = "private_0x0000000003750000" filename = "" Region: id = 319 start_va = 0x3760000 end_va = 0x3760fff entry_point = 0x0 region_type = private name = "private_0x0000000003760000" filename = "" Region: id = 320 start_va = 0x3770000 end_va = 0x3771fff entry_point = 0x0 region_type = private name = "private_0x0000000003770000" filename = "" Region: id = 321 start_va = 0x3780000 end_va = 0x3780fff entry_point = 0x0 region_type = private name = "private_0x0000000003780000" filename = "" Region: id = 322 start_va = 0x3790000 end_va = 0x3790fff entry_point = 0x0 region_type = private name = "private_0x0000000003790000" filename = "" Region: id = 323 start_va = 0x37a0000 end_va = 0x37a0fff entry_point = 0x0 region_type = private name = "private_0x00000000037a0000" filename = "" Region: id = 324 start_va = 0x37b0000 end_va = 0x37b0fff entry_point = 0x0 region_type = private name = "private_0x00000000037b0000" filename = "" Region: id = 325 start_va = 0x37c0000 end_va = 0x37c0fff entry_point = 0x0 region_type = private name = "private_0x00000000037c0000" filename = "" Region: id = 326 start_va = 0x37d0000 end_va = 0x37d0fff entry_point = 0x0 region_type = private name = "private_0x00000000037d0000" filename = "" Region: id = 327 start_va = 0x7ffa2000 end_va = 0x7ffa2fff entry_point = 0x0 region_type = private name = "private_0x000000007ffa2000" filename = "" Region: id = 328 start_va = 0x37e0000 end_va = 0x37e0fff entry_point = 0x0 region_type = private name = "private_0x00000000037e0000" filename = "" Region: id = 329 start_va = 0x37f0000 end_va = 0x38effff entry_point = 0x0 region_type = private name = "private_0x00000000037f0000" filename = "" Region: id = 330 start_va = 0x74130000 end_va = 0x7416ffff entry_point = 0x7413a2dd region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" Region: id = 331 start_va = 0x3ae0000 end_va = 0x3b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ae0000" filename = "" Region: id = 332 start_va = 0x1610000 end_va = 0x1610fff entry_point = 0x0 region_type = private name = "private_0x0000000001610000" filename = "" Region: id = 333 start_va = 0x38f0000 end_va = 0x39cefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000038f0000" filename = "" Region: id = 334 start_va = 0x73dc0000 end_va = 0x73dd2fff entry_point = 0x73dc1d3f region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" Region: id = 335 start_va = 0x3a20000 end_va = 0x3a5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a20000" filename = "" Thread: id = 1 os_tid = 0x5d4 [0017.995] VirtualAlloc (lpAddress=0x0, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x40) returned 0x290000 [0017.995] VirtualAlloc (lpAddress=0x0, dwSize=0xfc, flAllocationType=0x1000, flProtect=0x40) returned 0x2b0000 [0017.995] VirtualAlloc (lpAddress=0x0, dwSize=0x2f4, flAllocationType=0x1000, flProtect=0x40) returned 0x2c0000 [0017.995] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x3d0000 [0017.995] VirtualAlloc (lpAddress=0x0, dwSize=0xf8691, flAllocationType=0x1000, flProtect=0x40) returned 0x14c0000 [0018.035] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x3e0000 [0018.038] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x775a0000 [0018.039] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77350000 [0018.039] LoadLibraryA (lpLibFileName="NTDLL.dll") returned 0x77440000 [0018.040] GetLocalTime (in: lpSystemTime=0x6e4b6e | out: lpSystemTime=0x6e4b6e*(wYear=0x7e0, wMonth=0xa, wDayOfWeek=0x4, wDay=0xd, wHour=0x10, wMinute=0x2b, wSecond=0x4, wMilliseconds=0x104)) [0018.048] CreateFileA (lpFileName="\\\\.\\SICE" (normalized: "sice"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0018.054] CreateFileA (lpFileName="\\\\.\\SIWVID" (normalized: "siwvid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0018.060] CreateFileA (lpFileName="\\\\.\\NTICE" (normalized: "ntice"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0018.076] SetEnvironmentVariableA (lpName="WLProjectName", lpValue="ÉÏÐË2008_0218DHorse") returned 1 [0018.076] SetEnvironmentVariableA (lpName="WLProtectionDateTime", lpValue="2008-8-17 19:39:16") returned 1 [0018.077] GetCommandLineA () returned="\"C:\\Users\\DSsDPMx042\\Desktop\\Explorer Pro.exe\" " [0018.078] GetVersionExA (in: lpVersionInformation=0x6f748b*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x6f748b*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0018.079] GetProcAddress (hModule=0x76d90000, lpProcName="GetNativeSystemInfo") returned 0x76dcbe77 [0018.079] GetNativeSystemInfo (in: lpSystemInfo=0x6f7466 | out: lpSystemInfo=0x6f7466*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x3e04)) [0018.080] GetVersion () returned 0x1db10106 [0018.080] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName="XprotEvent") returned 0x40 [0018.080] WaitForSingleObject (hHandle=0x40, dwMilliseconds=0xffffffff) returned 0x0 [0018.080] LoadLibraryA (lpLibFileName="ADVAPI32.DLL") returned 0x77350000 [0018.080] GetProcAddress (hModule=0x77350000, lpProcName="OpenSCManagerA") returned 0x77362bd8 [0018.080] GetProcAddress (hModule=0x77350000, lpProcName="ControlService") returned 0x77377144 [0018.080] GetProcAddress (hModule=0x77350000, lpProcName="DeleteService") returned 0x7737715c [0018.080] GetProcAddress (hModule=0x77350000, lpProcName="OpenServiceA") returned 0x77362bf0 [0018.080] GetProcAddress (hModule=0x77350000, lpProcName="CloseServiceHandle") returned 0x7736369c [0018.080] GetProcAddress (hModule=0x77350000, lpProcName="CreateServiceA") returned 0x77393158 [0018.081] GetProcAddress (hModule=0x77350000, lpProcName="StartServiceA") returned 0x77393543 [0018.081] GetEnvironmentVariableA (in: lpName="SYSTEMROOT", lpBuffer=0x6f659c, nSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0018.084] GetVersionExA (in: lpVersionInformation=0x6fd9a2*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x6fd9a2*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0018.085] GetSystemDirectoryA (in: lpBuffer=0x6311c1, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0018.091] CloseHandle (hObject=0x0) returned 0 [0018.091] CloseHandle (hObject=0x0) returned 0 [0018.091] CloseHandle (hObject=0x0) returned 0 [0018.091] RegCreateKeyA (in: hKey=0x80000002, lpSubKey="Software\\WinLicense", phkResult=0x6e65b0 | out: phkResult=0x6e65b0*=0x44) returned 0x0 [0018.092] RegSetValueExA (in: hKey=0x44, lpValueName="CheckIN", Reserved=0x0, dwType=0x4, lpData=0x6e65b4*=0x1, cbData=0x4 | out: lpData=0x6e65b4*=0x1) returned 0x0 [0018.092] RegCloseKey (hKey=0x44) returned 0x0 [0018.094] OutputDebugStringA (lpOutputString="\r\n\n\n%s------------------------------------------------\n\r--- WinLicense Professional ---\n\r--- (c)2007 Oreans Technologies ---\n\r------------------------------------------------\r\n\n\n") [0018.095] VirtualAlloc (lpAddress=0x0, dwSize=0x2ec, flAllocationType=0x1000, flProtect=0x4) returned 0x3f0000 [0018.096] GetCurrentProcessId () returned 0x514 [0018.096] LoadLibraryA (lpLibFileName="NTDLL") returned 0x77440000 [0018.097] GetProcAddress (hModule=0x77440000, lpProcName="NtOpenThread") returned 0x77485e08 [0018.097] LoadLibraryA (lpLibFileName="winmm.dll") returned 0x70d50000 [0018.129] GetProcAddress (hModule=0x70d50000, lpProcName="timeGetTime") returned 0x70d526e0 [0018.129] timeGetTime () returned 0xdb60 [0018.130] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70b160, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x5a0) returned 0x50 [0018.130] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70bc28, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x5e4) returned 0x54 [0018.131] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70cc99, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x698) returned 0x58 [0018.131] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70d900, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x634) returned 0x5c [0018.132] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70e35a, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x614) returned 0x60 [0018.132] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70ed71, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x658) returned 0x64 [0018.133] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70f85c, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x65c) returned 0x68 [0018.134] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x710262, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x498) returned 0x6c [0018.138] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x70 [0018.138] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x74 [0018.138] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x78 [0018.138] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x7c [0018.138] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x80 [0018.138] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x84 [0018.138] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x88 [0018.138] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8c [0018.139] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x90 [0018.139] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x94 [0018.139] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x98 [0018.139] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9c [0018.139] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa0 [0018.139] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa4 [0018.139] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa8 [0018.139] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac [0018.139] timeGetTime () returned 0xdb6f [0018.139] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x711db0, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x4f4) returned 0xb0 [0018.140] SetThreadPriority (hThread=0xb0, nPriority=2) returned 1 [0018.140] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x712e81, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x510) returned 0xb4 [0018.141] SetThreadPriority (hThread=0xb4, nPriority=2) returned 1 [0018.141] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x713f37, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x494) returned 0xb8 [0018.142] SetThreadPriority (hThread=0xb8, nPriority=2) returned 1 [0018.142] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x714f83, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x5ec) returned 0xbc [0018.143] SetThreadPriority (hThread=0xbc, nPriority=2) returned 1 [0018.143] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x715f5d, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x60c) returned 0xc0 [0018.143] SetThreadPriority (hThread=0xc0, nPriority=2) returned 1 [0018.144] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x716f80, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x3bc) returned 0xc4 [0018.144] SetThreadPriority (hThread=0xc4, nPriority=2) returned 1 [0018.145] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x718031, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x3c4) returned 0xc8 [0018.145] SetThreadPriority (hThread=0xc8, nPriority=2) returned 1 [0018.146] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x718fca, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x16c) returned 0xcc [0018.146] SetThreadPriority (hThread=0xcc, nPriority=2) returned 1 [0018.147] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x719f0d, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x718) returned 0xd0 [0018.147] SetThreadPriority (hThread=0xd0, nPriority=2) returned 1 [0018.148] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x71af76, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x704) returned 0xd4 [0018.148] SetThreadPriority (hThread=0xd4, nPriority=2) returned 1 [0018.149] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x71bf1c, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x4c4) returned 0xd8 [0018.149] SetThreadPriority (hThread=0xd8, nPriority=2) returned 1 [0018.150] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x71cf0a, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x394) returned 0xdc [0018.150] SetThreadPriority (hThread=0xdc, nPriority=2) returned 1 [0018.151] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x71def5, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x118) returned 0xe0 [0018.151] SetThreadPriority (hThread=0xe0, nPriority=2) returned 1 [0018.152] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x71efe8, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x180) returned 0xe4 [0018.152] SetThreadPriority (hThread=0xe4, nPriority=2) returned 1 [0018.152] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x71ff21, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x4cc) returned 0xe8 [0018.153] SetThreadPriority (hThread=0xe8, nPriority=2) returned 1 [0018.154] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x720f47, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x7a8) returned 0xec [0018.154] SetThreadPriority (hThread=0xec, nPriority=2) returned 1 [0018.155] SetEvent (hEvent=0xa0) returned 1 [0018.155] Sleep (dwMilliseconds=0x0) [0018.169] SetEvent (hEvent=0x84) returned 1 [0018.169] Sleep (dwMilliseconds=0x0) [0018.179] SetEnvironmentVariableA (lpName="WLNumDLLsProt", lpValue="0") returned 1 [0018.179] SetEvent (hEvent=0x8c) returned 1 [0018.180] Sleep (dwMilliseconds=0x0) [0018.185] SetEvent (hEvent=0x78) returned 1 [0018.186] Sleep (dwMilliseconds=0x0) [0018.198] SetEvent (hEvent=0x80) returned 1 [0018.198] Sleep (dwMilliseconds=0x0) [0018.205] SetEvent (hEvent=0x94) returned 1 [0018.205] Sleep (dwMilliseconds=0x0) [0018.206] GetForegroundWindow () returned 0x1003a [0018.206] GetWindowTextA (in: hWnd=0x1003a, lpString=0x7231fa, nMaxCount=100 | out: lpString="Start") returned 5 [0018.208] SetEvent (hEvent=0xac) returned 1 [0018.208] Sleep (dwMilliseconds=0x0) [0018.210] SetEvent (hEvent=0x94) returned 1 [0018.210] Sleep (dwMilliseconds=0x0) [0018.211] SetEvent (hEvent=0x94) returned 1 [0018.211] Sleep (dwMilliseconds=0x0) [0018.215] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x15c0000 [0018.216] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77440000 [0018.216] GetProcAddress (hModule=0x77440000, lpProcName="NtQuerySystemInformation") returned 0x774861f8 [0018.216] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x15c0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x15c0000, ResultLength=0x0) returned 0x0 [0018.218] lstrcmpiA (lpString1="ntice.sys", lpString2="ntkrnlpa.exe") returned -1 [0018.219] lstrcmpiA (lpString1="ntice.sys", lpString2="halmacpi.dll") returned 1 [0018.219] lstrcmpiA (lpString1="ntice.sys", lpString2="kdcom.dll") returned 1 [0018.219] lstrcmpiA (lpString1="ntice.sys", lpString2="mcupdate_GenuineIntel.dll") returned 1 [0018.219] lstrcmpiA (lpString1="ntice.sys", lpString2="PSHED.dll") returned -1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="BOOTVID.dll") returned 1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="CLFS.SYS") returned 1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="CI.dll") returned 1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="Wdf01000.sys") returned -1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="WDFLDR.SYS") returned -1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="ACPI.sys") returned 1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="WMILIB.SYS") returned -1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="msisadrv.sys") returned 1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="pci.sys") returned -1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="vdrvroot.sys") returned -1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="partmgr.sys") returned -1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="volmgr.sys") returned -1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="volmgrx.sys") returned -1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="mountmgr.sys") returned 1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="atapi.sys") returned 1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="ataport.SYS") returned 1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="msahci.sys") returned 1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="PCIIDEX.SYS") returned -1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="amdxata.sys") returned 1 [0018.220] lstrcmpiA (lpString1="ntice.sys", lpString2="fltmgr.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="fileinfo.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="Ntfs.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="msrpc.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="ksecdd.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="cng.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="pcw.sys") returned -1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="Fs_Rec.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="ndis.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="NETIO.SYS") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="ksecpkg.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="tcpip.sys") returned -1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="fwpkclnt.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="vmstorfl.sys") returned -1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="volsnap.sys") returned -1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="spldr.sys") returned -1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="rdyboost.sys") returned -1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="mup.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="hwpolicy.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="fvevol.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="disk.sys") returned 1 [0018.221] lstrcmpiA (lpString1="ntice.sys", lpString2="CLASSPNP.SYS") returned 1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="Null.SYS") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="Beep.SYS") returned 1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="vga.sys") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="VIDEOPRT.SYS") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="watchdog.sys") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="RDPCDD.sys") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="rdpencdd.sys") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="rdprefmp.sys") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="Msfs.SYS") returned 1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="Npfs.SYS") returned 1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="tdx.sys") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="TDI.SYS") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="afd.sys") returned 1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="netbt.sys") returned 1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="wfplwf.sys") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="pacer.sys") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="netbios.sys") returned 1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="wanarp.sys") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="termdd.sys") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="rdbss.sys") returned -1 [0018.222] lstrcmpiA (lpString1="ntice.sys", lpString2="nsiproxy.sys") returned 1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="mssmbios.sys") returned 1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="discache.sys") returned 1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="csc.sys") returned 1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="dfsc.sys") returned 1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="blbdrive.sys") returned 1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="tunnel.sys") returned -1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="vgapnp.sys") returned -1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="HDAudBus.sys") returned 1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="usbehci.sys") returned -1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="USBPORT.SYS") returned -1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="intelppm.sys") returned 1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="CompositeBus.sys") returned 1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="AgileVpn.sys") returned 1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="rasl2tp.sys") returned -1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="ndistapi.sys") returned 1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="ndiswan.sys") returned 1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="raspppoe.sys") returned -1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="raspptp.sys") returned -1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="rassstp.sys") returned -1 [0018.223] lstrcmpiA (lpString1="ntice.sys", lpString2="rdpbus.sys") returned -1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="kbdclass.sys") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="mouclass.sys") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="swenum.sys") returned -1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="ks.sys") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="umbus.sys") returned -1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="usbhub.sys") returned -1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="NDProxy.SYS") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="HdAudio.sys") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="portcls.sys") returned -1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="drmk.sys") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="crashdmp.sys") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="dump_dumpata.sys") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="dump_msahci.sys") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="dump_dumpfve.sys") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="win32k.sys") returned -1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="Dxapi.sys") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="dxg.sys") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="monitor.sys") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="TSDDD.dll") returned -1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="framebuf.dll") returned 1 [0018.224] lstrcmpiA (lpString1="ntice.sys", lpString2="hidusb.sys") returned 1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="HIDCLASS.SYS") returned 1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="HIDPARSE.SYS") returned 1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="USBD.SYS") returned -1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="kbdhid.sys") returned 1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="mouhid.sys") returned 1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="luafv.sys") returned 1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="lltdio.sys") returned 1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="rspndr.sys") returned -1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="HTTP.sys") returned 1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="bowser.sys") returned 1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="mpsdrv.sys") returned 1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="mrxsmb.sys") returned 1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="mrxsmb10.sys") returned 1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="mrxsmb20.sys") returned 1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="peauth.sys") returned -1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="secdrv.SYS") returned -1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="srvnet.sys") returned -1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="tcpipreg.sys") returned -1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="srv2.sys") returned -1 [0018.225] lstrcmpiA (lpString1="ntice.sys", lpString2="srv.sys") returned -1 [0018.226] lstrcmpiA (lpString1="ntice.sys", lpString2="E1G60I32.sys") returned 1 [0018.226] lstrcmpiA (lpString1="ntice.sys", lpString2="ntdll.dll") returned 1 [0018.226] lstrcmpiA (lpString1="ntice.sys", lpString2="smss.exe") returned -1 [0018.226] lstrcmpiA (lpString1="ntice.sys", lpString2="apisetschema.dll") returned 1 [0018.226] lstrcmpiA (lpString1="ntice.sys", lpString2="autochk.exe") returned 1 [0018.227] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x15c0000 [0018.228] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77440000 [0018.228] GetProcAddress (hModule=0x77440000, lpProcName="NtQuerySystemInformation") returned 0x774861f8 [0018.228] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x15c0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x15c0000, ResultLength=0x0) returned 0x0 [0018.230] lstrcmpiA (lpString1="iceext.sys", lpString2="ntkrnlpa.exe") returned -1 [0018.230] lstrcmpiA (lpString1="iceext.sys", lpString2="halmacpi.dll") returned 1 [0018.230] lstrcmpiA (lpString1="iceext.sys", lpString2="kdcom.dll") returned -1 [0018.230] lstrcmpiA (lpString1="iceext.sys", lpString2="mcupdate_GenuineIntel.dll") returned -1 [0018.230] lstrcmpiA (lpString1="iceext.sys", lpString2="PSHED.dll") returned -1 [0018.230] lstrcmpiA (lpString1="iceext.sys", lpString2="BOOTVID.dll") returned 1 [0018.230] lstrcmpiA (lpString1="iceext.sys", lpString2="CLFS.SYS") returned 1 [0018.230] lstrcmpiA (lpString1="iceext.sys", lpString2="CI.dll") returned 1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="Wdf01000.sys") returned -1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="WDFLDR.SYS") returned -1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="ACPI.sys") returned 1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="WMILIB.SYS") returned -1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="msisadrv.sys") returned -1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="pci.sys") returned -1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="vdrvroot.sys") returned -1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="partmgr.sys") returned -1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="volmgr.sys") returned -1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="volmgrx.sys") returned -1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="mountmgr.sys") returned -1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="atapi.sys") returned 1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="ataport.SYS") returned 1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="msahci.sys") returned -1 [0018.231] lstrcmpiA (lpString1="iceext.sys", lpString2="PCIIDEX.SYS") returned -1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="amdxata.sys") returned 1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="fltmgr.sys") returned 1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="fileinfo.sys") returned 1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="Ntfs.sys") returned -1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="msrpc.sys") returned -1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="ksecdd.sys") returned -1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="cng.sys") returned 1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="pcw.sys") returned -1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="Fs_Rec.sys") returned 1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="ndis.sys") returned -1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="NETIO.SYS") returned -1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="ksecpkg.sys") returned -1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="tcpip.sys") returned -1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="fwpkclnt.sys") returned 1 [0018.232] lstrcmpiA (lpString1="iceext.sys", lpString2="vmstorfl.sys") returned -1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="volsnap.sys") returned -1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="spldr.sys") returned -1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="rdyboost.sys") returned -1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="mup.sys") returned -1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="hwpolicy.sys") returned 1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="fvevol.sys") returned 1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="disk.sys") returned 1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="CLASSPNP.SYS") returned 1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="Null.SYS") returned -1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="Beep.SYS") returned 1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="vga.sys") returned -1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="VIDEOPRT.SYS") returned -1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="watchdog.sys") returned -1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="RDPCDD.sys") returned -1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="rdpencdd.sys") returned -1 [0018.233] lstrcmpiA (lpString1="iceext.sys", lpString2="rdprefmp.sys") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="Msfs.SYS") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="Npfs.SYS") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="tdx.sys") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="TDI.SYS") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="afd.sys") returned 1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="netbt.sys") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="wfplwf.sys") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="pacer.sys") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="netbios.sys") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="wanarp.sys") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="termdd.sys") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="rdbss.sys") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="nsiproxy.sys") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="mssmbios.sys") returned -1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="discache.sys") returned 1 [0018.234] lstrcmpiA (lpString1="iceext.sys", lpString2="csc.sys") returned 1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="dfsc.sys") returned 1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="blbdrive.sys") returned 1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="tunnel.sys") returned -1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="vgapnp.sys") returned -1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="HDAudBus.sys") returned 1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="usbehci.sys") returned -1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="USBPORT.SYS") returned -1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="intelppm.sys") returned -1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="CompositeBus.sys") returned 1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="AgileVpn.sys") returned 1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="rasl2tp.sys") returned -1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="ndistapi.sys") returned -1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="ndiswan.sys") returned -1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="raspppoe.sys") returned -1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="raspptp.sys") returned -1 [0018.235] lstrcmpiA (lpString1="iceext.sys", lpString2="rassstp.sys") returned -1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="rdpbus.sys") returned -1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="kbdclass.sys") returned -1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="mouclass.sys") returned -1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="swenum.sys") returned -1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="ks.sys") returned -1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="umbus.sys") returned -1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="usbhub.sys") returned -1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="NDProxy.SYS") returned -1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="HdAudio.sys") returned 1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="portcls.sys") returned -1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="drmk.sys") returned 1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="crashdmp.sys") returned 1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="dump_dumpata.sys") returned 1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="dump_msahci.sys") returned 1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="dump_dumpfve.sys") returned 1 [0018.236] lstrcmpiA (lpString1="iceext.sys", lpString2="win32k.sys") returned -1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="Dxapi.sys") returned 1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="dxg.sys") returned 1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="monitor.sys") returned -1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="TSDDD.dll") returned -1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="framebuf.dll") returned 1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="hidusb.sys") returned 1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="HIDCLASS.SYS") returned 1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="HIDPARSE.SYS") returned 1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="USBD.SYS") returned -1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="kbdhid.sys") returned -1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="mouhid.sys") returned -1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="luafv.sys") returned -1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="lltdio.sys") returned -1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="rspndr.sys") returned -1 [0018.237] lstrcmpiA (lpString1="iceext.sys", lpString2="HTTP.sys") returned 1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="bowser.sys") returned 1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="mpsdrv.sys") returned -1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="mrxsmb.sys") returned -1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="mrxsmb10.sys") returned -1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="mrxsmb20.sys") returned -1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="peauth.sys") returned -1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="secdrv.SYS") returned -1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="srvnet.sys") returned -1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="tcpipreg.sys") returned -1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="srv2.sys") returned -1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="srv.sys") returned -1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="E1G60I32.sys") returned 1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="ntdll.dll") returned -1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="smss.exe") returned -1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="apisetschema.dll") returned 1 [0018.238] lstrcmpiA (lpString1="iceext.sys", lpString2="autochk.exe") returned 1 [0018.241] FindWindowA (lpClassName="OLLYDBG", lpWindowName=0x0) returned 0x0 [0018.241] FindWindowA (lpClassName="GBDYLLO", lpWindowName=0x0) returned 0x0 [0018.242] FindWindowA (lpClassName="pediy06", lpWindowName=0x0) returned 0x0 [0018.242] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0xf8 [0018.266] Process32First (in: hSnapshot=0xf8, lppe=0x72dd66 | out: lppe=0x72dd66*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0018.267] Process32Next (in: hSnapshot=0xf8, lppe=0x72dd66 | out: lppe=0x72dd66*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0018.280] SetEvent (hEvent=0x94) returned 1 [0018.280] Sleep (dwMilliseconds=0x0) [0018.290] SetEvent (hEvent=0x80) returned 1 [0018.290] Sleep (dwMilliseconds=0x0) [0018.291] SetEvent (hEvent=0xa0) returned 1 [0018.292] Sleep (dwMilliseconds=0x0) [0018.297] GetVersionExA (in: lpVersionInformation=0x7344b2*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x7344b2*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0018.297] IsDebuggerPresent () returned 0 [0018.298] SetEvent (hEvent=0x84) returned 1 [0018.298] Sleep (dwMilliseconds=0x0) [0018.307] FindWindowA (lpClassName="FilemonClass", lpWindowName=0x0) returned 0x0 [0018.307] FindWindowA (lpClassName=0x0, lpWindowName="File Monitor - Sysinternals: www.sysinternals.com") returned 0x0 [0018.307] FindWindowA (lpClassName="PROCMON_WINDOW_CLASS", lpWindowName=0x0) returned 0x0 [0018.308] FindWindowA (lpClassName=0x0, lpWindowName="Process Monitor - Sysinternals: www.sysinternals.com") returned 0x0 [0018.308] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x15c0000 [0018.308] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77440000 [0018.309] GetProcAddress (hModule=0x77440000, lpProcName="NtQuerySystemInformation") returned 0x774861f8 [0018.309] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x15c0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x15c0000, ResultLength=0x0) returned 0x0 [0018.310] lstrcmpiA (lpString1="Filem", lpString2="ntkrn") returned -1 [0018.310] lstrcmpiA (lpString1="Filem", lpString2="halma") returned -1 [0018.310] lstrcmpiA (lpString1="Filem", lpString2="kdcom") returned -1 [0018.310] lstrcmpiA (lpString1="Filem", lpString2="mcupd") returned -1 [0018.310] lstrcmpiA (lpString1="Filem", lpString2="PSHED") returned -1 [0018.310] lstrcmpiA (lpString1="Filem", lpString2="BOOTV") returned 1 [0018.310] lstrcmpiA (lpString1="Filem", lpString2="CLFS.") returned 1 [0018.310] lstrcmpiA (lpString1="Filem", lpString2="CI.dl") returned 1 [0018.310] lstrcmpiA (lpString1="Filem", lpString2="Wdf01") returned -1 [0018.310] lstrcmpiA (lpString1="Filem", lpString2="WDFLD") returned -1 [0018.310] lstrcmpiA (lpString1="Filem", lpString2="ACPI.") returned 1 [0018.310] lstrcmpiA (lpString1="Filem", lpString2="WMILI") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="msisa") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="pci.s") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="vdrvr") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="partm") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="volmg") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="volmg") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="mount") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="atapi") returned 1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="atapo") returned 1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="msahc") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="PCIID") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="amdxa") returned 1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="fltmg") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="filei") returned 1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="Ntfs.") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="msrpc") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="ksecd") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="cng.s") returned 1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="pcw.s") returned -1 [0018.311] lstrcmpiA (lpString1="Filem", lpString2="Fs_Re") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="ndis.") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="NETIO") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="ksecp") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="tcpip") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="fwpkc") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="vmsto") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="volsn") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="spldr") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="rdybo") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="mup.s") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="hwpol") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="fvevo") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="disk.") returned 1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="CLASS") returned 1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="Null.") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="Beep.") returned 1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="vga.s") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="VIDEO") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="watch") returned -1 [0018.312] lstrcmpiA (lpString1="Filem", lpString2="RDPCD") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="rdpen") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="rdpre") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="Msfs.") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="Npfs.") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="tdx.s") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="TDI.S") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="afd.s") returned 1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="netbt") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="wfplw") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="pacer") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="netbi") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="wanar") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="termd") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="rdbss") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="nsipr") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="mssmb") returned -1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="disca") returned 1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="csc.s") returned 1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="dfsc.") returned 1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="blbdr") returned 1 [0018.313] lstrcmpiA (lpString1="Filem", lpString2="tunne") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="vgapn") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="HDAud") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="usbeh") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="USBPO") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="intel") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="Compo") returned 1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="Agile") returned 1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="rasl2") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="ndist") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="ndisw") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="raspp") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="raspp") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="rasss") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="rdpbu") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="kbdcl") returned -1 [0018.314] lstrcmpiA (lpString1="Filem", lpString2="moucl") returned -1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="swenu") returned -1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="ks.sy") returned -1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="umbus") returned -1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="usbhu") returned -1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="NDPro") returned -1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="HdAud") returned -1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="portc") returned -1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="drmk.") returned 1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="crash") returned 1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="dump_") returned 1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="dump_") returned 1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="dump_") returned 1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="win32") returned -1 [0018.315] lstrcmpiA (lpString1="Filem", lpString2="Dxapi") returned 1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="dxg.s") returned 1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="monit") returned -1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="TSDDD") returned -1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="frame") returned -1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="hidus") returned -1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="HIDCL") returned -1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="HIDPA") returned -1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="USBD.") returned -1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="kbdhi") returned -1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="mouhi") returned -1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="luafv") returned -1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="lltdi") returned -1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="rspnd") returned -1 [0018.316] lstrcmpiA (lpString1="Filem", lpString2="HTTP.") returned -1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="bowse") returned 1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="mpsdr") returned -1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="mrxsm") returned -1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="mrxsm") returned -1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="mrxsm") returned -1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="peaut") returned -1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="secdr") returned -1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="srvne") returned -1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="tcpip") returned -1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="srv2.") returned -1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="srv.s") returned -1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="E1G60") returned 1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="ntdll") returned -1 [0018.317] lstrcmpiA (lpString1="Filem", lpString2="smss.") returned -1 [0018.318] lstrcmpiA (lpString1="Filem", lpString2="apise") returned 1 [0018.318] lstrcmpiA (lpString1="Filem", lpString2="autoc") returned 1 [0018.319] SetEvent (hEvent=0x9c) returned 1 [0018.319] Sleep (dwMilliseconds=0x0) [0018.322] VirtualAlloc (lpAddress=0x0, dwSize=0x3e8, flAllocationType=0x1000, flProtect=0x4) returned 0x15c0000 [0018.322] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x15c0000, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x15c0000, ReturnLength=0x0) returned 0x0 [0018.324] FindWindowA (lpClassName="RegmonClass", lpWindowName=0x0) returned 0x0 [0018.324] FindWindowA (lpClassName=0x0, lpWindowName="Registry Monitor - Sysinternals: www.sysinternals.com") returned 0x0 [0018.325] FindWindowA (lpClassName="18467-41", lpWindowName=0x0) returned 0x0 [0018.325] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x15c0000 [0018.325] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77440000 [0018.325] GetProcAddress (hModule=0x77440000, lpProcName="NtQuerySystemInformation") returned 0x774861f8 [0018.325] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x15c0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x15c0000, ResultLength=0x0) returned 0x0 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="ntkrnlpa.exe") returned 1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="halmacpi.dll") returned 1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="kdcom.dll") returned 1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="mcupdate_GenuineIntel.dll") returned 1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="PSHED.dll") returned 1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="BOOTVID.dll") returned 1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="CLFS.SYS") returned 1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="CI.dll") returned 1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="Wdf01000.sys") returned -1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="WDFLDR.SYS") returned -1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="ACPI.sys") returned 1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="WMILIB.SYS") returned -1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="msisadrv.sys") returned 1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="pci.sys") returned 1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="vdrvroot.sys") returned -1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="partmgr.sys") returned 1 [0018.327] lstrcmpiA (lpString1="REGMON.sys", lpString2="volmgr.sys") returned -1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="volmgrx.sys") returned -1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="mountmgr.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="atapi.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="ataport.SYS") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="msahci.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="PCIIDEX.SYS") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="amdxata.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="fltmgr.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="fileinfo.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="Ntfs.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="msrpc.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="ksecdd.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="cng.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="pcw.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="Fs_Rec.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="ndis.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="NETIO.SYS") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="ksecpkg.sys") returned 1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="tcpip.sys") returned -1 [0018.328] lstrcmpiA (lpString1="REGMON.sys", lpString2="fwpkclnt.sys") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="vmstorfl.sys") returned -1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="volsnap.sys") returned -1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="spldr.sys") returned -1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="rdyboost.sys") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="mup.sys") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="hwpolicy.sys") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="fvevol.sys") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="disk.sys") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="CLASSPNP.SYS") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="Null.SYS") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="Beep.SYS") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="vga.sys") returned -1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="VIDEOPRT.SYS") returned -1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="watchdog.sys") returned -1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="RDPCDD.sys") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="rdpencdd.sys") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="rdprefmp.sys") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="Msfs.SYS") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="Npfs.SYS") returned 1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="tdx.sys") returned -1 [0018.329] lstrcmpiA (lpString1="REGMON.sys", lpString2="TDI.SYS") returned -1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="afd.sys") returned 1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="netbt.sys") returned 1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="wfplwf.sys") returned -1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="pacer.sys") returned 1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="netbios.sys") returned 1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="wanarp.sys") returned -1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="termdd.sys") returned -1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="rdbss.sys") returned 1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="nsiproxy.sys") returned 1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="mssmbios.sys") returned 1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="discache.sys") returned 1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="csc.sys") returned 1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="dfsc.sys") returned 1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="blbdrive.sys") returned 1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="tunnel.sys") returned -1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="vgapnp.sys") returned -1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="HDAudBus.sys") returned 1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="usbehci.sys") returned -1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="USBPORT.SYS") returned -1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="intelppm.sys") returned 1 [0018.330] lstrcmpiA (lpString1="REGMON.sys", lpString2="CompositeBus.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="AgileVpn.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="rasl2tp.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="ndistapi.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="ndiswan.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="raspppoe.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="raspptp.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="rassstp.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="rdpbus.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="kbdclass.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="mouclass.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="swenum.sys") returned -1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="ks.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="umbus.sys") returned -1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="usbhub.sys") returned -1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="NDProxy.SYS") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="HdAudio.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="portcls.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="drmk.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="crashdmp.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="dump_dumpata.sys") returned 1 [0018.331] lstrcmpiA (lpString1="REGMON.sys", lpString2="dump_msahci.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="dump_dumpfve.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="win32k.sys") returned -1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="Dxapi.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="dxg.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="monitor.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="TSDDD.dll") returned -1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="framebuf.dll") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="hidusb.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="HIDCLASS.SYS") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="HIDPARSE.SYS") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="USBD.SYS") returned -1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="kbdhid.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="mouhid.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="luafv.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="lltdio.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="rspndr.sys") returned -1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="HTTP.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="bowser.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="mpsdrv.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="mrxsmb.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="mrxsmb10.sys") returned 1 [0018.332] lstrcmpiA (lpString1="REGMON.sys", lpString2="mrxsmb20.sys") returned 1 [0018.333] lstrcmpiA (lpString1="REGMON.sys", lpString2="peauth.sys") returned 1 [0018.333] lstrcmpiA (lpString1="REGMON.sys", lpString2="secdrv.SYS") returned -1 [0018.333] lstrcmpiA (lpString1="REGMON.sys", lpString2="srvnet.sys") returned -1 [0018.333] lstrcmpiA (lpString1="REGMON.sys", lpString2="tcpipreg.sys") returned -1 [0018.333] lstrcmpiA (lpString1="REGMON.sys", lpString2="srv2.sys") returned -1 [0018.333] lstrcmpiA (lpString1="REGMON.sys", lpString2="srv.sys") returned -1 [0018.333] lstrcmpiA (lpString1="REGMON.sys", lpString2="E1G60I32.sys") returned 1 [0018.333] lstrcmpiA (lpString1="REGMON.sys", lpString2="ntdll.dll") returned 1 [0018.333] lstrcmpiA (lpString1="REGMON.sys", lpString2="smss.exe") returned -1 [0018.333] lstrcmpiA (lpString1="REGMON.sys", lpString2="apisetschema.dll") returned 1 [0018.333] lstrcmpiA (lpString1="REGMON.sys", lpString2="autochk.exe") returned 1 [0018.334] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x15c0000 [0018.334] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77440000 [0018.334] GetProcAddress (hModule=0x77440000, lpProcName="NtQuerySystemInformation") returned 0x774861f8 [0018.334] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x15c0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x15c0000, ResultLength=0x0) returned 0x0 [0018.335] lstrcmpiA (lpString1="regsys", lpString2="ntkrnl") returned 1 [0018.335] lstrcmpiA (lpString1="regsys", lpString2="halmac") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="kdcom.") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="mcupda") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="PSHED.") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="BOOTVI") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="CLFS.S") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="CI.dll") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="Wdf010") returned -1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="WDFLDR") returned -1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="ACPI.s") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="WMILIB") returned -1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="msisad") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="pci.sy") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="vdrvro") returned -1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="partmg") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="volmgr") returned -1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="volmgr") returned -1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="mountm") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="atapi.") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="atapor") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="msahci") returned 1 [0018.336] lstrcmpiA (lpString1="regsys", lpString2="PCIIDE") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="amdxat") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="fltmgr") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="filein") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="Ntfs.s") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="msrpc.") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="ksecdd") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="cng.sy") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="pcw.sy") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="Fs_Rec") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="ndis.s") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="NETIO.") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="ksecpk") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="tcpip.") returned -1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="fwpkcl") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="vmstor") returned -1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="volsna") returned -1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="spldr.") returned -1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="rdyboo") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="mup.sy") returned 1 [0018.337] lstrcmpiA (lpString1="regsys", lpString2="hwpoli") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="fvevol") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="disk.s") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="CLASSP") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="Null.S") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="Beep.S") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="vga.sy") returned -1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="VIDEOP") returned -1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="watchd") returned -1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="RDPCDD") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="rdpenc") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="rdpref") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="Msfs.S") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="Npfs.S") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="tdx.sy") returned -1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="TDI.SY") returned -1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="afd.sy") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="netbt.") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="wfplwf") returned -1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="pacer.") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="netbio") returned 1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="wanarp") returned -1 [0018.338] lstrcmpiA (lpString1="regsys", lpString2="termdd") returned -1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="rdbss.") returned 1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="nsipro") returned 1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="mssmbi") returned 1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="discac") returned 1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="csc.sy") returned 1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="dfsc.s") returned 1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="blbdri") returned 1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="tunnel") returned -1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="vgapnp") returned -1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="HDAudB") returned 1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="usbehc") returned -1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="USBPOR") returned -1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="intelp") returned 1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="Compos") returned 1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="AgileV") returned 1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="rasl2t") returned 1 [0018.339] lstrcmpiA (lpString1="regsys", lpString2="ndista") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="ndiswa") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="rasppp") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="rasppt") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="rassst") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="rdpbus") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="kbdcla") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="moucla") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="swenum") returned -1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="ks.sys") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="umbus.") returned -1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="usbhub") returned -1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="NDProx") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="HdAudi") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="portcl") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="drmk.s") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="crashd") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="dump_d") returned 1 [0018.340] lstrcmpiA (lpString1="regsys", lpString2="dump_m") returned 1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="dump_d") returned 1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="win32k") returned -1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="Dxapi.") returned 1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="dxg.sy") returned 1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="monito") returned 1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="TSDDD.") returned -1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="frameb") returned 1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="hidusb") returned 1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="HIDCLA") returned 1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="HIDPAR") returned 1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="USBD.S") returned -1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="kbdhid") returned 1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="mouhid") returned 1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="luafv.") returned 1 [0018.341] lstrcmpiA (lpString1="regsys", lpString2="lltdio") returned 1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="rspndr") returned -1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="HTTP.s") returned 1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="bowser") returned 1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="mpsdrv") returned 1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="mrxsmb") returned 1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="mrxsmb") returned 1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="mrxsmb") returned 1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="peauth") returned 1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="secdrv") returned -1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="srvnet") returned -1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="tcpipr") returned -1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="srv2.s") returned -1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="srv.sy") returned -1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="E1G60I") returned 1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="ntdll.") returned 1 [0018.342] lstrcmpiA (lpString1="regsys", lpString2="smss.e") returned -1 [0018.343] lstrcmpiA (lpString1="regsys", lpString2="apiset") returned 1 [0018.343] lstrcmpiA (lpString1="regsys", lpString2="autoch") returned 1 [0018.344] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x15c0000 [0018.344] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77440000 [0018.344] GetProcAddress (hModule=0x77440000, lpProcName="NtQuerySystemInformation") returned 0x774861f8 [0018.344] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x15c0000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x15c0000, ResultLength=0x0) returned 0x0 [0018.346] lstrcmpiA (lpString1="PROCMON", lpString2="ntkrnlp") returned 1 [0018.346] lstrcmpiA (lpString1="PROCMON", lpString2="halmacp") returned 1 [0018.346] lstrcmpiA (lpString1="PROCMON", lpString2="kdcom.d") returned 1 [0018.346] lstrcmpiA (lpString1="PROCMON", lpString2="mcupdat") returned 1 [0018.346] lstrcmpiA (lpString1="PROCMON", lpString2="PSHED.d") returned -1 [0018.346] lstrcmpiA (lpString1="PROCMON", lpString2="BOOTVID") returned 1 [0018.346] lstrcmpiA (lpString1="PROCMON", lpString2="CLFS.SY") returned 1 [0018.346] lstrcmpiA (lpString1="PROCMON", lpString2="CI.dll") returned 1 [0018.346] lstrcmpiA (lpString1="PROCMON", lpString2="Wdf0100") returned -1 [0018.346] lstrcmpiA (lpString1="PROCMON", lpString2="WDFLDR.") returned -1 [0018.346] lstrcmpiA (lpString1="PROCMON", lpString2="ACPI.sy") returned 1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="WMILIB.") returned -1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="msisadr") returned 1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="pci.sys") returned 1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="vdrvroo") returned -1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="partmgr") returned 1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="volmgr.") returned -1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="volmgrx") returned -1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="mountmg") returned 1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="atapi.s") returned 1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="ataport") returned 1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="msahci.") returned 1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="PCIIDEX") returned 1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="amdxata") returned 1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="fltmgr.") returned 1 [0018.347] lstrcmpiA (lpString1="PROCMON", lpString2="fileinf") returned 1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="Ntfs.sy") returned 1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="msrpc.s") returned 1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="ksecdd.") returned 1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="cng.sys") returned 1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="pcw.sys") returned 1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="Fs_Rec.") returned 1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="ndis.sy") returned 1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="NETIO.S") returned 1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="ksecpkg") returned 1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="tcpip.s") returned -1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="fwpkcln") returned 1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="vmstorf") returned -1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="volsnap") returned -1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="spldr.s") returned -1 [0018.348] lstrcmpiA (lpString1="PROCMON", lpString2="rdyboos") returned -1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="mup.sys") returned 1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="hwpolic") returned 1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="fvevol.") returned 1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="disk.sy") returned 1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="CLASSPN") returned 1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="Null.SY") returned 1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="Beep.SY") returned 1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="vga.sys") returned -1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="VIDEOPR") returned -1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="watchdo") returned -1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="RDPCDD.") returned -1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="rdpencd") returned -1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="rdprefm") returned -1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="Msfs.SY") returned 1 [0018.349] lstrcmpiA (lpString1="PROCMON", lpString2="Npfs.SY") returned 1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="tdx.sys") returned -1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="TDI.SYS") returned -1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="afd.sys") returned 1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="netbt.s") returned 1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="wfplwf.") returned -1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="pacer.s") returned 1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="netbios") returned 1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="wanarp.") returned -1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="termdd.") returned -1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="rdbss.s") returned -1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="nsiprox") returned 1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="mssmbio") returned 1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="discach") returned 1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="csc.sys") returned 1 [0018.350] lstrcmpiA (lpString1="PROCMON", lpString2="dfsc.sy") returned 1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="blbdriv") returned 1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="tunnel.") returned -1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="vgapnp.") returned -1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="HDAudBu") returned 1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="usbehci") returned -1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="USBPORT") returned -1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="intelpp") returned 1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="Composi") returned 1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="AgileVp") returned 1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="rasl2tp") returned -1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="ndistap") returned 1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="ndiswan") returned 1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="raspppo") returned -1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="raspptp") returned -1 [0018.351] lstrcmpiA (lpString1="PROCMON", lpString2="rassstp") returned -1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="rdpbus.") returned -1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="kbdclas") returned 1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="mouclas") returned 1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="swenum.") returned -1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="ks.sys") returned 1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="umbus.s") returned -1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="usbhub.") returned -1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="NDProxy") returned 1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="HdAudio") returned 1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="portcls") returned 1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="drmk.sy") returned 1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="crashdm") returned 1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="dump_du") returned 1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="dump_ms") returned 1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="dump_du") returned 1 [0018.352] lstrcmpiA (lpString1="PROCMON", lpString2="win32k.") returned -1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="Dxapi.s") returned 1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="dxg.sys") returned 1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="monitor") returned 1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="TSDDD.d") returned -1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="framebu") returned 1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="hidusb.") returned 1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="HIDCLAS") returned 1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="HIDPARS") returned 1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="USBD.SY") returned -1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="kbdhid.") returned 1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="mouhid.") returned 1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="luafv.s") returned 1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="lltdio.") returned 1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="rspndr.") returned -1 [0018.353] lstrcmpiA (lpString1="PROCMON", lpString2="HTTP.sy") returned 1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="bowser.") returned 1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="mpsdrv.") returned 1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="mrxsmb.") returned 1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="mrxsmb1") returned 1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="mrxsmb2") returned 1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="peauth.") returned 1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="secdrv.") returned -1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="srvnet.") returned -1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="tcpipre") returned -1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="srv2.sy") returned -1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="srv.sys") returned -1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="E1G60I3") returned 1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="ntdll.d") returned 1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="smss.ex") returned -1 [0018.354] lstrcmpiA (lpString1="PROCMON", lpString2="apisets") returned 1 [0018.355] lstrcmpiA (lpString1="PROCMON", lpString2="autochk") returned 1 [0018.369] SetEvent (hEvent=0x98) returned 1 [0018.369] Sleep (dwMilliseconds=0x0) [0018.371] GetProcAddress (hModule=0x77440000, lpProcName="RtlAllocateHeap") returned 0x77492dd6 [0018.372] GetCurrentDirectoryA (in: nBufferLength=0x104, lpBuffer=0x62f695 | out: lpBuffer="C:\\Users\\DSsDPMx042\\Desktop") returned 0x1b [0018.372] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x745351, nSize=0x100 | out: lpFilename="C:\\Users\\DSsDPMx042\\Desktop\\Explorer Pro.exe") returned 0x2c [0018.372] SetCurrentDirectoryA (lpPathName="C:\\Users\\DSsDPMx042\\Desktop" (normalized: "c:\\users\\dssdpmx042\\desktop")) returned 1 [0018.373] GetVersion () returned 0x1db10106 [0018.374] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x15c0000 [0018.378] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76d90000 [0018.382] LoadLibraryA (lpLibFileName="user32.dll") returned 0x775a0000 [0018.387] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x77350000 [0018.392] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76740000 [0018.887] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76d90000 [0018.891] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x77350000 [0018.895] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76d90000 [0018.897] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x72490000 [0018.927] LoadLibraryA (lpLibFileName="version.dll") returned 0x74ae0000 [0018.956] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x76b10000 [0018.960] LoadLibraryA (lpLibFileName="user32.dll") returned 0x775a0000 [0018.964] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76d90000 [0018.970] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x76740000 [0018.975] LoadLibraryA (lpLibFileName="comctl32.dll") returned 0x6fb40000 [0018.981] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x75af0000 [0021.591] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x76e70000 [0021.759] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x77350000 [0021.762] LoadLibraryA (lpLibFileName="winmm.dll") returned 0x70d50000 [0021.766] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73b70000 [0021.861] LoadLibraryA (lpLibFileName="wsock32.dll") returned 0x72730000 [0021.955] LoadLibraryA (lpLibFileName="AVICAP32.dll") returned 0x72710000 [0022.210] LoadLibraryA (lpLibFileName="MSVFW32.DLL") returned 0x72650000 [0022.214] LoadLibraryA (lpLibFileName="URLMON.DLL") returned 0x76830000 [0022.217] LoadLibraryA (lpLibFileName="WS2_32.DLL") returned 0x77070000 [0022.221] LoadLibraryA (lpLibFileName="ADVAPI32.DLL") returned 0x77350000 [0022.229] SetCurrentDirectoryA (lpPathName="C:\\Users\\DSsDPMx042\\Desktop" (normalized: "c:\\users\\dssdpmx042\\desktop")) returned 1 [0022.229] SetEvent (hEvent=0x9c) returned 1 [0022.230] Sleep (dwMilliseconds=0x0) [0022.230] LoadLibraryA (lpLibFileName="NTDLL") returned 0x77440000 [0022.230] GetProcAddress (hModule=0x77440000, lpProcName="ZwFlushKey") returned 0x77485988 [0022.231] CreateFileA (lpFileName=0x0, dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0022.231] DeviceIoControl (in: hDevice=0xffffffff, dwIoControlCode=0x1a00, lpInBuffer=0x6fc5e4, nInBufferSize=0x10, lpOutBuffer=0x6fc5f4, nOutBufferSize=0x10, lpBytesReturned=0x6fc5e0, lpOverlapped=0x0 | out: lpOutBuffer=0x6fc5f4, lpBytesReturned=0x6fc5e0, lpOverlapped=0x0) returned 0 [0022.232] CloseHandle (hObject=0xffffffff) returned 0 [0022.232] SetEvent (hEvent=0x94) returned 1 [0022.232] Sleep (dwMilliseconds=0x0) [0022.234] GetLocalTime (in: lpSystemTime=0x74dac5 | out: lpSystemTime=0x74dac5*(wYear=0x7e0, wMonth=0xa, wDayOfWeek=0x4, wDay=0xd, wHour=0x10, wMinute=0x2b, wSecond=0x5, wMilliseconds=0x66)) [0022.234] VirtualAlloc (lpAddress=0x0, dwSize=0x30d40, flAllocationType=0x1000, flProtect=0x4) returned 0x1610000 [0022.238] VirtualAlloc (lpAddress=0x0, dwSize=0x400, flAllocationType=0x1000, flProtect=0x4) returned 0x1650000 [0022.238] SetEvent (hEvent=0xa0) returned 1 [0022.238] Sleep (dwMilliseconds=0x0) [0022.238] SetEvent (hEvent=0x7c) returned 1 [0022.239] Sleep (dwMilliseconds=0x0) [0022.239] SetEvent (hEvent=0xa4) returned 1 [0022.239] Sleep (dwMilliseconds=0x0) [0022.241] CheckRemoteDebuggerPresent (in: hProcess=0xffffffff, pbDebuggerPresent=0x75048a | out: pbDebuggerPresent=0x75048a) returned 1 [0022.241] SetEvent (hEvent=0x78) returned 1 [0022.241] Sleep (dwMilliseconds=0x0) [0022.241] SetEvent (hEvent=0x90) returned 1 [0022.242] Sleep (dwMilliseconds=0x0) [0022.242] SetEvent (hEvent=0xa0) returned 1 [0022.242] Sleep (dwMilliseconds=0x0) [0022.242] SetEvent (hEvent=0x88) returned 1 [0022.242] Sleep (dwMilliseconds=0x0) [0022.243] SetEvent (hEvent=0xa4) returned 1 [0022.243] Sleep (dwMilliseconds=0x0) [0022.243] SetEvent (hEvent=0xa4) returned 1 [0022.243] Sleep (dwMilliseconds=0x0) [0022.244] SetEvent (hEvent=0x70) returned 1 [0022.244] Sleep (dwMilliseconds=0x0) [0022.244] SetEvent (hEvent=0x74) returned 1 [0022.244] Sleep (dwMilliseconds=0x0) [0022.245] SetEvent (hEvent=0x7c) returned 1 [0022.245] Sleep (dwMilliseconds=0x0) [0022.245] SetEvent (hEvent=0xa0) returned 1 [0022.245] Sleep (dwMilliseconds=0x0) [0022.246] SetEvent (hEvent=0x98) returned 1 [0022.246] Sleep (dwMilliseconds=0x0) [0022.247] SetEvent (hEvent=0xa4) returned 1 [0022.247] Sleep (dwMilliseconds=0x0) [0022.247] SetEvent (hEvent=0x9c) returned 1 [0022.247] Sleep (dwMilliseconds=0x0) [0022.248] SetEvent (hEvent=0x74) returned 1 [0022.248] Sleep (dwMilliseconds=0x0) [0022.248] SetEvent (hEvent=0x8c) returned 1 [0022.248] Sleep (dwMilliseconds=0x0) [0022.249] SetEvent (hEvent=0x70) returned 1 [0022.249] Sleep (dwMilliseconds=0x0) [0022.249] SetEvent (hEvent=0x88) returned 1 [0022.249] Sleep (dwMilliseconds=0x0) [0022.249] SetEvent (hEvent=0x88) returned 1 [0022.250] Sleep (dwMilliseconds=0x0) [0022.250] VirtualProtect (in: lpAddress=0x401000, dwSize=0x51481, flNewProtect=0x40, lpflOldProtect=0x62ebc9 | out: lpflOldProtect=0x62ebc9*=0x8) returned 1 [0022.264] FindWindowA (lpClassName="FilemonClass", lpWindowName=0x0) returned 0x0 [0022.264] FindWindowA (lpClassName=0x0, lpWindowName="File Monitor - Sysinternals: www.sysinternals.com") returned 0x0 [0022.264] FindWindowA (lpClassName="PROCMON_WINDOW_CLASS", lpWindowName=0x0) returned 0x0 [0022.264] FindWindowA (lpClassName=0x0, lpWindowName="Process Monitor - Sysinternals: www.sysinternals.com") returned 0x0 [0022.265] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x1660000 [0022.265] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77440000 [0022.265] GetProcAddress (hModule=0x77440000, lpProcName="NtQuerySystemInformation") returned 0x774861f8 [0022.265] NtQuerySystemInformation (in: SystemInformationClass=0xb, SystemInformation=0x1660000, Length=0x10000, ResultLength=0x0 | out: SystemInformation=0x1660000, ResultLength=0x0) returned 0x0 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="ntkrn") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="halma") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="kdcom") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="mcupd") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="PSHED") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="BOOTV") returned 1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="CLFS.") returned 1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="CI.dl") returned 1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="Wdf01") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="WDFLD") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="ACPI.") returned 1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="WMILI") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="msisa") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="pci.s") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="vdrvr") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="partm") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="volmg") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="volmg") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="mount") returned -1 [0022.267] lstrcmpiA (lpString1="Filem", lpString2="atapi") returned 1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="atapo") returned 1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="msahc") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="PCIID") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="amdxa") returned 1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="fltmg") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="filei") returned 1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="Ntfs.") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="msrpc") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="ksecd") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="cng.s") returned 1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="pcw.s") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="Fs_Re") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="ndis.") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="NETIO") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="ksecp") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="tcpip") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="fwpkc") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="vmsto") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="volsn") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="spldr") returned -1 [0022.268] lstrcmpiA (lpString1="Filem", lpString2="rdybo") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="mup.s") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="hwpol") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="fvevo") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="disk.") returned 1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="CLASS") returned 1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="Null.") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="Beep.") returned 1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="vga.s") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="VIDEO") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="watch") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="RDPCD") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="rdpen") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="rdpre") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="Msfs.") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="Npfs.") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="tdx.s") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="TDI.S") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="afd.s") returned 1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="netbt") returned -1 [0022.269] lstrcmpiA (lpString1="Filem", lpString2="wfplw") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="pacer") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="netbi") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="wanar") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="termd") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="rdbss") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="nsipr") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="mssmb") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="disca") returned 1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="csc.s") returned 1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="dfsc.") returned 1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="blbdr") returned 1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="tunne") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="vgapn") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="HDAud") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="usbeh") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="USBPO") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="intel") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="Compo") returned 1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="Agile") returned 1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="rasl2") returned -1 [0022.270] lstrcmpiA (lpString1="Filem", lpString2="ndist") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="ndisw") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="raspp") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="raspp") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="rasss") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="rdpbu") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="kbdcl") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="moucl") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="swenu") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="ks.sy") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="umbus") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="usbhu") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="NDPro") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="HdAud") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="portc") returned -1 [0022.271] lstrcmpiA (lpString1="Filem", lpString2="drmk.") returned 1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="crash") returned 1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="dump_") returned 1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="dump_") returned 1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="dump_") returned 1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="win32") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="Dxapi") returned 1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="dxg.s") returned 1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="monit") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="TSDDD") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="frame") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="hidus") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="HIDCL") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="HIDPA") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="USBD.") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="kbdhi") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="mouhi") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="luafv") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="lltdi") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="rspnd") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="HTTP.") returned -1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="bowse") returned 1 [0022.272] lstrcmpiA (lpString1="Filem", lpString2="mpsdr") returned -1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="mrxsm") returned -1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="mrxsm") returned -1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="mrxsm") returned -1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="peaut") returned -1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="secdr") returned -1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="srvne") returned -1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="tcpip") returned -1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="srv2.") returned -1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="srv.s") returned -1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="E1G60") returned 1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="ntdll") returned -1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="smss.") returned -1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="apise") returned 1 [0022.273] lstrcmpiA (lpString1="Filem", lpString2="autoc") returned 1 [0022.274] SetEvent (hEvent=0x84) returned 1 [0022.275] Sleep (dwMilliseconds=0x0) [0022.276] SetEvent (hEvent=0xa8) returned 1 [0022.276] Sleep (dwMilliseconds=0x0) [0022.279] VirtualAlloc (lpAddress=0x0, dwSize=0x1a140, flAllocationType=0x1000, flProtect=0x4) returned 0x3250000 [0022.284] VirtualAlloc (lpAddress=0x0, dwSize=0xb3000, flAllocationType=0x1000, flProtect=0x4) returned 0x3270000 [0022.315] SetEvent (hEvent=0x7c) returned 1 [0022.316] Sleep (dwMilliseconds=0x0) [0022.316] SetEvent (hEvent=0xac) returned 1 [0022.317] Sleep (dwMilliseconds=0x0) [0022.317] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x773772, dwCreationFlags=0x0, lpThreadId=0x7736c0 | out: lpThreadId=0x7736c0*=0x5c4) returned 0x15c [0022.319] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x62ebc9 | out: lpflOldProtect=0x62ebc9*=0x2) returned 1 [0022.320] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x62f2e5 | out: lpflOldProtect=0x62f2e5*=0x4) returned 1 [0022.320] SetEvent (hEvent=0xac) returned 1 [0022.320] Sleep (dwMilliseconds=0x0) [0022.322] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x1660000 [0022.322] VirtualAlloc (lpAddress=0x0, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x3270000 [0022.322] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0x3280000 [0022.323] VirtualAlloc (lpAddress=0x0, dwSize=0x153c, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.323] VirtualAlloc (lpAddress=0x0, dwSize=0xe7c, flAllocationType=0x1000, flProtect=0x40) returned 0x32a0000 [0022.324] VirtualAlloc (lpAddress=0x0, dwSize=0x1d6, flAllocationType=0x1000, flProtect=0x40) returned 0x32b0000 [0022.324] VirtualAlloc (lpAddress=0x0, dwSize=0x181d, flAllocationType=0x1000, flProtect=0x40) returned 0x32c0000 [0022.325] VirtualAlloc (lpAddress=0x0, dwSize=0x1019, flAllocationType=0x1000, flProtect=0x40) returned 0x32d0000 [0022.325] VirtualAlloc (lpAddress=0x0, dwSize=0x13c8, flAllocationType=0x1000, flProtect=0x40) returned 0x32e0000 [0022.326] VirtualAlloc (lpAddress=0x0, dwSize=0x5dc, flAllocationType=0x1000, flProtect=0x40) returned 0x32f0000 [0022.326] VirtualAlloc (lpAddress=0x0, dwSize=0xcd8, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.327] VirtualAlloc (lpAddress=0x0, dwSize=0x93b, flAllocationType=0x1000, flProtect=0x40) returned 0x3300000 [0022.327] VirtualAlloc (lpAddress=0x0, dwSize=0xc94, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.327] VirtualAlloc (lpAddress=0x0, dwSize=0x192, flAllocationType=0x1000, flProtect=0x40) returned 0x3310000 [0022.327] VirtualAlloc (lpAddress=0x0, dwSize=0x640, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.328] VirtualAlloc (lpAddress=0x0, dwSize=0x153c, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.328] VirtualAlloc (lpAddress=0x0, dwSize=0xc94, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.329] VirtualAlloc (lpAddress=0x0, dwSize=0x622, flAllocationType=0x1000, flProtect=0x40) returned 0x3320000 [0022.329] VirtualAlloc (lpAddress=0x0, dwSize=0x451, flAllocationType=0x1000, flProtect=0x40) returned 0x3470000 [0022.329] VirtualAlloc (lpAddress=0x0, dwSize=0xabb, flAllocationType=0x1000, flProtect=0x40) returned 0x3480000 [0022.330] VirtualAlloc (lpAddress=0x0, dwSize=0x153c, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.330] VirtualAlloc (lpAddress=0x0, dwSize=0x28e, flAllocationType=0x1000, flProtect=0x40) returned 0x3490000 [0022.331] VirtualAlloc (lpAddress=0x0, dwSize=0xaaa, flAllocationType=0x1000, flProtect=0x40) returned 0x34a0000 [0022.331] VirtualAlloc (lpAddress=0x0, dwSize=0x175, flAllocationType=0x1000, flProtect=0x40) returned 0x34b0000 [0022.332] VirtualAlloc (lpAddress=0x0, dwSize=0x131, flAllocationType=0x1000, flProtect=0x40) returned 0x34c0000 [0022.332] VirtualAlloc (lpAddress=0x0, dwSize=0x52d, flAllocationType=0x1000, flProtect=0x40) returned 0x34d0000 [0022.332] VirtualAlloc (lpAddress=0x0, dwSize=0xc13, flAllocationType=0x1000, flProtect=0x40) returned 0x34e0000 [0022.333] VirtualAlloc (lpAddress=0x0, dwSize=0x18f9, flAllocationType=0x1000, flProtect=0x40) returned 0x34f0000 [0022.333] VirtualAlloc (lpAddress=0x0, dwSize=0x5a6, flAllocationType=0x1000, flProtect=0x40) returned 0x3500000 [0022.334] VirtualAlloc (lpAddress=0x0, dwSize=0x19c, flAllocationType=0x1000, flProtect=0x40) returned 0x3510000 [0022.335] VirtualAlloc (lpAddress=0x0, dwSize=0xf8, flAllocationType=0x1000, flProtect=0x40) returned 0x3520000 [0022.335] VirtualAlloc (lpAddress=0x0, dwSize=0x1044, flAllocationType=0x1000, flProtect=0x40) returned 0x3530000 [0022.336] VirtualAlloc (lpAddress=0x0, dwSize=0xcc, flAllocationType=0x1000, flProtect=0x40) returned 0x3540000 [0022.336] VirtualAlloc (lpAddress=0x0, dwSize=0xe5b, flAllocationType=0x1000, flProtect=0x40) returned 0x3550000 [0022.336] VirtualAlloc (lpAddress=0x0, dwSize=0x207, flAllocationType=0x1000, flProtect=0x40) returned 0x3560000 [0022.337] VirtualAlloc (lpAddress=0x0, dwSize=0x8a0, flAllocationType=0x1000, flProtect=0x40) returned 0x3570000 [0022.337] VirtualAlloc (lpAddress=0x0, dwSize=0x128, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.337] VirtualAlloc (lpAddress=0x0, dwSize=0x3c, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.338] VirtualAlloc (lpAddress=0x0, dwSize=0xb2c, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.343] VirtualAlloc (lpAddress=0x0, dwSize=0xcd8, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.344] VirtualAlloc (lpAddress=0x0, dwSize=0x3e6, flAllocationType=0x1000, flProtect=0x40) returned 0x3580000 [0022.344] VirtualAlloc (lpAddress=0x0, dwSize=0xa7f, flAllocationType=0x1000, flProtect=0x40) returned 0x3590000 [0022.344] VirtualAlloc (lpAddress=0x0, dwSize=0x8ef, flAllocationType=0x1000, flProtect=0x40) returned 0x35a0000 [0022.345] VirtualAlloc (lpAddress=0x0, dwSize=0x223, flAllocationType=0x1000, flProtect=0x40) returned 0x35b0000 [0022.346] VirtualAlloc (lpAddress=0x0, dwSize=0x479, flAllocationType=0x1000, flProtect=0x40) returned 0x35c0000 [0022.346] VirtualAlloc (lpAddress=0x0, dwSize=0x503, flAllocationType=0x1000, flProtect=0x40) returned 0x35d0000 [0022.348] VirtualAlloc (lpAddress=0x0, dwSize=0x57a, flAllocationType=0x1000, flProtect=0x40) returned 0x35e0000 [0022.348] VirtualAlloc (lpAddress=0x0, dwSize=0x328, flAllocationType=0x1000, flProtect=0x40) returned 0x35f0000 [0022.348] VirtualAlloc (lpAddress=0x0, dwSize=0x488, flAllocationType=0x1000, flProtect=0x40) returned 0x3600000 [0022.349] VirtualAlloc (lpAddress=0x0, dwSize=0x6f, flAllocationType=0x1000, flProtect=0x40) returned 0x3610000 [0022.350] VirtualAlloc (lpAddress=0x0, dwSize=0xac4, flAllocationType=0x1000, flProtect=0x40) returned 0x3620000 [0022.350] VirtualAlloc (lpAddress=0x0, dwSize=0xfa, flAllocationType=0x1000, flProtect=0x40) returned 0x3630000 [0022.351] VirtualAlloc (lpAddress=0x0, dwSize=0x1bc, flAllocationType=0x1000, flProtect=0x40) returned 0x3640000 [0022.351] VirtualAlloc (lpAddress=0x0, dwSize=0x564, flAllocationType=0x1000, flProtect=0x40) returned 0x3650000 [0022.351] VirtualAlloc (lpAddress=0x0, dwSize=0x2f4, flAllocationType=0x1000, flProtect=0x40) returned 0x3660000 [0022.352] VirtualAlloc (lpAddress=0x0, dwSize=0x550, flAllocationType=0x1000, flProtect=0x40) returned 0x3670000 [0022.352] VirtualAlloc (lpAddress=0x0, dwSize=0x7de, flAllocationType=0x1000, flProtect=0x40) returned 0x3680000 [0022.353] VirtualAlloc (lpAddress=0x0, dwSize=0x520, flAllocationType=0x1000, flProtect=0x40) returned 0x3690000 [0022.353] VirtualAlloc (lpAddress=0x0, dwSize=0x2ac, flAllocationType=0x1000, flProtect=0x40) returned 0x36a0000 [0022.353] VirtualAlloc (lpAddress=0x0, dwSize=0x2b4, flAllocationType=0x1000, flProtect=0x40) returned 0x36b0000 [0022.354] VirtualAlloc (lpAddress=0x0, dwSize=0x3e8, flAllocationType=0x1000, flProtect=0x40) returned 0x36c0000 [0022.354] VirtualAlloc (lpAddress=0x0, dwSize=0x46b, flAllocationType=0x1000, flProtect=0x40) returned 0x36d0000 [0022.355] VirtualAlloc (lpAddress=0x0, dwSize=0x40f, flAllocationType=0x1000, flProtect=0x40) returned 0x36e0000 [0022.355] VirtualAlloc (lpAddress=0x0, dwSize=0x639, flAllocationType=0x1000, flProtect=0x40) returned 0x36f0000 [0022.356] VirtualAlloc (lpAddress=0x0, dwSize=0xa06, flAllocationType=0x1000, flProtect=0x40) returned 0x3700000 [0022.356] VirtualAlloc (lpAddress=0x0, dwSize=0x2a7, flAllocationType=0x1000, flProtect=0x40) returned 0x3710000 [0022.356] VirtualAlloc (lpAddress=0x0, dwSize=0x65e, flAllocationType=0x1000, flProtect=0x40) returned 0x3720000 [0022.357] VirtualAlloc (lpAddress=0x0, dwSize=0x31f, flAllocationType=0x1000, flProtect=0x40) returned 0x3730000 [0022.359] VirtualAlloc (lpAddress=0x0, dwSize=0x23c, flAllocationType=0x1000, flProtect=0x40) returned 0x3740000 [0022.360] VirtualAlloc (lpAddress=0x0, dwSize=0x7e, flAllocationType=0x1000, flProtect=0x40) returned 0x3750000 [0022.360] VirtualAlloc (lpAddress=0x0, dwSize=0x3e3, flAllocationType=0x1000, flProtect=0x40) returned 0x3760000 [0022.361] VirtualAlloc (lpAddress=0x0, dwSize=0x13b7, flAllocationType=0x1000, flProtect=0x40) returned 0x3770000 [0022.361] VirtualAlloc (lpAddress=0x0, dwSize=0x4d, flAllocationType=0x1000, flProtect=0x40) returned 0x3780000 [0022.362] VirtualAlloc (lpAddress=0x0, dwSize=0x16c, flAllocationType=0x1000, flProtect=0x40) returned 0x3790000 [0022.362] VirtualAlloc (lpAddress=0x0, dwSize=0xcd6, flAllocationType=0x1000, flProtect=0x40) returned 0x37a0000 [0022.363] VirtualAlloc (lpAddress=0x0, dwSize=0x50d, flAllocationType=0x1000, flProtect=0x40) returned 0x37b0000 [0022.363] VirtualAlloc (lpAddress=0x0, dwSize=0xbef, flAllocationType=0x1000, flProtect=0x40) returned 0x37c0000 [0022.363] VirtualAlloc (lpAddress=0x0, dwSize=0x153c, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.364] VirtualAlloc (lpAddress=0x0, dwSize=0x10f, flAllocationType=0x1000, flProtect=0x40) returned 0x37d0000 [0022.364] VirtualAlloc (lpAddress=0x0, dwSize=0x640, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.365] VirtualAlloc (lpAddress=0x0, dwSize=0x1d8, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.371] VirtualAlloc (lpAddress=0x0, dwSize=0x534, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.372] VirtualAlloc (lpAddress=0x0, dwSize=0x39c, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.375] VirtualAlloc (lpAddress=0x0, dwSize=0xc94, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.376] VirtualAlloc (lpAddress=0x0, dwSize=0x300, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.377] VirtualAlloc (lpAddress=0x0, dwSize=0x4e4, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.377] VirtualAlloc (lpAddress=0x0, dwSize=0x12c, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.378] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.378] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.379] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.379] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.379] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.379] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.380] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.380] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.381] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.381] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.381] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.382] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.382] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.382] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.382] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.383] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.383] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.383] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.384] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.384] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.384] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.384] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.385] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.385] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.385] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.386] GetModuleHandleA (lpModuleName="ws2_32") returned 0x77070000 [0022.386] VirtualAlloc (lpAddress=0x0, dwSize=0x18, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.386] VirtualAlloc (lpAddress=0x0, dwSize=0xbc, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.387] VirtualAlloc (lpAddress=0x0, dwSize=0x1d8, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.389] VirtualAlloc (lpAddress=0x0, dwSize=0x29c, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.389] VirtualAlloc (lpAddress=0x0, dwSize=0xc94, flAllocationType=0x1000, flProtect=0x4) returned 0x3290000 [0022.389] VirtualAlloc (lpAddress=0x0, dwSize=0x49a, flAllocationType=0x1000, flProtect=0x40) returned 0x37e0000 [0022.396] SetEvent (hEvent=0x78) returned 1 [0022.396] Sleep (dwMilliseconds=0x0) [0022.397] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x62ebc9 | out: lpflOldProtect=0x62ebc9*=0x2) returned 1 [0022.398] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x62f2e5 | out: lpflOldProtect=0x62f2e5*=0x4) returned 1 [0022.399] SetEvent (hEvent=0x94) returned 1 [0022.399] Sleep (dwMilliseconds=0x0) [0022.401] SetEvent (hEvent=0x8c) returned 1 [0022.401] Sleep (dwMilliseconds=0x0) [0022.401] SetEvent (hEvent=0x74) returned 1 [0022.402] Sleep (dwMilliseconds=0x0) [0022.402] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x62ebc9 | out: lpflOldProtect=0x62ebc9*=0x2) returned 1 [0022.403] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x630a8d | out: lpflOldProtect=0x630a8d*=0x4) returned 1 [0022.403] SetEvent (hEvent=0x84) returned 1 [0022.403] Sleep (dwMilliseconds=0x0) [0022.404] SetEvent (hEvent=0x9c) returned 1 [0022.404] Sleep (dwMilliseconds=0x0) [0022.408] GetCommandLineA () returned="\"C:\\Users\\DSsDPMx042\\Desktop\\Explorer Pro.exe\" " [0022.408] GetVersion () returned 0x1db10106 [0022.408] GetVersion () returned 0x1db10106 [0022.408] GetCurrentThreadId () returned 0x5d4 [0022.409] GetThreadLocale () returned 0x409 [0022.410] LoadStringBaseExW () returned 0x1c [0022.410] WCSToMBEx () returned 0x1c [0022.411] LoadStringBaseExW () returned 0x17 [0022.412] WCSToMBEx () returned 0x17 [0022.412] LoadStringBaseExW () returned 0x15 [0022.412] WCSToMBEx () returned 0x15 [0022.412] LoadStringBaseExW () returned 0x10 [0022.413] WCSToMBEx () returned 0x10 [0022.413] LoadStringBaseExW () returned 0x29 [0022.413] WCSToMBEx () returned 0x29 [0022.413] LoadStringBaseExW () returned 0x10 [0022.413] WCSToMBEx () returned 0x10 [0022.414] LoadStringBaseExW () returned 0x24 [0022.414] WCSToMBEx () returned 0x24 [0022.414] LoadStringBaseExW () returned 0x22 [0022.414] WCSToMBEx () returned 0x22 [0022.415] LoadStringBaseExW () returned 0x19 [0022.415] WCSToMBEx () returned 0x19 [0022.415] LoadStringBaseExW () returned 0x1f [0022.415] WCSToMBEx () returned 0x1f [0022.416] LoadStringBaseExW () returned 0xe [0022.416] WCSToMBEx () returned 0xe [0022.416] LoadStringBaseExW () returned 0xd [0022.416] WCSToMBEx () returned 0xd [0022.417] LoadStringBaseExW () returned 0x16 [0022.417] WCSToMBEx () returned 0x16 [0022.417] LoadStringBaseExW () returned 0x10 [0022.417] WCSToMBEx () returned 0x10 [0022.418] LoadStringBaseExW () returned 0x16 [0022.418] WCSToMBEx () returned 0x16 [0022.419] LoadStringBaseExW () returned 0x18 [0022.419] WCSToMBEx () returned 0x18 [0022.419] LoadStringBaseExW () returned 0x17 [0022.419] WCSToMBEx () returned 0x17 [0022.420] LoadStringBaseExW () returned 0x1f [0022.420] WCSToMBEx () returned 0x1f [0022.420] LoadStringBaseExW () returned 0x20 [0022.420] WCSToMBEx () returned 0x20 [0022.420] LoadStringBaseExW () returned 0x10 [0022.421] WCSToMBEx () returned 0x10 [0022.421] LoadStringBaseExW () returned 0x11 [0022.421] WCSToMBEx () returned 0x11 [0022.421] LoadStringBaseExW () returned 0x10 [0022.422] WCSToMBEx () returned 0x10 [0022.422] LoadStringBaseExW () returned 0x15 [0022.422] WCSToMBEx () returned 0x15 [0022.422] LoadStringBaseExW () returned 0x9 [0022.423] WCSToMBEx () returned 0x9 [0022.423] LoadStringBaseExW () returned 0x17 [0022.423] WCSToMBEx () returned 0x17 [0022.423] LoadStringBaseExW () returned 0x12 [0022.423] WCSToMBEx () returned 0x12 [0022.424] LoadStringBaseExW () returned 0x13 [0022.424] WCSToMBEx () returned 0x13 [0022.424] LoadStringBaseExW () returned 0x10 [0022.424] WCSToMBEx () returned 0x10 [0022.425] LoadStringBaseExW () returned 0xe [0022.425] WCSToMBEx () returned 0xe [0022.425] LoadStringBaseExW () returned 0xd [0022.425] WCSToMBEx () returned 0xd [0022.426] LoadStringBaseExW () returned 0x19 [0022.426] WCSToMBEx () returned 0x19 [0022.426] GetThreadLocale () returned 0x409 [0022.426] GetThreadLocale () returned 0x409 [0022.429] GetThreadLocale () returned 0x409 [0022.429] GetThreadLocale () returned 0x409 [0022.429] GetThreadLocale () returned 0x409 [0022.432] NtUserGetDC () returned 0x80101cf [0022.432] GetDeviceCaps (hdc=0x80101cf, index=90) returned 96 [0022.432] GdiReleaseDC () returned 0x1 [0022.432] NtUserCallOneParam (Param=0x80101cf, Routine=0x3b) returned 0x1 [0022.432] NtUserGetDC () returned 0x80101cf [0022.432] GetDeviceCaps (hdc=0x80101cf, index=104) returned 0 [0022.433] GdiReleaseDC () returned 0x1 [0022.433] NtUserCallOneParam (Param=0x80101cf, Routine=0x3b) returned 0x1 [0022.433] CreatePalette (plpal=0x12efd0) returned 0x110801e2 [0022.433] GetStockObject (i=7) returned 0x1b00017 [0022.433] GetStockObject (i=5) returned 0x1900015 [0022.433] GetStockObject (i=13) returned 0x18a002e [0022.433] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0022.434] LoadStringBaseExW () returned 0x4 [0022.434] WCSToMBEx () returned 0x4 [0022.434] LoadStringBaseExW () returned 0x5 [0022.434] WCSToMBEx () returned 0x5 [0022.435] LoadStringBaseExW () returned 0x6 [0022.435] WCSToMBEx () returned 0x6 [0022.435] LoadStringBaseExW () returned 0x3 [0022.435] WCSToMBEx () returned 0x3 [0022.436] LoadStringBaseExW () returned 0x3 [0022.436] WCSToMBEx () returned 0x3 [0022.436] LoadStringBaseExW () returned 0x4 [0022.436] WCSToMBEx () returned 0x4 [0022.437] LoadStringBaseExW () returned 0x5 [0022.437] WCSToMBEx () returned 0x5 [0022.437] LoadStringBaseExW () returned 0x2 [0022.437] WCSToMBEx () returned 0x2 [0022.437] LoadStringBaseExW () returned 0x4 [0022.438] WCSToMBEx () returned 0x4 [0022.438] LoadStringBaseExW () returned 0x4 [0022.438] WCSToMBEx () returned 0x4 [0022.438] LoadStringBaseExW () returned 0x3 [0022.439] WCSToMBEx () returned 0x3 [0022.439] LoadStringBaseExW () returned 0x4 [0022.439] WCSToMBEx () returned 0x4 [0022.439] LoadStringBaseExW () returned 0x4 [0022.440] WCSToMBEx () returned 0x4 [0022.440] LoadStringBaseExW () returned 0x5 [0022.440] WCSToMBEx () returned 0x5 [0022.440] LoadStringBaseExW () returned 0x5 [0022.440] WCSToMBEx () returned 0x5 [0022.441] LoadStringBaseExW () returned 0x3 [0022.441] WCSToMBEx () returned 0x3 [0022.441] LoadStringBaseExW () returned 0x3 [0022.441] WCSToMBEx () returned 0x3 [0022.442] LoadStringBaseExW () returned 0x4 [0022.442] WCSToMBEx () returned 0x4 [0022.443] RtlCaptureAnsiString () returned 0x1 [0022.443] NtUserRegisterWindowMessage () returned 0xc110 [0022.443] RtlCaptureAnsiString () returned 0x1 [0022.443] NtUserRegisterWindowMessage () returned 0xc10e [0022.444] GetCurrentThreadId () returned 0x5d4 [0022.444] InternalAddAtom () returned 0xc031 [0022.444] LoadStringBaseExW () returned 0xb [0022.445] WCSToMBEx () returned 0xb [0022.445] LoadStringBaseExW () returned 0xc [0022.445] WCSToMBEx () returned 0xc [0022.445] LoadStringBaseExW () returned 0x11 [0022.446] WCSToMBEx () returned 0x11 [0022.446] LoadStringBaseExW () returned 0x8 [0022.446] WCSToMBEx () returned 0x8 [0022.446] LoadStringBaseExW () returned 0xe [0022.447] WCSToMBEx () returned 0xe [0022.447] LoadStringBaseExW () returned 0xa [0022.447] WCSToMBEx () returned 0xa [0022.447] LoadStringBaseExW () returned 0x4 [0022.448] WCSToMBEx () returned 0x4 [0022.448] LoadStringBaseExW () returned 0x9 [0022.448] WCSToMBEx () returned 0x9 [0022.448] LoadStringBaseExW () returned 0xf [0022.449] WCSToMBEx () returned 0xf [0022.449] LoadStringBaseExW () returned 0x9 [0022.449] WCSToMBEx () returned 0x9 [0022.449] LoadStringBaseExW () returned 0xf [0022.449] WCSToMBEx () returned 0xf [0022.450] LoadStringBaseExW () returned 0x15 [0022.450] WCSToMBEx () returned 0x15 [0022.450] LoadStringBaseExW () returned 0x10 [0022.450] WCSToMBEx () returned 0x10 [0022.451] LoadStringBaseExW () returned 0xf [0022.451] WCSToMBEx () returned 0xf [0022.451] LoadStringBaseExW () returned 0xe [0022.451] WCSToMBEx () returned 0xe [0022.452] LoadStringBaseExW () returned 0x14 [0022.452] WCSToMBEx () returned 0x14 [0022.452] LoadStringBaseExW () returned 0x9 [0022.452] WCSToMBEx () returned 0x9 [0022.453] LoadStringBaseExW () returned 0x7 [0022.453] WCSToMBEx () returned 0x7 [0022.453] LoadStringBaseExW () returned 0xc [0022.453] WCSToMBEx () returned 0xc [0022.454] LoadStringBaseExW () returned 0xb [0022.454] WCSToMBEx () returned 0xb [0022.454] LoadStringBaseExW () returned 0xd [0022.454] WCSToMBEx () returned 0xd [0022.455] LoadStringBaseExW () returned 0x10 [0022.455] WCSToMBEx () returned 0x10 [0022.455] LoadStringBaseExW () returned 0xb [0022.455] WCSToMBEx () returned 0xb [0022.456] LoadStringBaseExW () returned 0xa [0022.456] WCSToMBEx () returned 0xa [0022.456] LoadStringBaseExW () returned 0x15 [0022.456] WCSToMBEx () returned 0x15 [0022.456] LoadStringBaseExW () returned 0xe [0022.457] WCSToMBEx () returned 0xe [0022.457] LoadStringBaseExW () returned 0xd [0022.457] WCSToMBEx () returned 0xd [0022.457] LoadStringBaseExW () returned 0xb [0022.458] WCSToMBEx () returned 0xb [0022.458] LoadStringBaseExW () returned 0x5 [0022.458] WCSToMBEx () returned 0x5 [0022.459] LoadStringBaseExW () returned 0x8 [0022.459] WCSToMBEx () returned 0x8 [0022.459] LoadStringBaseExW () returned 0xb [0022.459] WCSToMBEx () returned 0xb [0022.460] LoadStringBaseExW () returned 0x5 [0022.460] WCSToMBEx () returned 0x5 [0022.460] LoadStringBaseExW () returned 0x4 [0022.460] WCSToMBEx () returned 0x4 [0022.461] LoadStringBaseExW () returned 0x7 [0022.461] WCSToMBEx () returned 0x7 [0022.461] LoadStringBaseExW () returned 0x4 [0022.461] WCSToMBEx () returned 0x4 [0022.462] LoadStringBaseExW () returned 0x6 [0022.462] WCSToMBEx () returned 0x6 [0022.462] LoadStringBaseExW () returned 0x4 [0022.462] WCSToMBEx () returned 0x4 [0022.463] LoadStringBaseExW () returned 0x3 [0022.463] WCSToMBEx () returned 0x3 [0022.463] LoadStringBaseExW () returned 0x6 [0022.463] WCSToMBEx () returned 0x6 [0022.463] LoadStringBaseExW () returned 0x4 [0022.464] WCSToMBEx () returned 0x4 [0022.464] LoadStringBaseExW () returned 0x4 [0022.464] WCSToMBEx () returned 0x4 [0022.464] LoadStringBaseExW () returned 0x6 [0022.465] WCSToMBEx () returned 0x6 [0022.465] LoadStringBaseExW () returned 0x4 [0022.465] WCSToMBEx () returned 0x4 [0022.465] LoadStringBaseExW () returned 0x5 [0022.466] WCSToMBEx () returned 0x5 [0022.466] LoadStringBaseExW () returned 0x5 [0022.466] WCSToMBEx () returned 0x5 [0022.466] LoadStringBaseExW () returned 0x6 [0022.466] WCSToMBEx () returned 0x6 [0022.467] LoadStringBaseExW () returned 0x5 [0022.467] WCSToMBEx () returned 0x5 [0022.467] RtlCaptureAnsiString () returned 0x1 [0022.467] NtUserRegisterWindowMessage () returned 0xc056 [0022.468] RtlCaptureAnsiString () returned 0x1 [0022.468] NtUserRegisterWindowMessage () returned 0xc107 [0022.468] GetVersion () returned 0x1db10106 [0022.468] GetCurrentProcessId () returned 0x514 [0022.468] InternalAddAtom () returned 0xc030 [0022.468] GetCurrentThreadId () returned 0x5d4 [0022.468] InternalAddAtom () returned 0xc02f [0022.468] RtlCaptureAnsiString () returned 0x1 [0022.468] NtUserRegisterWindowMessage () returned 0xc108 [0022.469] GetSystemMetrics (nIndex=19) returned 1 [0022.496] GetSystemMetrics (nIndex=75) returned 1 [0022.497] __SEH_prolog4 () returned 0x12f348 [0022.497] IsInsideUserApiHook () returned 0x1 [0022.497] _BeginIfHookedUserApiHook () returned 0x1 [0022.497] __SEH_epilog4 () returned 0x1 [0022.497] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0022.497] LoadCursorW (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0022.497] LoadCursorW (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x8011f [0022.498] LoadCursorW (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0022.498] LoadCursorW (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0022.498] LoadCursorW (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0022.498] LoadCursorW (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x60179 [0022.499] LoadCursorW (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x4011d [0022.499] LoadCursorW (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x20171 [0022.500] LoadCursorW (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x2016b [0022.500] LoadCursorW (hInstance=0x400000, lpCursorName=0x7fff) returned 0x20169 [0022.500] LoadCursorW (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x20167 [0022.501] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0022.501] LoadCursorW (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0022.501] LoadCursorW (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0022.501] LoadCursorW (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0022.501] LoadCursorW (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0022.501] LoadCursorW (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0022.501] LoadCursorW (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0022.501] LoadCursorW (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0022.502] LoadCursorW (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0022.502] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0022.502] NtUserCallOneParam (Param=0x0, Routine=0x2b) returned 0x4090409 [0022.502] NtUserGetDC () returned 0x80101cf [0022.502] GetDeviceCaps (hdc=0x80101cf, index=90) returned 96 [0022.502] GdiReleaseDC () returned 0x1 [0022.502] NtUserCallOneParam (Param=0x80101cf, Routine=0x3b) returned 0x1 [0022.502] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x44e5c0, dwData=0x37f156c) returned 1 [0022.503] __SEH_prolog4 () returned 0x12f1a8 [0022.503] IsInsideUserApiHook () returned 0x1 [0022.503] _BeginIfHookedUserApiHook () returned 0x1 [0022.503] __SEH_epilog4 () returned 0x1 [0022.503] CreateFontIndirectA (lplf=0x12f337) returned 0x230a01b1 [0022.503] GetObjectA (in: h=0x230a01b1, c=60, pv=0x12f128 | out: pv=0x12f128) returned 60 [0022.503] __SEH_prolog4 () returned 0x12f1a8 [0022.503] IsInsideUserApiHook () returned 0x1 [0022.503] _BeginIfHookedUserApiHook () returned 0x1 [0022.503] __SEH_epilog4 () returned 0x1 [0022.503] CreateFontIndirectA (lplf=0x12f2bf) returned 0x1c0a01e9 [0022.504] GetObjectA (in: h=0x1c0a01e9, c=60, pv=0x12f128 | out: pv=0x12f128) returned 60 [0022.504] CreateFontIndirectA (lplf=0x12f283) returned 0x1a0a01e3 [0022.504] GetObjectA (in: h=0x1a0a01e3, c=60, pv=0x12f128 | out: pv=0x12f128) returned 60 [0022.506] GetClassInfoExA (in: hInstance=0x400000, lpszClass="TApplication", lpwcx=0x12f1f4 | out: lpwcx=0x12f1f4) returned 0 [0022.506] RegisterClassExWOWA () returned 0xc0c10a [0022.506] GetSystemMetrics (nIndex=0) returned 1440 [0022.506] GetSystemMetrics (nIndex=1) returned 900 [0022.507] _CreateWindowEx () returned 0x4012c [0022.507] __SEH_prolog4 () returned 0x12ec70 [0022.507] IsInsideUserApiHook () returned 0x1 [0022.507] _BeginIfHookedUserApiHook () returned 0x1 [0022.507] IsMsgOverride () returned 0x0 [0022.507] RealDefWindowProcA () returned 0x1 [0022.507] __SEH_epilog4 () returned 0x1 [0022.509] __SEH_prolog4 () returned 0x12ecc8 [0022.509] IsInsideUserApiHook () returned 0x1 [0022.509] _BeginIfHookedUserApiHook () returned 0x1 [0022.509] IsMsgOverride () returned 0x8 [0022.534] __SEH_prolog4 () returned 0x12ec50 [0022.534] IsInsideUserApiHook () returned 0x1 [0022.534] _BeginIfHookedUserApiHook () returned 0x1 [0022.534] IsMsgOverride () returned 0x0 [0022.534] RealDefWindowProcA () returned 0x0 [0022.534] __SEH_epilog4 () returned 0x0 [0022.535] __SEH_prolog4 () returned 0x12ecd4 [0022.535] IsInsideUserApiHook () returned 0x1 [0022.535] _BeginIfHookedUserApiHook () returned 0x1 [0022.535] IsMsgOverride () returned 0x0 [0022.535] RealDefWindowProcA () returned 0x0 [0022.535] __SEH_epilog4 () returned 0x0 [0022.535] __SEH_prolog4 () returned 0x12ecd4 [0022.535] IsInsideUserApiHook () returned 0x1 [0022.535] _BeginIfHookedUserApiHook () returned 0x1 [0022.535] IsMsgOverride () returned 0x0 [0022.535] RealDefWindowProcA () returned 0x0 [0022.535] __SEH_epilog4 () returned 0x0 [0022.535] _SetWindowLong () returned 0x40754c [0022.537] @ValidateHwnd@4 () returned 0x8cb1a0 [0022.537] SendMessageWorker () returned 0x0 [0022.537] __SEH_prolog4 () returned 0x12f0b0 [0022.537] IsInsideUserApiHook () returned 0x1 [0022.537] _BeginIfHookedUserApiHook () returned 0x1 [0022.537] IsMsgOverride () returned 0x1 [0022.550] __SEH_prolog4 () returned 0x12ea74 [0022.551] IsInsideUserApiHook () returned 0x1 [0022.551] _BeginIfHookedUserApiHook () returned 0x1 [0022.551] IsMsgOverride () returned 0x0 [0022.551] RealDefWindowProcA () returned 0x20163 [0022.551] __SEH_epilog4 () returned 0x20163 [0022.554] NtUserSetClassLong () returned 0x0 [0022.554] NtUserGetSystemMenu () returned 0x40177 [0022.554] NtUserDeleteMenu () returned 0x1 [0022.555] NtUserDeleteMenu () returned 0x1 [0022.555] NtUserDeleteMenu () returned 0x1 [0022.555] NtUserGetKeyboardLayoutList () returned 0x1 [0022.560] RtlCaptureAnsiString () returned 0x1 [0022.560] NtUserRegisterWindowMessage () returned 0xc0be [0022.561] KernelBaseGetGlobalData () returned 0x757140f0 [0022.561] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x2f7ed0 | out: lpBuffer="C:\\Users\\DSSDPM~1\\AppData\\Local\\Temp\\") returned 0x25 [0022.562] KernelBaseGetGlobalData () returned 0x757140f0 [0022.562] RtlUnicodeStringToAnsiString (in: DestinationString=0x12f398, SourceString="C:\\Users\\DSSDPM~1\\AppData\\Local\\Temp\\", AllocateDestinationString=0 | out: DestinationString="C:\\Users\\DSSDPM~1\\AppData\\Local\\Temp\\") returned 0x0 [0022.562] LoadStringBaseExW () returned 0x2 [0022.562] WCSToMBEx () returned 0x2 [0022.563] LoadStringBaseExW () returned 0x2 [0022.563] WCSToMBEx () returned 0x2 [0022.563] LoadStringBaseExW () returned 0x2 [0022.563] WCSToMBEx () returned 0x2 [0022.564] LoadStringBaseExW () returned 0x2 [0022.564] WCSToMBEx () returned 0x2 [0022.564] LoadStringBaseExW () returned 0xd [0022.564] WCSToMBEx () returned 0xd [0022.565] LoadStringBaseExW () returned 0xe [0022.565] WCSToMBEx () returned 0xe [0022.565] LoadStringBaseExW () returned 0xa [0022.565] WCSToMBEx () returned 0xa [0022.566] LoadStringBaseExW () returned 0x11 [0022.566] WCSToMBEx () returned 0x11 [0022.566] LoadStringBaseExW () returned 0x16 [0022.566] WCSToMBEx () returned 0x16 [0022.567] LoadStringBaseExW () returned 0x8 [0022.567] WCSToMBEx () returned 0x8 [0022.568] LoadStringBaseExW () returned 0xb [0022.568] WCSToMBEx () returned 0xb [0022.568] LoadStringBaseExW () returned 0x8 [0022.568] WCSToMBEx () returned 0x8 [0022.569] LoadStringBaseExW () returned 0x5 [0022.569] WCSToMBEx () returned 0x5 [0022.569] LoadStringBaseExW () returned 0x4 [0022.569] WCSToMBEx () returned 0x4 [0022.571] NtUserGetDC () returned 0x150106a2 [0022.571] GetDeviceCaps (hdc=0x150106a2, index=12) returned 32 [0022.571] GetDeviceCaps (hdc=0x150106a2, index=14) returned 1 [0022.571] GdiReleaseDC () returned 0x1 [0022.571] NtUserCallOneParam (Param=0x150106a2, Routine=0x3b) returned 0x1 [0022.571] LoadStringBaseExW () returned 0xf [0022.571] WCSToMBEx () returned 0xf [0022.572] LoadStringBaseExW () returned 0x9 [0022.572] WCSToMBEx () returned 0x9 [0022.572] MBToWCSEx () returned 0x3 [0022.572] CharLowerBuffW (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3 [0022.572] RtlUnicodeToMultiByteN (in: MultiByteString=0x37f2184, MaxBytesInMultiByteString=0x3, BytesInMultiByteString=0x12f118, UnicodeString=0x12f11c, BytesInUnicodeString=0x6 | out: MultiByteString="wmf", BytesInMultiByteString=0x12f118) returned 0x0 [0022.572] @__security_check_cookie@4 () returned 0x3 [0022.573] LoadStringBaseExW () returned 0x12 [0022.573] WCSToMBEx () returned 0x12 [0022.573] MBToWCSEx () returned 0x3 [0022.573] CharLowerBuffW (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3 [0022.574] RtlUnicodeToMultiByteN (in: MultiByteString=0x37f21dc, MaxBytesInMultiByteString=0x3, BytesInMultiByteString=0x12f118, UnicodeString=0x12f11c, BytesInUnicodeString=0x6 | out: MultiByteString="emf", BytesInMultiByteString=0x12f118) returned 0x0 [0022.574] @__security_check_cookie@4 () returned 0x3 [0022.574] LoadStringBaseExW () returned 0x5 [0022.574] WCSToMBEx () returned 0x5 [0022.574] MBToWCSEx () returned 0x3 [0022.575] CharLowerBuffW (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3 [0022.575] RtlUnicodeToMultiByteN (in: MultiByteString=0x37f2214, MaxBytesInMultiByteString=0x3, BytesInMultiByteString=0x12f118, UnicodeString=0x12f11c, BytesInUnicodeString=0x6 | out: MultiByteString="ico", BytesInMultiByteString=0x12f118) returned 0x0 [0022.575] @__security_check_cookie@4 () returned 0x3 [0022.575] LoadStringBaseExW () returned 0x7 [0022.575] WCSToMBEx () returned 0x7 [0022.576] MBToWCSEx () returned 0x3 [0022.576] CharLowerBuffW (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3 [0022.576] RtlUnicodeToMultiByteN (in: MultiByteString=0x37f224c, MaxBytesInMultiByteString=0x3, BytesInMultiByteString=0x12f118, UnicodeString=0x12f11c, BytesInUnicodeString=0x6 | out: MultiByteString="bmp", BytesInMultiByteString=0x12f118) returned 0x0 [0022.576] @__security_check_cookie@4 () returned 0x3 [0022.576] MBToWCSEx () returned 0x4 [0022.576] CharLowerBuffW (in: lpsz="jpeg≰/濐-䖢@\x12\x12Ä-ⴘ-띶\x18", cchLength=0x4 | out: lpsz="jpeg≰/濐-䖢@\x12\x12Ä-ⴘ-띶\x18") returned 0x4 [0022.576] RtlUnicodeToMultiByteN (in: MultiByteString=0x37f2270, MaxBytesInMultiByteString=0x4, BytesInMultiByteString=0x12f160, UnicodeString=0x12f164, BytesInUnicodeString=0x8 | out: MultiByteString="jpeg", BytesInMultiByteString=0x12f160) returned 0x0 [0022.577] @__security_check_cookie@4 () returned 0x4 [0022.577] LoadStringBaseExW () returned 0xf [0022.577] WCSToMBEx () returned 0xf [0022.577] MBToWCSEx () returned 0x3 [0022.578] CharLowerBuffW (in: lpsz="jpgg≰/濐-䖢@\x12\x12Ä-ⴘ-띶\x18", cchLength=0x3 | out: lpsz="jpgg≰/濐-䖢@\x12\x12Ä-ⴘ-띶\x18") returned 0x3 [0022.578] RtlUnicodeToMultiByteN (in: MultiByteString=0x37f22c4, MaxBytesInMultiByteString=0x3, BytesInMultiByteString=0x12f160, UnicodeString=0x12f164, BytesInUnicodeString=0x6 | out: MultiByteString="jpg", BytesInMultiByteString=0x12f160) returned 0x0 [0022.578] @__security_check_cookie@4 () returned 0x3 [0022.578] InternalFindWindowExA () returned 0x0 [0022.580] RtlMultiByteToUnicodeN (in: UnicodeString=0x12f174, MaxBytesInUnicodeString=0x2, BytesInUnicodeString=0x0, MultiByteString="C", BytesInMultiByteString=0x1 | out: UnicodeString="C", BytesInUnicodeString=0x0) returned 0x0 [0022.580] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="C", cchSrc=1, lpCharType=0x12f170 | out: lpCharType=0x12f170) returned 1 [0022.580] RtlMultiByteToUnicodeN (in: UnicodeString=0x12f174, MaxBytesInUnicodeString=0x2, BytesInUnicodeString=0x0, MultiByteString="C", BytesInMultiByteString=0x1 | out: UnicodeString="C", BytesInUnicodeString=0x0) returned 0x0 [0022.580] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="C", cchSrc=1, lpCharType=0x12f170 | out: lpCharType=0x12f170) returned 1 [0022.594] RtlMultiByteToUnicodeN (in: UnicodeString=0x12ef78, MaxBytesInUnicodeString=0x2, BytesInUnicodeString=0x0, MultiByteString="C", BytesInMultiByteString=0x1 | out: UnicodeString="C", BytesInUnicodeString=0x0) returned 0x0 [0022.594] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="C", cchSrc=1, lpCharType=0x12ef74 | out: lpCharType=0x12ef74) returned 1 [0022.595] Basep8BitStringToDynamicUnicodeString () returned 0x1 [0022.595] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSINFO\\FieleWay.txt" (normalized: "c:\\program files\\common files\\microsoft shared\\msinfo\\fieleway.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0022.595] RtlFreeAnsiString (AnsiString="C") [0022.600] Basep8BitStringToDynamicUnicodeString () returned 0x1 [0022.600] CreateFileW (lpFileName="C:\\Users\\DSsDPMx042\\Desktop\\Explorer Pro.exe" (normalized: "c:\\users\\dssdpmx042\\desktop\\explorer pro.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x19c [0022.600] RtlFreeAnsiString (AnsiString="C") [0022.669] __SEH_prolog4 () returned 0x12f240 [0022.739] __SEH_epilog4 () returned 0x1 [0022.812] CreateProcessInternalA (in: hUserToken=0x0, lpApplicationName=0x0, lpCommandLine="\"C:\\program files\\internet explorer\\IEXPLORE.EXE\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x12f0e4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x12f0d4, hNewToken=0x0 | out: lpProcessInformation=0x12f0d4*(hProcess=0x1a4, hThread=0x1a0, dwProcessId=0x578, dwThreadId=0x500), hNewToken=0x0) returned 1 [0022.821] NtGetContextThread (in: ThreadHandle=0x1a0, Context=0x12f15c | out: Context=0x12f15c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x330000, Dr2=0x2f6dac, Dr3=0x774852e4, Dr6=0x756d79eb, Dr7=0xffffffff, FloatSave.ControlWord=0x12f1a0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x12f18c, FloatSave.ErrorOffset=0x1000, FloatSave.ErrorSelector=0x4, FloatSave.DataOffset=0x330000, FloatSave.DataSelector=0x12f1ac, FloatSave.RegisterArea=([0]=0x17, [1]=0x7a, [2]=0x6d, [3]=0x75, [4]=0xff, [5]=0xff, [6]=0xff, [7]=0xff, [8]=0x0, [9]=0x0, [10]=0x85, [11]=0x4, [12]=0x0, [13]=0x0, [14]=0x85, [15]=0x4, [16]=0xc4, [17]=0x62, [18]=0x48, [19]=0x77, [20]=0x72, [21]=0xe0, [22]=0x6d, [23]=0x75, [24]=0x9c, [25]=0x1, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0xe8, [41]=0xf1, [42]=0x12, [43]=0x0, [44]=0x0, [45]=0xf8, [46]=0x32, [47]=0x0, [48]=0x7c, [49]=0xf2, [50]=0x12, [51]=0x0, [52]=0xe4, [53]=0x52, [54]=0x48, [55]=0x77, [56]=0xeb, [57]=0x79, [58]=0x6d, [59]=0x75, [60]=0xff, [61]=0xff, [62]=0xff, [63]=0xff, [64]=0xfc, [65]=0xf1, [66]=0x12, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0xe8, [73]=0xf1, [74]=0x12, [75]=0x0, [76]=0x0, [77]=0x10, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x40, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd8000, Edx=0x0, Ecx=0x0, Eax=0x13d1c9a, Ebp=0x0, Eip=0x77487098, SegCs=0x1b, EFlags=0x200, Esp=0x26f9f8, SegSs=0x23, ExtendedRegisters=([0]=0xa0, [1]=0x1, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0xb0, [6]=0xf2, [7]=0x4, [8]=0x0, [9]=0x4, [10]=0x0, [11]=0x0, [12]=0x44, [13]=0x1, [14]=0x85, [15]=0x4, [16]=0xc, [17]=0x0, [18]=0x85, [19]=0x4, [20]=0xf0, [21]=0xf8, [22]=0xb7, [23]=0x4, [24]=0xa4, [25]=0x1, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x88, [33]=0xf2, [34]=0x12, [35]=0x0, [36]=0x5f, [37]=0xa0, [38]=0x48, [39]=0x0, [40]=0xfc, [41]=0xf3, [42]=0x12, [43]=0x0, [44]=0x0, [45]=0xb0, [46]=0x3a, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0xb8, [51]=0x4, [52]=0x94, [53]=0xf2, [54]=0x12, [55]=0x0, [56]=0x89, [57]=0xa0, [58]=0x48, [59]=0x0, [60]=0x88, [61]=0xf2, [62]=0x12, [63]=0x0, [64]=0x6, [65]=0x0, [66]=0x27, [67]=0x3, [68]=0x7e, [69]=0xc4, [70]=0x77, [71]=0x0, [72]=0x8c, [73]=0xbf, [74]=0x77, [75]=0x0, [76]=0x0, [77]=0xb0, [78]=0x3a, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0xb8, [83]=0x4, [84]=0x38, [85]=0x1, [86]=0xb8, [87]=0x4, [88]=0x40, [89]=0x0, [90]=0xb8, [91]=0x4, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x10, [97]=0xf4, [98]=0x12, [99]=0x0, [100]=0x2e, [101]=0x87, [102]=0x49, [103]=0x0, [104]=0xfc, [105]=0xf3, [106]=0x12, [107]=0x0, [108]=0xa0, [109]=0xf2, [110]=0x12, [111]=0x0, [112]=0x44, [113]=0x87, [114]=0x49, [115]=0x0, [116]=0x10, [117]=0xf4, [118]=0x12, [119]=0x0, [120]=0xac, [121]=0xf2, [122]=0x12, [123]=0x0, [124]=0x55, [125]=0x87, [126]=0x49, [127]=0x0, [128]=0x10, [129]=0xf4, [130]=0x12, [131]=0x0, [132]=0x1c, [133]=0xf4, [134]=0x12, [135]=0x0, [136]=0x9d, [137]=0x87, [138]=0x49, [139]=0x0, [140]=0x10, [141]=0xf4, [142]=0x12, [143]=0x0, [144]=0x6, [145]=0x0, [146]=0x27, [147]=0x3, [148]=0x7e, [149]=0xc4, [150]=0x77, [151]=0x0, [152]=0x8c, [153]=0xbf, [154]=0x77, [155]=0x0, [156]=0x44, [157]=0x26, [158]=0x7f, [159]=0x3, [160]=0x8, [161]=0x26, [162]=0x7f, [163]=0x3, [164]=0x98, [165]=0x25, [166]=0x7f, [167]=0x3, [168]=0xd0, [169]=0x24, [170]=0x7f, [171]=0x3, [172]=0x54, [173]=0x25, [174]=0x7f, [175]=0x3, [176]=0x60, [177]=0x24, [178]=0x7f, [179]=0x3, [180]=0x98, [181]=0x23, [182]=0x7f, [183]=0x3, [184]=0x1c, [185]=0x24, [186]=0x7f, [187]=0x3, [188]=0x80, [189]=0x23, [190]=0x7f, [191]=0x3, [192]=0x24, [193]=0x23, [194]=0x7f, [195]=0x3, [196]=0x60, [197]=0x23, [198]=0x7f, [199]=0x3, [200]=0x8, [201]=0x23, [202]=0x7f, [203]=0x3, [204]=0x9c, [205]=0x20, [206]=0x7f, [207]=0x3, [208]=0xe8, [209]=0x22, [210]=0x7f, [211]=0x3, [212]=0x1, [213]=0x31, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x78, [469]=0x5, [470]=0x0, [471]=0x0, [472]=0x78, [473]=0x26, [474]=0x7f, [475]=0x3, [476]=0xc, [477]=0x0, [478]=0x85, [479]=0x4, [480]=0xb4, [481]=0x25, [482]=0x7f, [483]=0x3, [484]=0x7c, [485]=0x24, [486]=0x7f, [487]=0x3, [488]=0x28, [489]=0xf4, [490]=0x12, [491]=0x0, [492]=0xef, [493]=0x84, [494]=0x77, [495]=0x0, [496]=0x20, [497]=0xf4, [498]=0x12, [499]=0x0, [500]=0x64, [501]=0xff, [502]=0x12, [503]=0x0, [504]=0x48, [505]=0x46, [506]=0x40, [507]=0x0, [508]=0x28, [509]=0xf4, [510]=0x12, [511]=0x0))) returned 0x0 [0022.822] _strcmpi (_Str1="ntdll.dll", _Str2="twain_32.dll") returned -1 [0022.823] NtUnmapViewOfSection (ProcessHandle=0x1a4, BaseAddress=0x13d0000) returned 0x0 [0022.823] VirtualAllocEx (hProcess=0x1a4, lpAddress=0x400000, dwSize=0x3ab000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0022.961] NtSetContextThread (ThreadHandle=0x1a0, Context=0x12f15c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x330000, Dr2=0x2f6dac, Dr3=0x774852e4, Dr6=0x756d79eb, Dr7=0xffffffff, FloatSave.ControlWord=0x12f1a0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x12f18c, FloatSave.ErrorOffset=0x1000, FloatSave.ErrorSelector=0x4, FloatSave.DataOffset=0x330000, FloatSave.DataSelector=0x12f1ac, FloatSave.RegisterArea=([0]=0x17, [1]=0x7a, [2]=0x6d, [3]=0x75, [4]=0xff, [5]=0xff, [6]=0xff, [7]=0xff, [8]=0x0, [9]=0x0, [10]=0x85, [11]=0x4, [12]=0x0, [13]=0x0, [14]=0x85, [15]=0x4, [16]=0xc4, [17]=0x62, [18]=0x48, [19]=0x77, [20]=0x72, [21]=0xe0, [22]=0x6d, [23]=0x75, [24]=0x9c, [25]=0x1, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0xe8, [41]=0xf1, [42]=0x12, [43]=0x0, [44]=0x0, [45]=0xf8, [46]=0x32, [47]=0x0, [48]=0x7c, [49]=0xf2, [50]=0x12, [51]=0x0, [52]=0xe4, [53]=0x52, [54]=0x48, [55]=0x77, [56]=0xeb, [57]=0x79, [58]=0x6d, [59]=0x75, [60]=0xff, [61]=0xff, [62]=0xff, [63]=0xff, [64]=0xfc, [65]=0xf1, [66]=0x12, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0xe8, [73]=0xf1, [74]=0x12, [75]=0x0, [76]=0x0, [77]=0x10, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x40, SegGs=0x0, SegFs=0x3b, SegEs=0x23, SegDs=0x23, Edi=0x0, Esi=0x0, Ebx=0x7ffd8000, Edx=0x0, Ecx=0x0, Eax=0x4d0014, Ebp=0x0, Eip=0x77487098, SegCs=0x1b, EFlags=0x200, Esp=0x26f9f8, SegSs=0x23, ExtendedRegisters=([0]=0xa0, [1]=0x1, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x40, [7]=0x0, [8]=0x0, [9]=0xb0, [10]=0x3a, [11]=0x0, [12]=0x0, [13]=0x60, [14]=0xa, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x3d, [19]=0x1, [20]=0xf0, [21]=0xf8, [22]=0xb7, [23]=0x4, [24]=0xa4, [25]=0x1, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x88, [33]=0xf2, [34]=0x12, [35]=0x0, [36]=0x5f, [37]=0xa0, [38]=0x48, [39]=0x0, [40]=0xfc, [41]=0xf3, [42]=0x12, [43]=0x0, [44]=0x0, [45]=0xb0, [46]=0x3a, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0xb8, [51]=0x4, [52]=0x94, [53]=0xf2, [54]=0x12, [55]=0x0, [56]=0x89, [57]=0xa0, [58]=0x48, [59]=0x0, [60]=0x88, [61]=0xf2, [62]=0x12, [63]=0x0, [64]=0x6, [65]=0x0, [66]=0x27, [67]=0x3, [68]=0x7e, [69]=0xc4, [70]=0x77, [71]=0x0, [72]=0x8c, [73]=0xbf, [74]=0x77, [75]=0x0, [76]=0x0, [77]=0xb0, [78]=0x3a, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0xb8, [83]=0x4, [84]=0x38, [85]=0x1, [86]=0xb8, [87]=0x4, [88]=0x40, [89]=0x0, [90]=0xb8, [91]=0x4, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x10, [97]=0xf4, [98]=0x12, [99]=0x0, [100]=0x2e, [101]=0x87, [102]=0x49, [103]=0x0, [104]=0xfc, [105]=0xf3, [106]=0x12, [107]=0x0, [108]=0xa0, [109]=0xf2, [110]=0x12, [111]=0x0, [112]=0x44, [113]=0x87, [114]=0x49, [115]=0x0, [116]=0x10, [117]=0xf4, [118]=0x12, [119]=0x0, [120]=0xac, [121]=0xf2, [122]=0x12, [123]=0x0, [124]=0x55, [125]=0x87, [126]=0x49, [127]=0x0, [128]=0x10, [129]=0xf4, [130]=0x12, [131]=0x0, [132]=0x1c, [133]=0xf4, [134]=0x12, [135]=0x0, [136]=0x9d, [137]=0x87, [138]=0x49, [139]=0x0, [140]=0x10, [141]=0xf4, [142]=0x12, [143]=0x0, [144]=0x6, [145]=0x0, [146]=0x27, [147]=0x3, [148]=0x7e, [149]=0xc4, [150]=0x77, [151]=0x0, [152]=0x8c, [153]=0xbf, [154]=0x77, [155]=0x0, [156]=0x44, [157]=0x26, [158]=0x7f, [159]=0x3, [160]=0x8, [161]=0x26, [162]=0x7f, [163]=0x3, [164]=0x98, [165]=0x25, [166]=0x7f, [167]=0x3, [168]=0xd0, [169]=0x24, [170]=0x7f, [171]=0x3, [172]=0x54, [173]=0x25, [174]=0x7f, [175]=0x3, [176]=0x60, [177]=0x24, [178]=0x7f, [179]=0x3, [180]=0x98, [181]=0x23, [182]=0x7f, [183]=0x3, [184]=0x1c, [185]=0x24, [186]=0x7f, [187]=0x3, [188]=0x80, [189]=0x23, [190]=0x7f, [191]=0x3, [192]=0x24, [193]=0x23, [194]=0x7f, [195]=0x3, [196]=0x60, [197]=0x23, [198]=0x7f, [199]=0x3, [200]=0x8, [201]=0x23, [202]=0x7f, [203]=0x3, [204]=0x9c, [205]=0x20, [206]=0x7f, [207]=0x3, [208]=0xe8, [209]=0x22, [210]=0x7f, [211]=0x3, [212]=0x1, [213]=0x31, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x78, [469]=0x5, [470]=0x0, [471]=0x0, [472]=0x78, [473]=0x26, [474]=0x7f, [475]=0x3, [476]=0xc, [477]=0x0, [478]=0x85, [479]=0x4, [480]=0xb4, [481]=0x25, [482]=0x7f, [483]=0x3, [484]=0x7c, [485]=0x24, [486]=0x7f, [487]=0x3, [488]=0x28, [489]=0xf4, [490]=0x12, [491]=0x0, [492]=0xef, [493]=0x84, [494]=0x77, [495]=0x0, [496]=0x20, [497]=0xf4, [498]=0x12, [499]=0x0, [500]=0x64, [501]=0xff, [502]=0x12, [503]=0x0, [504]=0x48, [505]=0x46, [506]=0x40, [507]=0x0, [508]=0x28, [509]=0xf4, [510]=0x12, [511]=0x0))) returned 0x0 [0022.993] NtUserCallHwndParamLock (Param1=0x4012c, Param2=0x0, Routine=0x64) returned 0x1 [0022.993] RtlSafeRemoveEntryList () returned 0x2f5590 [0022.993] RtlpGetStackTraceAddressEx () returned 0x0 [0022.994] RtlpFreeDebugInfo () returned 0x0 [0022.994] @ValidateHwnd@4 () returned 0x0 [0022.994] GetCursorPos (in: lpPoint=0x12f230 | out: lpPoint=0x12f230*(x=897, y=336)) returned 1 [0022.994] HFill () returned 0x2e29f8 [0022.994] FindWinHelpWindow () returned 0x0 [0022.995] @ValidateHwnd@4 () returned 0x8cb1a0 [0022.995] SendMessageWorker () returned 0x20165 [0022.995] __SEH_prolog4 () returned 0x12f0b8 [0022.995] IsInsideUserApiHook () returned 0x1 [0022.995] _BeginIfHookedUserApiHook () returned 0x1 [0022.995] IsMsgOverride () returned 0x1 [0022.996] __SEH_prolog4 () returned 0x12ea7c [0022.996] IsInsideUserApiHook () returned 0x1 [0022.996] _BeginIfHookedUserApiHook () returned 0x1 [0022.996] IsMsgOverride () returned 0x0 [0022.996] RealDefWindowProcA () returned 0x0 [0022.996] __SEH_epilog4 () returned 0x0 [0022.996] __SEH_prolog4 () returned 0x12ea7c [0022.996] IsInsideUserApiHook () returned 0x1 [0022.996] _BeginIfHookedUserApiHook () returned 0x1 [0022.996] IsMsgOverride () returned 0x0 [0022.996] RealDefWindowProcA () returned 0x0 [0022.997] __SEH_epilog4 () returned 0x0 [0022.997] __SEH_prolog4 () returned 0x12ea7c [0022.997] IsInsideUserApiHook () returned 0x1 [0022.997] _BeginIfHookedUserApiHook () returned 0x1 [0022.997] IsMsgOverride () returned 0x0 [0022.997] RealDefWindowProcA () returned 0x0 [0022.997] __SEH_epilog4 () returned 0x0 [0022.997] NtUserDestroyWindow () returned 0x1 [0022.997] __SEH_prolog4 () returned 0x12f070 [0022.998] IsInsideUserApiHook () returned 0x1 [0022.998] _BeginIfHookedUserApiHook () returned 0x1 [0022.998] IsMsgOverride () returned 0x1 [0022.998] __SEH_prolog4 () returned 0x12f070 [0022.998] IsInsideUserApiHook () returned 0x1 [0022.998] _BeginIfHookedUserApiHook () returned 0x1 [0022.998] IsMsgOverride () returned 0x4 [0022.999] __SEH_prolog4 () returned 0x12f068 [0022.999] IsInsideUserApiHook () returned 0x1 [0022.999] _BeginIfHookedUserApiHook () returned 0x1 [0022.999] IsMsgOverride () returned 0x4 [0023.000] NtUserDestroyCursor () returned 0x1 [0023.000] DeleteObject (ho=0x1c0a01e9) returned 1 [0023.000] DeleteObject (ho=0x1a0a01e3) returned 1 [0023.000] DeleteObject (ho=0x230a01b1) returned 1 [0023.000] NtUserDestroyCursor () returned 0x1 [0023.000] NtUserDestroyCursor () returned 0x1 [0023.001] NtUserDestroyCursor () returned 0x1 [0023.001] NtUserDestroyCursor () returned 0x1 [0023.001] NtUserDestroyCursor () returned 0x1 [0023.001] NtUserDestroyCursor () returned 0x1 [0023.001] NtUserDestroyCursor () returned 0x1 [0023.001] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0023.001] RtlSafeRemoveEntryList () returned 0x2f5270 [0023.002] RtlpGetStackTraceAddressEx () returned 0x0 [0023.002] RtlpFreeDebugInfo () returned 0x2f5560 [0023.002] InternalDeleteAtom () returned 0x0 [0023.002] InternalDeleteAtom () returned 0x0 [0023.002] InternalDeleteAtom () returned 0x0 [0023.002] RtlSafeRemoveEntryList () returned 0x2f5248 [0023.003] RtlpGetStackTraceAddressEx () returned 0x0 [0023.003] RtlpFreeDebugInfo () returned 0x2f5290 [0023.003] RtlSafeRemoveEntryList () returned 0x2f51d0 [0023.003] RtlpGetStackTraceAddressEx () returned 0x0 [0023.004] RtlpFreeDebugInfo () returned 0x2f5268 [0023.004] RtlSafeRemoveEntryList () returned 0x2f51d0 [0023.005] RtlpGetStackTraceAddressEx () returned 0x0 [0023.005] RtlpFreeDebugInfo () returned 0x2f51f0 [0023.005] RtlSafeRemoveEntryList () returned 0x2f51d0 [0023.005] RtlpGetStackTraceAddressEx () returned 0x0 [0023.006] RtlpFreeDebugInfo () returned 0x2f5218 [0023.006] RtlSafeRemoveEntryList () returned 0x2f5158 [0023.006] RtlpGetStackTraceAddressEx () returned 0x0 [0023.006] RtlpFreeDebugInfo () returned 0x2f5240 [0023.007] RtlSafeRemoveEntryList () returned 0x2f5158 [0023.007] RtlpGetStackTraceAddressEx () returned 0x0 [0023.007] RtlpFreeDebugInfo () returned 0x2f5178 [0023.008] RtlSafeRemoveEntryList () returned 0x2f5158 [0023.008] RtlpGetStackTraceAddressEx () returned 0x0 [0023.008] RtlpFreeDebugInfo () returned 0x2f51a0 [0023.008] DeleteObject (ho=0x110801e2) returned 1 [0023.009] RtlSafeRemoveEntryList () returned 0x2f5108 [0023.009] RtlpGetStackTraceAddressEx () returned 0x0 [0023.009] RtlpFreeDebugInfo () returned 0xe30001 [0023.010] RtlSafeRemoveEntryList () returned 0x2f5108 [0023.010] RtlpGetStackTraceAddressEx () returned 0x0 [0023.010] RtlpFreeDebugInfo () returned 0x2f0001 [0023.012] GetCurrentThreadId () returned 0x5d4 [0023.012] GetCurrentThreadId () returned 0x5d4 [0023.012] GetCurrentThreadId () returned 0x5d4 [0023.012] GetCurrentThreadId () returned 0x5d4 [0023.013] RtlSafeRemoveEntryList () returned 0x2f50b8 [0023.013] RtlpGetStackTraceAddressEx () returned 0x0 [0023.013] RtlpFreeDebugInfo () returned 0x340001 [0023.014] RtlSafeRemoveEntryList () returned 0x2f50b8 [0023.014] RtlpGetStackTraceAddressEx () returned 0x0 [0023.014] RtlpFreeDebugInfo () returned 0x250001 [0023.015] RtlSafeRemoveEntryList () returned 0x2f5090 [0023.015] RtlpGetStackTraceAddressEx () returned 0x0 [0023.015] RtlpFreeDebugInfo () returned 0x2a0001 [0023.015] GetCurrentThreadId () returned 0x5d4 [0023.016] RtlSafeRemoveEntryList () returned 0x2f5068 [0023.016] RtlpGetStackTraceAddressEx () returned 0x0 [0023.016] RtlpFreeDebugInfo () returned 0x200001 [0023.017] RtlSafeRemoveEntryList () returned 0x2f30b8 [0023.017] RtlpGetStackTraceAddressEx () returned 0x0 [0023.017] RtlpFreeDebugInfo () returned 0x1b0001 [0023.043] RtlSafeRemoveEntryList () returned 0x2f5040 [0023.043] RtlpGetStackTraceAddressEx () returned 0x0 [0023.043] RtlpFreeDebugInfo () returned 0xffff0001 [0023.043] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0x4f4 [0018.140] WaitForSingleObject (hHandle=0x70, dwMilliseconds=0xffffffff) returned 0x0 [0022.244] Sleep (dwMilliseconds=0x0) [0022.244] WaitForSingleObject (hHandle=0x70, dwMilliseconds=0xffffffff) returned 0x0 [0022.249] Sleep (dwMilliseconds=0x0) [0022.249] WaitForSingleObject (hHandle=0x70, dwMilliseconds=0xffffffff) Thread: id = 3 os_tid = 0x510 [0018.141] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0022.244] Sleep (dwMilliseconds=0x0) [0022.244] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0022.248] Sleep (dwMilliseconds=0x0) [0022.248] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) returned 0x0 [0022.401] Sleep (dwMilliseconds=0x0) [0022.402] WaitForSingleObject (hHandle=0x74, dwMilliseconds=0xffffffff) Thread: id = 4 os_tid = 0x494 [0018.142] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0018.185] Sleep (dwMilliseconds=0x0) [0018.186] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0022.241] Sleep (dwMilliseconds=0x0) [0022.241] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0022.396] Sleep (dwMilliseconds=0x0) [0022.396] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) Thread: id = 5 os_tid = 0x5ec [0018.143] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0022.239] Sleep (dwMilliseconds=0x0) [0022.239] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0022.245] Sleep (dwMilliseconds=0x0) [0022.245] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0022.315] Sleep (dwMilliseconds=0x0) [0022.316] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) Thread: id = 6 os_tid = 0x60c [0018.144] WaitForSingleObject (hHandle=0x80, dwMilliseconds=0xffffffff) returned 0x0 [0018.198] Sleep (dwMilliseconds=0x0) [0018.199] WaitForSingleObject (hHandle=0x80, dwMilliseconds=0xffffffff) returned 0x0 [0018.290] Sleep (dwMilliseconds=0x0) [0018.290] WaitForSingleObject (hHandle=0x80, dwMilliseconds=0xffffffff) Thread: id = 7 os_tid = 0x3bc [0018.145] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0xffffffff) returned 0x0 [0018.169] Sleep (dwMilliseconds=0x0) [0018.169] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0xffffffff) returned 0x0 [0018.298] Sleep (dwMilliseconds=0x0) [0018.298] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0xffffffff) returned 0x0 [0022.275] Sleep (dwMilliseconds=0x0) [0022.275] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0xffffffff) returned 0x0 [0022.403] Sleep (dwMilliseconds=0x0) [0022.403] WaitForSingleObject (hHandle=0x84, dwMilliseconds=0xffffffff) Thread: id = 8 os_tid = 0x3c4 [0018.146] WaitForSingleObject (hHandle=0x88, dwMilliseconds=0xffffffff) returned 0x0 [0022.242] Sleep (dwMilliseconds=0x0) [0022.243] WaitForSingleObject (hHandle=0x88, dwMilliseconds=0xffffffff) returned 0x0 [0022.249] Sleep (dwMilliseconds=0x0) [0022.249] WaitForSingleObject (hHandle=0x88, dwMilliseconds=0xffffffff) returned 0x0 [0022.249] Sleep (dwMilliseconds=0x0) [0022.250] WaitForSingleObject (hHandle=0x88, dwMilliseconds=0xffffffff) Thread: id = 9 os_tid = 0x16c [0018.147] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0018.179] Sleep (dwMilliseconds=0x0) [0018.180] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0022.248] Sleep (dwMilliseconds=0x0) [0022.248] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0022.401] Sleep (dwMilliseconds=0x0) [0022.401] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) Thread: id = 10 os_tid = 0x718 [0018.148] WaitForSingleObject (hHandle=0x90, dwMilliseconds=0xffffffff) returned 0x0 [0022.242] Sleep (dwMilliseconds=0x0) [0022.242] WaitForSingleObject (hHandle=0x90, dwMilliseconds=0xffffffff) Thread: id = 11 os_tid = 0x704 [0018.149] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0xffffffff) returned 0x0 [0018.205] Sleep (dwMilliseconds=0x0) [0018.205] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0xffffffff) returned 0x0 [0018.210] Sleep (dwMilliseconds=0x0) [0018.210] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0xffffffff) returned 0x0 [0018.211] Sleep (dwMilliseconds=0x0) [0018.211] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0xffffffff) returned 0x0 [0018.280] Sleep (dwMilliseconds=0x0) [0018.280] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0xffffffff) returned 0x0 [0022.232] Sleep (dwMilliseconds=0x0) [0022.232] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0xffffffff) returned 0x0 [0022.399] Sleep (dwMilliseconds=0x0) [0022.399] WaitForSingleObject (hHandle=0x94, dwMilliseconds=0xffffffff) Thread: id = 12 os_tid = 0x4c4 [0018.149] WaitForSingleObject (hHandle=0x98, dwMilliseconds=0xffffffff) returned 0x0 [0018.369] Sleep (dwMilliseconds=0x0) [0018.369] WaitForSingleObject (hHandle=0x98, dwMilliseconds=0xffffffff) returned 0x0 [0022.246] Sleep (dwMilliseconds=0x0) [0022.246] WaitForSingleObject (hHandle=0x98, dwMilliseconds=0xffffffff) Thread: id = 13 os_tid = 0x394 [0018.150] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0018.319] Sleep (dwMilliseconds=0x0) [0018.320] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0022.229] Sleep (dwMilliseconds=0x0) [0022.230] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0022.247] Sleep (dwMilliseconds=0x0) [0022.248] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0022.404] Sleep (dwMilliseconds=0x0) [0022.404] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) Thread: id = 14 os_tid = 0x118 [0018.151] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0018.155] Sleep (dwMilliseconds=0x0) [0018.155] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0018.291] Sleep (dwMilliseconds=0x0) [0018.292] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0022.238] Sleep (dwMilliseconds=0x0) [0022.238] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0022.242] Sleep (dwMilliseconds=0x0) [0022.242] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) returned 0x0 [0022.245] Sleep (dwMilliseconds=0x0) [0022.246] WaitForSingleObject (hHandle=0xa0, dwMilliseconds=0xffffffff) Thread: id = 15 os_tid = 0x180 [0018.152] WaitForSingleObject (hHandle=0xa4, dwMilliseconds=0xffffffff) returned 0x0 [0022.239] Sleep (dwMilliseconds=0x0) [0022.239] WaitForSingleObject (hHandle=0xa4, dwMilliseconds=0xffffffff) returned 0x0 [0022.243] Sleep (dwMilliseconds=0x0) [0022.243] WaitForSingleObject (hHandle=0xa4, dwMilliseconds=0xffffffff) returned 0x0 [0022.243] Sleep (dwMilliseconds=0x0) [0022.244] WaitForSingleObject (hHandle=0xa4, dwMilliseconds=0xffffffff) returned 0x0 [0022.247] Sleep (dwMilliseconds=0x0) [0022.247] WaitForSingleObject (hHandle=0xa4, dwMilliseconds=0xffffffff) Thread: id = 16 os_tid = 0x4cc [0018.153] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0022.276] Sleep (dwMilliseconds=0x0) [0022.276] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) Thread: id = 17 os_tid = 0x7a8 [0018.155] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0018.208] Sleep (dwMilliseconds=0x0) [0018.208] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0022.317] Sleep (dwMilliseconds=0x0) [0022.317] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0022.320] Sleep (dwMilliseconds=0x0) [0022.321] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) Thread: id = 18 os_tid = 0x5a0 [0018.166] Sleep (dwMilliseconds=0x7d1) Thread: id = 19 os_tid = 0x5e4 [0018.167] Sleep (dwMilliseconds=0x7d1) Thread: id = 20 os_tid = 0x698 [0018.167] Sleep (dwMilliseconds=0x7d1) Thread: id = 21 os_tid = 0x634 [0018.167] Sleep (dwMilliseconds=0x7d1) Thread: id = 22 os_tid = 0x614 [0018.168] Sleep (dwMilliseconds=0x7d1) Thread: id = 23 os_tid = 0x658 [0018.168] Sleep (dwMilliseconds=0x7d1) Thread: id = 24 os_tid = 0x65c [0018.169] Sleep (dwMilliseconds=0x7d1) Thread: id = 25 os_tid = 0x498 [0018.169] Sleep (dwMilliseconds=0x7d1) Thread: id = 26 os_tid = 0x5c4 [0022.321] Sleep (dwMilliseconds=0xfa0) Process: id = "2" image_name = "iexplore.exe" filename = "c:\\program files\\internet explorer\\iexplore.exe" page_root = "0x7f17e1e0" os_pid = "0x578" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x514" cmd_line = "\"C:\\program files\\internet explorer\\IEXPLORE.EXE\"" cur_dir = "C:\\Users\\DSsDPMx042\\Desktop\\" Region: id = 336 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 337 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 338 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 339 start_va = 0x400000 end_va = 0x7aafff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 340 start_va = 0x77440000 end_va = 0x7757bfff entry_point = 0x77440000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" Region: id = 341 start_va = 0x77680000 end_va = 0x77680fff entry_point = 0x77680000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" Region: id = 342 start_va = 0x7ffb0000 end_va = 0x7ffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 343 start_va = 0x7ffd8000 end_va = 0x7ffd8fff entry_point = 0x0 region_type = private name = "private_0x000000007ffd8000" filename = "" Region: id = 344 start_va = 0x7ffdf000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007ffdf000" filename = "" Region: id = 345 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 346 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" Region: id = 347 start_va = 0x2f0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 348 start_va = 0x7b0000 end_va = 0x877fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 349 start_va = 0x980000 end_va = 0x98ffff entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 350 start_va = 0x6fb40000 end_va = 0x6fbc3fff entry_point = 0x6fb419a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" Region: id = 351 start_va = 0x756d0000 end_va = 0x75719fff entry_point = 0x756d7de0 region_type = mapped_file name = "KernelBase.dll" filename = "\\Windows\\System32\\KernelBase.dll" Region: id = 352 start_va = 0x75a00000 end_va = 0x75aa0fff entry_point = 0x75a32433 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" Region: id = 353 start_va = 0x75ad0000 end_va = 0x75ae8fff entry_point = 0x75ad4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" Region: id = 354 start_va = 0x76b10000 end_va = 0x76b5dfff entry_point = 0x76b19c09 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" Region: id = 355 start_va = 0x76b60000 end_va = 0x76c0bfff entry_point = 0x76b6a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" Region: id = 356 start_va = 0x76d80000 end_va = 0x76d89fff entry_point = 0x76d8136c region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" Region: id = 357 start_va = 0x76d90000 end_va = 0x76e63fff entry_point = 0x76ddbde4 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" Region: id = 358 start_va = 0x772b0000 end_va = 0x7734cfff entry_point = 0x772e3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" Region: id = 359 start_va = 0x77350000 end_va = 0x773effff entry_point = 0x773649e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" Region: id = 360 start_va = 0x775a0000 end_va = 0x77668fff entry_point = 0x775bd711 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" Region: id = 361 start_va = 0x7f6f0000 end_va = 0x7f7effff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007f6f0000" filename = "" Region: id = 362 start_va = 0x76f70000 end_va = 0x7703bfff entry_point = 0x76f7168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" Region: id = 363 start_va = 0x77580000 end_va = 0x7759efff entry_point = 0x77581355 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" Region: id = 364 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 365 start_va = 0xb0000 end_va = 0xb0fff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 366 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 367 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 368 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 369 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 370 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 371 start_va = 0x150000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 372 start_va = 0x880000 end_va = 0x978fff entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 373 start_va = 0x990000 end_va = 0xa90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 374 start_va = 0xaa0000 end_va = 0x169ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000aa0000" filename = "" Region: id = 375 start_va = 0x110000 end_va = 0x110fff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 376 start_va = 0x70d50000 end_va = 0x70d81fff entry_point = 0x70d537f1 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" Thread: id = 27 os_tid = 0x500 [0023.891] VirtualAlloc (lpAddress=0x0, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x40) returned 0xc0000 [0023.892] VirtualAlloc (lpAddress=0x0, dwSize=0xfc, flAllocationType=0x1000, flProtect=0x40) returned 0xd0000 [0023.892] VirtualAlloc (lpAddress=0x0, dwSize=0x2f4, flAllocationType=0x1000, flProtect=0x40) returned 0xe0000 [0023.892] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0xf0000 [0023.892] VirtualAlloc (lpAddress=0x0, dwSize=0xf8691, flAllocationType=0x1000, flProtect=0x40) returned 0x880000 [0023.928] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x100000 [0023.931] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x775a0000 [0023.931] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x77350000 [0023.932] LoadLibraryA (lpLibFileName="NTDLL.dll") returned 0x77440000 [0023.933] GetLocalTime (in: lpSystemTime=0x6e4b6e | out: lpSystemTime=0x6e4b6e*(wYear=0x7e0, wMonth=0xa, wDayOfWeek=0x4, wDay=0xd, wHour=0x10, wMinute=0x2b, wSecond=0x6, wMilliseconds=0x313)) [0023.937] CreateFileA (lpFileName="\\\\.\\SICE" (normalized: "sice"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0023.943] CreateFileA (lpFileName="\\\\.\\SIWVID" (normalized: "siwvid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0023.949] CreateFileA (lpFileName="\\\\.\\NTICE" (normalized: "ntice"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0023.952] SetEnvironmentVariableA (lpName="WLProjectName", lpValue="ÉÏÐË2008_0218DHorse") returned 1 [0023.952] SetEnvironmentVariableA (lpName="WLProtectionDateTime", lpValue="2008-8-17 19:39:16") returned 1 [0023.952] GetCommandLineA () returned="\"C:\\program files\\internet explorer\\IEXPLORE.EXE\"" [0023.954] GetVersionExA (in: lpVersionInformation=0x6f748b*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x6f748b*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0023.955] GetProcAddress (hModule=0x76d90000, lpProcName="GetNativeSystemInfo") returned 0x76dcbe77 [0023.955] GetNativeSystemInfo (in: lpSystemInfo=0x6f7466 | out: lpSystemInfo=0x6f7466*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0x1, dwNumberOfProcessors=0x2, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x3e04)) [0023.955] GetVersion () returned 0x1db10106 [0023.956] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName="XprotEvent") returned 0x40 [0023.956] WaitForSingleObject (hHandle=0x40, dwMilliseconds=0xffffffff) returned 0x0 [0023.956] LoadLibraryA (lpLibFileName="ADVAPI32.DLL") returned 0x77350000 [0023.956] GetProcAddress (hModule=0x77350000, lpProcName="OpenSCManagerA") returned 0x77362bd8 [0023.956] GetProcAddress (hModule=0x77350000, lpProcName="ControlService") returned 0x77377144 [0023.957] GetProcAddress (hModule=0x77350000, lpProcName="DeleteService") returned 0x7737715c [0023.957] GetProcAddress (hModule=0x77350000, lpProcName="OpenServiceA") returned 0x77362bf0 [0023.957] GetProcAddress (hModule=0x77350000, lpProcName="CloseServiceHandle") returned 0x7736369c [0023.957] GetProcAddress (hModule=0x77350000, lpProcName="CreateServiceA") returned 0x77393158 [0023.957] GetProcAddress (hModule=0x77350000, lpProcName="StartServiceA") returned 0x77393543 [0023.957] GetEnvironmentVariableA (in: lpName="SYSTEMROOT", lpBuffer=0x6f659c, nSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0023.960] GetVersionExA (in: lpVersionInformation=0x6fd9a2*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x6fd9a2*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0023.961] GetSystemDirectoryA (in: lpBuffer=0x6311c1, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0023.965] CloseHandle (hObject=0x0) returned 0 [0023.965] CloseHandle (hObject=0x0) returned 0 [0023.965] CloseHandle (hObject=0x0) returned 0 [0023.966] RegCreateKeyA (in: hKey=0x80000002, lpSubKey="Software\\WinLicense", phkResult=0x6e65b0 | out: phkResult=0x6e65b0*=0x44) returned 0x0 [0023.966] RegSetValueExA (in: hKey=0x44, lpValueName="CheckIN", Reserved=0x0, dwType=0x4, lpData=0x6e65b4*=0x1, cbData=0x4 | out: lpData=0x6e65b4*=0x1) returned 0x0 [0023.966] RegCloseKey (hKey=0x44) returned 0x0 [0023.968] OutputDebugStringA (lpOutputString="\r\n\n\n%s------------------------------------------------\n\r--- WinLicense Professional ---\n\r--- (c)2007 Oreans Technologies ---\n\r------------------------------------------------\r\n\n\n") [0023.969] VirtualAlloc (lpAddress=0x0, dwSize=0x2ec, flAllocationType=0x1000, flProtect=0x4) returned 0x110000 [0023.970] GetCurrentProcessId () returned 0x578 [0023.970] LoadLibraryA (lpLibFileName="NTDLL") returned 0x77440000 [0023.971] GetProcAddress (hModule=0x77440000, lpProcName="NtOpenThread") returned 0x77485e08 [0023.971] LoadLibraryA (lpLibFileName="winmm.dll") returned 0x70d50000 [0023.974] GetProcAddress (hModule=0x70d50000, lpProcName="timeGetTime") returned 0x70d526e0 [0023.974] timeGetTime () returned 0xe520 [0023.975] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70b160, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.975] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70bc28, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.975] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70cc99, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.975] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70d900, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.975] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70e35a, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.975] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70ed71, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.975] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x70f85c, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.975] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x710262, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x50 [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x54 [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x58 [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5c [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x60 [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x64 [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x68 [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x6c [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x70 [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x74 [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x78 [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x7c [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x80 [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x84 [0023.976] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x88 [0023.977] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8c [0023.977] timeGetTime () returned 0xe520 [0023.977] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x711db0, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.977] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.977] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x712e81, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.977] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.977] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x713f37, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.977] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.977] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x714f83, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.977] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.977] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x715f5d, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.977] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.977] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x716f80, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.977] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.978] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x718031, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.978] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.978] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x718fca, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.978] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.978] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x719f0d, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.978] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.978] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x71af76, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.978] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.978] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x71bf1c, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.978] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.978] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x71cf0a, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.978] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.978] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x71def5, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.979] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.979] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x71efe8, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.979] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.979] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x71ff21, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.979] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.979] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x631af2, lpParameter=0x720f47, dwCreationFlags=0x0, lpThreadId=0x631351 | out: lpThreadId=0x631351*=0x0) returned 0x0 [0023.979] SetThreadPriority (hThread=0x0, nPriority=2) returned 0 [0023.979] SetEvent (hEvent=0x80) returned 1 [0023.979] Sleep (dwMilliseconds=0x0) [0023.979] Sleep (dwMilliseconds=0x0) [0023.987] Sleep (dwMilliseconds=0x0) [0023.987] Sleep (dwMilliseconds=0x0) [0023.987] Sleep (dwMilliseconds=0x0) [0023.991] Sleep (dwMilliseconds=0x0) [0023.991] Sleep (dwMilliseconds=0x0) [0023.992] Sleep (dwMilliseconds=0x0) [0023.992] Sleep (dwMilliseconds=0x0) [0023.994] Sleep (dwMilliseconds=0x0) [0023.994] Sleep (dwMilliseconds=0x0) [0023.995] Sleep (dwMilliseconds=0x0) [0023.995] Sleep (dwMilliseconds=0x0) [0024.018] Sleep (dwMilliseconds=0x0) [0024.033] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.034] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.035] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.036] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.037] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.038] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.039] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.040] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.041] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.042] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.043] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.044] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.045] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.046] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.047] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.048] Sleep (dwMilliseconds=0x0) [0024.049] Sleep (dwMilliseconds=0x0) [0024.049] Sleep (dwMilliseconds=0x0) [0024.049] Sleep (dwMilliseconds=0x0) [0024.049] Sleep (dwMilliseconds=0x0) [0024.049] Sleep (dwMilliseconds=0x0) [0024.049] Sleep (dwMilliseconds=0x0) [0024.049] Sleep (dwMilliseconds=0x0) [0024.049] Sleep (dwMilliseconds=0x0) [0024.049] Sleep (dwMilliseconds=0x0) [0024.049] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.050] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.051] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.052] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.053] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.054] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.055] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.056] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.057] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.058] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.059] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.060] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.061] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.062] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.063] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.064] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.065] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.066] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.067] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.068] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.069] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.070] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.071] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.072] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.073] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.074] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.075] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.076] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.077] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.078] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.079] Sleep (dwMilliseconds=0x0) [0024.080] Sleep (dwMilliseconds=0x0) [0024.080] Sleep (dwMilliseconds=0x0) [0024.080] Sleep (dwMilliseconds=0x0) [0024.080] Sleep (dwMilliseconds=0x0) [0024.080] Sleep (dwMilliseconds=0x0) [0024.080] Sleep (dwMilliseconds=0x0) [0024.080] Sleep (dwMilliseconds=0x0) [0024.080] Sleep (dwMilliseconds=0x0) [0024.080] Sleep (dwMilliseconds=0x0) [0024.080] Sleep (dwMilliseconds=0x0) [0024.080] Sleep (dwMilliseconds=0x0) [0024.080] Sleep (dwMilliseconds=0x0) [0024.081] Sleep (dwMilliseconds=0x0) [0024.081] Sleep (dwMilliseconds=0x0) [0024.081] Sleep (dwMilliseconds=0x0) [0024.081] Sleep (dwMilliseconds=0x0) [0024.081] Sleep (dwMilliseconds=0x0) [0024.081] Sleep (dwMilliseconds=0x0) [0024.081] Sleep (dwMilliseconds=0x0) [0024.081] Sleep (dwMilliseconds=0x0) [0024.081] Sleep (dwMilliseconds=0x0) [0024.081] Sleep (dwMilliseconds=0x0) [0024.081] Sleep (dwMilliseconds=0x0) [0024.081] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.082] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.083] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.084] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.085] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.086] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.087] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.088] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.089] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.090] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0) [0024.091] Sleep (dwMilliseconds=0x0)